Cryptography-Digest Digest #768, Volume #12 Mon, 25 Sep 00 10:13:00 EDT
Contents:
Re: New Strong Password-Authentication Software (Philip MacKenzie)
Re: Music Industry wants hacking information for cheap (Sagie)
(Long) Re: Tying Up Loose Ends - Correction (Guy Macon)
Re: What am I missing? (Lon Willett)
Re: Big CRC polynomials? ("Scott Fluhrer")
----------------------------------------------------------------------------
From: Philip MacKenzie <[EMAIL PROTECTED]>
Subject: Re: New Strong Password-Authentication Software
Date: Mon, 25 Sep 2000 08:18:18 -0400
Benjamin Goldberg wrote:
>
> Thomas Wu wrote:
> [snip]
> > PAK is more like EKE and SPEKE in that both client and server know the
> > same password, while SRP is verifier-based, so the server's secret
> > isn't enough to impersonate a client.
>
> Saying that the SRP server doesn't know enough to impersonate a client
> implies that a PAK server does... I don't know much about either
> protocol, but does this mean that a person with access to the data files
> of a PAK server can impersonate the client to another PAK server, or
> does it mean that he has the password in the clear?
>
> That last possibility sounds very bad.
>
The version of PAK used in the software release is resilient to server
compromise, just like SRP (except that for PAK there is
a formal proof of this). It is not the PAK-X protocol from
the posted paper, but a slightly revised protocol that
I call PAK-RY. I will post the revised protocol, along
with the full proof of security, within a couple days at:
http://www.bell-labs.com/user/philmac/pak.html
-Phil
------------------------------
From: Sagie <[EMAIL PROTECTED]>
Subject: Re: Music Industry wants hacking information for cheap
Date: Mon, 25 Sep 2000 12:34:48 GMT
> >Alice is a bank robber; she knows that Bob, the police officer, has
placed
> >a surveillance camera in the bank and it's attached to a recording
device
> >that detects watermarks and refuses to record marked data. So she
walks
> >into the bank wearing a T-shirt with a watermark printed on it, or
perhaps
> >puts a video screen playing a watermark pattern in view of the
> >camera. The recording device refuses to record it, and so her crime
> >doesn't show up on the tape.
>
> Yes, but realistically no watermark detector would ever pick up
> a mark after the extremely severe distortion of playing the
> content on a video screen back into a camera. Especially
> since security cams are not likely to be high quality nor
> recording onto DVD recorders.
>
> And if you're planning on introducing a video screen into the
bank
> lobby, going to the trouble to place it just so and keep from
> tilting relative to the camera, well, chewing gum over the lens
> is actually cheaper and less conspicuous.
Dude, I think I know what your problem is... You have absolutely no
sense of humor... :-P
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: (Long) Re: Tying Up Loose Ends - Correction
Date: 25 Sep 2000 13:40:27 GMT
David A. Scott <SCOTT19U.ZIP_GUY> wrote:
> Then your to stupid to read. Cause that ain't what it
>means. It means jerk look at the damn webpage. I can't
>spoon feed and burp you for ever. Grow up MOK.
You swine. You vulgar little maggot. You worthless bag of filth. As we
say in Texas, you couldn't pour water out of a boot with instructions
printed on the heel. You are a canker, an open wound. I would rather
kiss a lawyer than be seen with you. You took your last vacation in
the Isles of Langerhan.
You're a putrescent mass, a walking vomit. You are a spineless little
worm deserving nothing but the profoundest contempt. You are a jerk,
a cad, a weasel. Your life is a monument to stupidity. You are a
stench, a revulsion, a big suck on a sour lemon.
You are a bleating foal, a curdled staggering mutant dwarf smeared
richly with the effluvia and offal accompanying your alleged birth
into a hostile world. You are an insensate, blinking calf,
meaningful to nobody, abandoned by the puke-drooling, giggling
beasts who sired you and then died of shame in recognition of what
they had done. They were a bit late.
I will never get over the embarrassment of belonging to the same
species as you. You are a monster, an ogre, a malformity. I barf
at the very thought of you. You have all the appeal of a paper cut.
Lepers avoid you. You are vile, worthless, less than nothing. You
are a weed, a fungus, the dregs of this earth. And did I mention
that you smell?
Try to edit your responses of unnecessary material before attempting
to impress us with your insight. The evidence that you are a
nincompoop will still be available to readers, but they will be
able to access it ever so much more rapidly.
You snail-skulled little rabbit. Would that a hawk pick you up,
drive its beak into your brain, and upon finding it rancid set
you loose to fly briefly before spattering the ocean rocks with the
frothy pink shame of your ignoble blood. May you choke on the
queasy, convulsing nausea of your own trite, foolish beliefs.
You are weary, stale, flat and unprofitable. You are grimy, squalid,
nasty and profane. You are foul and disgusting. You're a fool, an
ignoramus. Monkeys look down on you. Even sheep won't have sex with
you. You are unreservedly pathetic, starved for attention, and lost
in a land that reality forgot. You are not ANSII compliant. You
have a couple of address lines shorted together. You should be
promoted to Engineering Manager.
And what meaning do you expect your delusionally self-important
statements of unknowing, inexperienced opinion to have with us?
What fantasy do you hold that you would believe that your
tiny-fisted tantrums would have more weight than that of a leprous
desert rat, spinning rabidly in a circle, waiting for the bite of
the snake?
You are a waste of flesh. You have no rhythm. You are ridiculous and
obnoxious. You are the moral equivalent of a leech. You are a living
emptiness, a meaningless void. You are sour and senile. You are a
loathsome disease, a puerile slack-jawed drooling meatslapper. You
make Quakers shout and strike Pentecostals silent. Your mother
had to tie a pork chop around your neck just to get your dog to
play with you.
On a good day you're a half-wit. You remind me of drool. You are
deficient in all that lends character. You have the personality
of wallpaper. You are dank and filthy. You are asinine and benighted.
You are the source of all unpleasantness. You spread misery and
sorrow wherever you go.
You smarmy lagerlout git. You bloody woofter sod. Bugger off,
pillock. You grotty wanking oik artless base-court apple-john.
You clouted boggish foot-licking half-twit. You dankish clack-dish
plonker. You gormless crook-pated tosser. You bloody churlish
boil-brained clotpole ponce. You craven dewberry pisshead cockup
pratting naff. You cockered bum-bailey poofter. You gob-kissing
gleeking flap-mouthed coxcomb. You dread-bolted fobbing beef-witted
clapper-clawed flirt-gill.
You are so clueless that if we stripped you naked, soaked you in
clue musk, and dropped you into a field full of horny clues, You
still would not have a clue.
You are a fiend and a coward, and you have bad breath. You are
degenerate, noxious and depraved. I feel debased just for knowing
you exist. I despise everything about you, and I wish you would go
away.
I cannot believe how incredibly stupid you are. I mean rock-hard
stupid. Dehydrated-rock-hard stupid. Stupid so stupid that it
goes way beyond the stupid we know into a whole different dimension
of stupid. You are trans-stupid stupid. Meta-stupid. Stupid
collapsed on itself so far that even the neutrons have collapsed.
Stupid gotten so dense that no intellect can escape. Singularity
stupid. Blazing hot mid-day sun on Mercury stupid. You emit more
stupid in one second than our entire galaxy emits in a year.
Quasar stupid. Your writing has to be a troll. Nothing in our
universe can really be this stupid. Perhaps this is some primordial
fragment from the original big bang of stupid. Some pure essence
of a stupid so uncontaminated by anything else as to be beyond the
laws of physics that we know. I'm sorry. I can't go on. This is an
epiphany of stupid for me. After this, you may not hear from me
again for a while. I don't have enough strength left to deride
your ignorant questions and half baked comments about unimportant
trivia, or any of the rest of this drivel. Duh.
( Fine print: This is version 5.31 of Guy Macon's insult file.
Feel free to use this any way that you please. If you have an
insult to add, or for the latest version of this file, go to
[ http://users.deltanet.com/~guymacon/insult/ ]. )
The only thing worse than your logic is your manners. I have
snipped away most of your of what you wrote, because, well...
it didn't really say anything. Your attempt at constructing a
creative flame was pitiful. I mean, really, stringing together
a bunch of insults among a load of babbling was hardly effective...
Maybe later in life, after you have learned to read, write, spell,
and count, you will have more success. True, these are rudimentary
skills that many of us "normal" people take for granted that
everyone has an easy time of mastering. But we sometimes forget
that there are "challenged" persons in this world who find these
things more difficult. If I had known, that this was your case then
I would have never read your post. It just wouldn't have been
"right". Sort of like parking in a handicap space. I wish you the
best of luck in the emotional, and social struggles that seem to be
placing such a demand on you.
STANDARDIZED BONEHEAD REPLY FORM
(check all boxes that apply)
Dear:
[ ] Clueless Newbie [ ] Lamer [ ] Flamer
[ ] Loser [ ] Spammer [ ] Troller
[ ] "Me too" er [ ] Pervert [ ] Geek
[ ] Freak [ ] Nerd [ ] Elvis
[ ] Racist [ ] Fed [ ] Freak
[ ] Fundamentalist [ ] Satanist [ ] Homeopath
[ ] Unbearably self-righteous person [ ] Shoko Asahara
I took exception to your recent:
[ ] Email
[ ] Post to ________ newsgroup
[ ] Broadcast
[ ] Letter
[ ] Book
[ ] Lecture
[ ] Phone call
[ ] Advertisement
[ ] Schematic
[ ] Telepathic message
[ ] Existence
It was (check all that apply):
[ ] Lame [ ] Stupid [ ] Abusive
[ ] Clueless [ ] Idiotic [ ] Brain-damaged
[ ] Imbecilic [ ] Arrogant [ ] Malevolent
[ ] Contemptible [ ] Libelous [ ] Ignorant
[ ] Stupid [ ] Fundamentalist [ ] Microsoftian
[ ] Boring [ ] Dim [ ] Cowardly
[ ] Deceitful [ ] Demented [ ] Self-righteous
[ ] Crazy [ ] Weird [ ] Hypocritical
[ ] Loathsome [ ] Satanic [ ] Despicable
[ ] Belligerent [ ] Mind-numbing [ ] Maladroit
[ ] Much longer than any worthwhile thought you may be capable of.
Your attention is drawn to the fact that:
[ ] You posted what should have been emailed.
[ ] You obviously don't know how to read your newsgroups line.
[ ] You are trying to make money on a non-commercial newsgroup.
[ ] You self-righteously impose your religious beliefs on others.
[ ] You self-righteously impose your racial beliefs on others.
[ ] You posted a binary in a non-binaries group.
[ ] You don't know which group to post in.
[ ] You posted something totally uninteresting.
[ ] You crossposted to *way* too many newsgroups.
[ ] I don't like your tone of voice.
[ ] What you posted has been done before.
[ ] Not only that, it was also done better the last time.
[ ] You quoted an *entire* post in your reply.
[ ] You started a long, stupid thread.
[ ] You continued spreading a long stupid thread.
[ ] Your post is absurdly off topic for where you posted it.
[ ] You posted a followup to crossposted robot-generated spam.
[ ] You posted a "test" in a discussion group rather than in misc.test
[ ] You posted a "YOU ALL SUCK" message.
[ ] You posted low-IQ flamebait.
[ ] You posted a blatantly obvious troll.
[ ] You followed up to a blatantly obvious troll.
[ ] You said "me too" to something.
[ ] You make no sense.
[ ] Your sig/alias is dreadful.
[ ] You must live in a skinner box to be this clueless.
[ ] You posted a phone-sex ad.
[ ] You posted a stupid pyramid money making scheme.
[ ] You claimed a pyramid-scheme/chain letter for money was legal.
[ ] Your margin settings (or lack of) make your post unreadable. Each line
just goes on and on, not stopping at 75 characters, making it hard to read.
[ ] You posted in ELitE CaPitALs to look k0OL.
[ ] You posted a message in ALL CAPS, and you don't even own a TRS-80.
[ ] Your post was FULL of RANDOM CAPS for NO APPARENT REASON.
[ ] You have greatly misunderstood the purpose of this newsgroup.
[ ] You have greatly misunderstood the purpose of the Internet.
[ ] You are a loser.
[ ] This has been pointed out to you before.
[ ] You didn't do anything specific, but appear to be so generally
worthless that you are being flamed on general principles.
I recommend that you:
[ ] Get a clue.
[ ] Get a life.
[ ] Go away.
[ ] Grow up.
[ ] Never post again.
[ ] Read every newsgroup you crossposted to for a week.
[ ] stop reading Usenet news and get a life.
[ ] stop sending Email and get a life.
[ ] Bust up your modem with a hammer and eat it.
[ ] Have your medication adjusted.
[ ] Jump into a bathtub while holding your monitor.
[ ] find a volcano and throw yourself in.
[ ] get a gun and shoot yourself.
[ ] Actually post something relevant.
[ ] Read the FAQ.
[ ] stick to AOL chat rooms and come back when you've grown up.
[ ] Apologize to everybody in this newsgroup.
[ ] consume excrement.
[ ] consume excrement and thus expire.
[ ] Post your tests to misc.test.
[ ] Put your home phone number in your ads from now on.
[ ] Don't post until you have a vague idea what you're doing.
In Closing, I'd Like to Say:
[ ] You need to seek psychiatric help
[ ] Take your gibberish somewhere else
[ ] *plonk*
[ ] Learn how to post or get off the Internet.
[ ] Most of the above
[ ] All of the above
[ ] Some of the above, not including All of the above
[X] You are so clueless that I didn't bother filling in this form.
P.S.:
You are hypocritical, greedy, violent, malevolent, vengeful,
cowardly, deadly, mendacious, meretricious, loathsome, despicable,
belligerent, opportunistic, barratrous, contemptible, criminal,
fascistic, bigoted, racist, sexist, avaricious, tasteless, idiotic,
brain-damaged, imbecilic, insane, arrogant, deceitful, demented,
lame, self-righteous, byzantine, conspiratorial, satanic,
fraudulent, libelous, bilious, splenetic, spastic, ignorant,
clueless, illegitimate, harmful, destructive, dumb evasive,
double-talking, devious, revisionist, narrow, manipulative,
paternalistic, fundamentalist, dogmatic, idolatrous, unethical,
cultic, diseased, suppressive, controlling, restrictive, malignant,
deceptive, dim, crazy, weird, dystopic, stifling, uncaring,
plantigrade, grim, unsympathetic, jargon-spouting, censorious,
secretive, aggressive, mind-numbing, arassive, poisonous, flagrant,
self-destructive, abusive, socially-retarded, puerile, and
Generally Not Good.
I hope this helps...
------------------------------
From: Lon Willett <[EMAIL PROTECTED]>
Subject: Re: What am I missing?
Date: Mon, 25 Sep 2000 13:50:56 GMT
In article <8qlo25$o6n$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Scott Craver) wrote:
> Sagie <[EMAIL PROTECTED]> wrote:
[snip]
> >First of all, you don't know (well not for sure) what techniques
> >are being used by any of these watermark technologies. Secondly, I
> >think you are being short-sighted. Psycho-acoustic models are
> >constantly being improved.
>
> That doesn't matter. There are some operations that SHOULD
> NOT be undone by a compressor, even if they COULD.
Not actually true, in theory. In the game of producing "perfect"
compressors, _any_ technique which does not harm the actual audio
content, as heard by a human being, is fair game, and could
theoretically be done (including shifting the tone by an inaudible
degree).
However, in practice, I'll grant you the point. The watermarkers have
a large advantage here; they need only find a few machine
distinguishable bits to play with, while the compressors would
probably need AI to know what is and isn't fair game (as far as the
human ear is concerned).
[snip]
> >But only future will tell how the watermarking
> >techniques will survive future compression methods.
>
> Really, this is the wrong tree. It's not compression they
> have to worry about, but hackers. I'm extremely, very, super-
> duper confident that any serious audio watermarking scheme
> will survive any compression algorithm developed during the
> scheme's expected lifetime of deployment. I say this as a
> (relative) expert.
This is really getting to the heart of the matter.
[snip]
> Often true, but _good_ watermarking schemes are also designed
> to avoid discovery by hackers.
[snip]
I'll strongly disagree (with the "good" part).
In theory, it can be made very difficult indeed to detect a watermark
by looking at the raw data alone ("cipertext only", but its not really
"cipertext" we're talking about; is there some correct jargon that I
should use here?). Assuming that the crypto isn't flawed, and that
the watermarking has a sequence of bits that it can play with whose
distribution is "effectively" random with a known distribution, and
that those bits aren't destroyed by a compression algorithm, then you
can indeed watermark effectively. Of course, if the "set of bits"
(yes, I know that it is really more complicated than just a "set of
bits") that is used is ever discovered, then you have a problem.
But reverse-engineering of the scheme need only be done _once_ by
_one_person_, and the whole thing is dead. And it will be done. So
why bother trying to make the watermarking scheme resistant to
detection? In the end, one must rely on the law to prevent bypassing
it anyway, so it is pointless to try to defeat the "hackers" by
technical means, i.e. by trying to hide the watermark from them (even
if it does make for a fun research problem).
And I think that if one wants to rely on the law, it is probably better
to do it directly than through bogus ways (like the DMCA) that screw
up the whole software industry. It is _already_ illegal to make and
distribute copies. Trying to artificially control the technology
("this program is illegal to possess") will probably do far more harm
than good in the long wrong. There are plenty of examples of this
already; unfortunately the music/movie industries tend to be
conservative, short-sighted, often stupid, and politically powerful.
Regardless of the politics, I suspect watermarking of widely published
material has a very limited future. It is an attempt to suppress the
new technologies, rather than adapt to them, and the technical means
just don't exist to pull it off for long.
/Lon Willett <[EMAIL PROTECTED]>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: Big CRC polynomials?
Date: Mon, 25 Sep 2000 06:44:47 -0700
Kasper Pedersen <[EMAIL PROTECTED]> wrote in message
news:O6Bz5.2212$[EMAIL PROTECTED]...
>
> "bubba" <[EMAIL PROTECTED]> wrote in message
> news:1Joz5.2051$[EMAIL PROTECTED]...
> > Think of feeding a random bit string to an algorithm that validates a
> > message with a
> > CRC and to an algotithm that validates with a checksum.
> >
> > Bad messages slip through with an equal probability.
> >
> > The CRC bacame popular in serial data commumications where burst errors
> > are much more likely than random errors. This real-world situation is
> where
> > the CRC has an enormous advantage.
>
> more than that. CRCs have the propery that they will always catch n errors
> within a window of length m. This is an advantage on channels with low
error
> probability (may be noisy, nut nowhere near the mathematical definition of
> 'random'). Chosen correctly, it can catch, say, 2 errors with probability
1.
> A bytewise xor-sum will catch these with probability 0.875.
Errr, no. As I demonstrated on another thread (I'll restate the proof if
you're interested), no CRC-like algorithm that has a finite output, and
works on arbitrarily long inputs can catch all 2 bit errors.
--
poncho
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
