Cryptography-Digest Digest #855, Volume #12 Fri, 6 Oct 00 06:13:01 EDT
Contents:
Re: Choice of public exponent in RSA signatures (David Hopwood)
Re: It's Rijndael (Runu Knips)
Re: Deadline for AES... (David Hopwood)
Re: It's Rijndael (Runu Knips)
Re: Need help: considerations for IV and Keysetup ([EMAIL PROTECTED])
Re: TEA ("Sam Simpson")
Re: The best way to pronounce AES (Scott Craver)
Re: Need help: considerations for IV and Keysetup (Paul Rubin)
Re: Signature size (David Hopwood)
Re: The best way to pronounce AES (Volker Hetzer)
are doubly encrypted files more secure than singly encrypted ones? (jtnews)
Re: Any products using Rijndael? (Marc)
Re: It's Rijndael (Volker Hetzer)
Re: Democrats, Republicans, AES... (Volker Hetzer)
Re: The best way to pronounce AES (Scott Craver)
Re: It's Rijndael ("Joseph Ashwood")
Re: Maximal security for a resources-limited microcontroller ("Joseph Ashwood")
Re: No Comment from Bruce Schneier? (Johnny Bravo)
Re: are doubly encrypted files more secure than singly encrypted ones? (Tom St Denis)
Re: No Comment from Bruce Schneier? (David Blackman)
----------------------------------------------------------------------------
Date: Fri, 06 Oct 2000 06:45:20 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Choice of public exponent in RSA signatures
=====BEGIN PGP SIGNED MESSAGE=====
Francois Grieu wrote:
> I was saying:
> >> One problem with PSS is the need for a random number generator
> >> in the signer, and room for a subliminal channel.
>
> and objected:
> > All practical communication systems have subliminal channels,
> > whether or not the signature algorithm used does; I don't see
> > that this is a significant concern.
>
> Well, ISO 9796-2 includes a specific verification step to insure
> that there is only one signature acceptable per message.
>
> I can imagine situations where a subliminal channel is a problem.
> Imagine that payment using digital signature has come to replace
> a man-drawn signature. Now, with a subliminal channel, a
> high-isolation prisonner could conceivably leak information to
> the outside while paying bills.
Why is a high-isolation prisoner paying bills?
> Also, a signer could conceivably choose a value of random, like
> "I_was_forced_into_signing_this", to attempt repudiating the
> signature later.
But that's useful, if the signer was in fact forced into signing
it. In any case where someone attempts to repudiate a signature,
the dispute can't be resolved purely by algorithmic means; the
apparent signer may very well have a justifiable reason for
repudiating it.
> And it becomes even more difficult to certify a signing device,
> such as a Smart Card, in a black box model.
A signing device cannot ever be usefully certified in a black box
model, period.
> Maybe the PIN
> (that activates the signing feature) leaks into the signature ?
> Or is it some other sensitive info, like the secret key, or the
> message the Smart Card previously signed ?
That would only happen if a back door had been intentionally put
into the smartcard; in that case there are any number of ways for
it to leak key information through side channels, with or without a
subliminal channel in the signature algorithm itself.
> Finaly, there is the social-acceptability issue. A lot of humans,
> including those deciding and enforcing laws and procedures,
> do not understand a thing about cryptography. The less complex
> it is to grasp the concept of digital signature, the better.
> With a traditional signature scheme, I tell a digital signature
> is "a number computed from secret key and message", and the
> verification process "checks the signature is the right number,
> using only the message and public information". More people will
> grasp this, and gain some insight on what digital signature can
> do for them, than if I must introduce anything extra in the
> picture, like "one of the right number".
I very much doubt that whether a signature algorithm is deterministic
or nondeterministic will be of any concern to most users.
> My view is I'd rather use one or two extra hash rather than need
> a RNG and leave room for a subliminal channel, if it gets me the
> same level of "provable" security.
PSS has better security bounds than Full Domain Hashing, for example,
so to get the same security you would need to compensate by increasing
the modulus size and slowing down the algorithm.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOd1muDkCAxeYt5gVAQEImQgAvgUueOgBWgbbg5dzCXBYXVdzUSl0MeRa
0YQ1d6cnhOGUvi7mqIIticbyHW2m2yTeCEPpgBBnhORDTxSi4AxUwS7MH50q/Gg+
q7nJtCUUXBWA0HklIezaDrey1ZE589A7eEFp7fCTqEvU+o1/r7n5PnNalJ8s8rBw
OEtrCvrxw/2yGIXNSur9vffox5bGrpDoEu9hZycXWcED3vM1wqfDTpGNhnu4b/bY
tJWceuNyzroTxIwbrNN3vd9jU2FRr2V7rroVu+gCcjn3ADD5AGd5ZFv4ltpURanM
aKulMIjgEmhVGu7KqlFVYnq6yGuhllB0pe0vBe/Sb+iEiINtDjlPAw==
=5yZI
=====END PGP SIGNATURE=====
------------------------------
Date: Fri, 06 Oct 2000 10:14:39 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: It's Rijndael
Mok-Kong Shen wrote:
> Runu Knips wrote:
> > Tripple-Something is always very inefficient, and only
> > an option if key size is too short, which isn't the
> > case for Rijndael.
>
> Dumb question: Would tripling with hardware also lead
> to essential inefficiency? There could be a pipelining
> effect, isn't it?
Depends upon the chaining mode.
If you use EBC, you can of course process thousands
of blocks in parallel, and use therefore ultralong
pipelines (just as long as you wish) and many
pipelines in parallel to get any speed you want.
But normally, i.e. for CBC and the other modes,
you need the value of the previous block to process
the current, so normally 3DES _IS_ 3 times slower
than 1DES in hardware (just like in software).
------------------------------
Date: Fri, 06 Oct 2000 05:14:09 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Deadline for AES...
=====BEGIN PGP SIGNED MESSAGE=====
Mok-Kong Shen wrote:
> David Crick wrote:
> > Mok-Kong Shen wrote:
> > >
> > > > Would you please point out what is incomplete in the
> > > > documentation of *any* of the finalists?
> > >
> > > The most conspicuous one and about which I have the
> > > most concern is that there are lots of numbers (numerical
> > > constants) whose derivation is not clear to the reader,
> > > i.e. these cannot be reproduced by them in some way. This
> > > provides an essential ground to nurish doubts about the
> > > absence of backdoors. Certainly it hinders a proper
> > > understanding and hence probably also analysis.
> >
> > Section 7 of the Rijndael submission document explains the
> > reasons for the design choices. Is there anything in there
> > that you are not happy with?
>
> I want specifically to be able to re-calculate every
> number that is in a cipher.
As far as I can see this is satisfied for Rijndael. What specific
number do you think can't be recalculated?
> If certain groups of numbers
> are said to have been chosen to lead to a certain property,
> I like to be able to run a program to verify that that
> property is indeed (optimally) achieved.
Section 7 and the sources it references ([LiNi86] and [Ny94])
provide enough information to do that.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOd1RZDkCAxeYt5gVAQFKzwf/U92A6DQcInUQfdMYPyzw3+4sh3sIiWqe
f9e2bh3CWrfQv8A6YSAt6j7Ml222PYz1zdoCv7UYqwodzjqSJ0Y0kAQtuQles5S7
eDRDlfdtRe9ed9y5u8jGDI+vhzCiCD30jLY760JilGTAZ+eA5K2lLOeqGr9lyhN/
eo116qXsqm9ig9bpgDJjjDXe87awGrQatY+5Jd8kMa8HoahHovUKSokql20D4hAr
+pQF93EmnqVzjeqw1O7SJ0X44wPOgxCDpmCik2yBIrmbx1d9O/pF9/uI/sIHtlwm
ZOeGwhMEjor5rX1UscGG+oB0eePuyoq7kem5EnRxSZGOMn1OGkhJ8w==
=WZz2
=====END PGP SIGNATURE=====
------------------------------
Date: Fri, 06 Oct 2000 10:21:56 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: It's Rijndael
"Paulo S. L. M. Barreto" wrote:
> lcs Mixmaster Remailer wrote:
> > For those whose primary interest in AES is high security, the
> > emphasis might have been placed elsewhere.
>
> For those whose primary interest in AES is high security, using
> Twofish is more inadequate than you might think. Given this cipher's
> complexity, there has been absolutely insufficient public analysis.
The Twofish team claims that there has not been as much publication
because there was nothing to publish.
I think they're right. Twofish is an improved version of Blowfish.
And there have not been much comments upon Blowfish either. It is
just a good cipher (well if you have a PC and don't have to worry
about the block size of only 64 bit).
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Need help: considerations for IV and Keysetup
Date: Fri, 06 Oct 2000 08:18:35 GMT
Eric, of course it wouldn't be a good thing for a company to have its
sysadmin leave without first telling the password of the encrypted
tapes. Why would the sysadmin possibly do that? Because he got pissed
off at something. Ok, but given he wants to harm his employer, aren't
there other ways, like instead of leaving tapes encrypted just erasing
them?! My point is, the scenario you depicted is valid, but it touches
on a more general problem (how much power should a sysadmin have?), and
less on the problem of tape encryption itself.
To use my tape encryption addon, the user needs to have full access
privileges in winNT, because my program is based on a filter kernel-
driver which cannot be started in a user environment with less
privileges. So if you cannot trust your people, just don't give them
the required privilege level (all you have to do is to disallow the
user to start system services that run in ring0).
I agree that you have a serious problem if you backup kiddy porn, a
problem that cannot be solved even with the strongest encryption
available. But I believe that this problem is better dealt in another
forum, like alt.psychology.
The slowing down issue of backing up tapes with encryption is
interesting. Actually, I run a speed test and couldn't see any
significant loss in performance. This has probably to do with the
cache of my tape drive (hp dds3).
I offer Rijndael (c), Twofish (c) and Serpent (assembler) as ciphers,
using Dr. Gladman's implentations. They all work fine for my purpose.
Greets
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Re: TEA
Date: Fri, 6 Oct 2000 09:15:06 +0100
Runu Knips <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
<SNIP>
> In fact I just noted GHOST because the OP is a russian.
It's GOST!
--
Sam Simpson
http://www.scramdisk.clara.net/ for ScramDisk hard-drive encryption &
Delphi Crypto Components. PGP Keys available at the same site.
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Subject: Re: The best way to pronounce AES
Date: 6 Oct 2000 08:20:43 GMT
Runu Knips <[EMAIL PROTECTED]> wrote:
>
>Americans which have problems to spell 'Rijndael' and
>'AES' should just use 'Twofish'. First its an american
>product ;-) and second there's surely no spelling
>problem ;-))))
Wait a minute..."twofish?"
Oooh, I see. I always thought it was spelled, "twoghoti."
-S
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Need help: considerations for IV and Keysetup
Date: 06 Oct 2000 01:39:52 -0700
[EMAIL PROTECTED] writes:
> Eric, of course it wouldn't be a good thing for a company to have its
> sysadmin leave without first telling the password of the encrypted
> tapes.
The right way for encrypted backups to work is the tape should be
encrypted with a public key stored on the system. That way no
password is needed to simply write a backup. The private key should
be kept in a vault where it can be recovered by management. In some
situations the sysadmin should also have access to the private key.
> I agree that you have a serious problem if you backup kiddy porn, a
> problem that cannot be solved even with the strongest encryption
> available. But I believe that this problem is better dealt in another
> forum, like alt.psychology.
This is a cheap jibe; any responsible admin should have multiple backup
tapes in off-site locations. Encrypting them lowers the hassle of having
to secure the multiple copies.
See http://taobackup.com for enlightened wisdom about backup practices.
> The slowing down issue of backing up tapes with encryption is
> interesting. Actually, I run a speed test and couldn't see any
> significant loss in performance. This has probably to do with the
> cache of my tape drive (hp dds3).
With careful coding and current processors, the encryption code should
be able to keep up with the tape drive. However, encryption
necessarily defeats any data compression that the tape drive might do.
So if you need data compression, it has to be done by software on
the host cpu, and *that* might be slower than the tape drive.
> I offer Rijndael (c), Twofish (c) and Serpent (assembler) as ciphers,
> using Dr. Gladman's implentations. They all work fine for my purpose.
I have a hacked up version of GNU Tar that encrypts with Blowfish and
a passphrase is a fairly simple way. I'll send out copies on request
(hmmm, I guess I can put it on the web now). I'd like to get around
to putting public-key encryption into it sometime, but it hasn't been
urgent for me.
------------------------------
Date: Fri, 06 Oct 2000 07:21:12 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Signature size
=====BEGIN PGP SIGNED MESSAGE=====
Joseph Ashwood wrote:
> > ... in which all but 32 bits are chosen by the attacker.
> Exactly, but since the instruction is known to be 32-bits,
> the instruction itself is fixed.
I don't see what you're getting at here. Either the message is <= 32 bits
and there is no need to use a CRC, or it is greater than 32 bits, and
the attack I posted applies. In either case, using a CRC in the way you
described is a bad idea.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOd1vSDkCAxeYt5gVAQFShQf/UTxGEcct2W+j17NxAzlT/E1j+4Ltf0gl
UXLUR5E4UnOtTHL9pezoYTjcFpTWlPQvomh357NXDKKbGVVPrR/iMYOPhIIqmy2t
LGv3/DsyN9PKgkwyYP7n3OMNJmcwyRpg9aaznnb2egparzjEYDcgpY/PIxhI6E3a
H0aRYu9dXjYVwoidXou3VfEWoxEIFhL1RuR0oMHchRZ0uMHwJ4AzoXs4hwXK4uPN
1W/P4IrCGPpfGsLMFtDlqlWuD3io0qi98vFBBM9TJ9AncKE2QqJwS+N661YBeTAg
2UtwkgEaJ3+Q9OVL/K8Kmz6K8yZYKdUl7JTuBR45C7pb/VQ5i+7AtQ==
=z+3j
=====END PGP SIGNATURE=====
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: The best way to pronounce AES
Date: Fri, 06 Oct 2000 10:52:07 +0200
David Crick wrote:
>
> Runu Knips wrote:
> >
> > Scott Craver wrote:
> > > I know I have no authority to decide these things, but I
> > > strongly feel that "AES" should be pronounced, "uh-YES."
> >
> > Americans which have problems to spell 'Rijndael' and
> > 'AES' should just use 'Twofish'. First its an american
> > product ;-) and second there's surely no spelling
> > problem ;-))))
>
> So what exactly is a "Twof", and how does one act like one? ;)
Yes, and how, if at all should one react if it starts twoffing?
Greetings!
Volker
--
The early bird gets the worm. If you want something else for
breakfast, get up later.
------------------------------
From: jtnews <[EMAIL PROTECTED]>
Subject: are doubly encrypted files more secure than singly encrypted ones?
Date: Fri, 06 Oct 2000 08:55:05 GMT
If I use gnupg on a file and then encrypt the encrypted file again
is it anymore secure? Will it take longer for someone to crack it?
What if I do it more times?
------------------------------
From: [EMAIL PROTECTED] (Marc)
Subject: Re: Any products using Rijndael?
Date: 6 Oct 2000 08:58:07 GMT
>Good ciphers I would trust under all conditions are:
>
>Twofish
>Blowfish
>Serpent
>
>AES/Rijndael and IDEA are also ciphers with not too low
>security.
Why do you trust Twofish/Blowfish more than IDEA? Hasn't IDEA
received more analysis already? Do you have logical reasons
towards your prefered ciphers or is it just a feeling?
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: It's Rijndael
Date: Fri, 06 Oct 2000 11:10:17 +0200
David Crick wrote:
>
> Volker Hetzer wrote:
> >
> > The AES's guys argument was that you can't simply attach or
> > trim rounds without affecting key schedule and perhaps other
> > properties too. So, each proposed number of rounds has to
> > be analysed.
> > Unless round flexibility is *designed* into the algorithm
>
> which it was with Rijndael
Yes, but at the time of the creation of the AES competition it was not
clear that Rijndael would win.
And, right now, the most analyzed round numbers are those determined
by the required key lengths. I seriously doubt that in the few months
until the final standard is published, it can be proven that adding
rounds without adding key bits affects security in a nonnegative way.
Besides, get pragmatic. What work factor do YOU want to put between
your data and your enemy? For me, it's about 2^100. So, there's my
lower limit. And I choose a keylength of 256 bit.
Now, imagine that an attack would have been found that reduces Rijndaels
effective key length by 156 bit. Any attack that does that is likely to
be rather immune to the few rounds you'd add today as precaution against
an uncertain future.
That is why I think that flexible rounds are just not worth the hassle.
Rijndael IMHO has found the best compromise by making the number of
rounds dependent on the key length.
Greetings!
Volker
--
The early bird gets the worm. If you want something else for
breakfast, get up later.
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: Democrats, Republicans, AES...
Date: Fri, 06 Oct 2000 11:13:20 +0200
Albert Yang wrote:
>
> For some reason, "warm fuzzy feelings" and Nazi soldiers don't seem to be
> something I can utter in the same sentence without feeling a bit strange...
> No?
You *do* have a particularly black humor...
But I agree. :->
Gruesse!
Volker
--
The early bird gets the worm. If you want something else for
breakfast, get up later.
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Subject: Re: The best way to pronounce AES
Date: 6 Oct 2000 09:25:45 GMT
Volker Hetzer <[EMAIL PROTECTED]> wrote:
>David Crick wrote:
>>
>> So what exactly is a "Twof", and how does one act like one? ;)
>Yes, and how, if at all should one react if it starts twoffing?
It looks like a Usenet acronym.
We should all start using TWOF in all caps in Usenet posts.
"TWOF, a little club soda will get that right out." When
people ask "TWOF?" reply, "I'm not gonna tell you."
That would be funny. Of course, RIJNDAEL, so YMMV.
-S
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: It's Rijndael
Date: Thu, 5 Oct 2000 10:50:47 -0700
> Yes, it does exist, because 128-bit keys define a permutation over the AES
codebook. The big problem is finding the key.
> I hope nobody is foolish enough to start a contest for it. Unlike the
contests under way to break 64-bit keys, the case for 128-bit keys is
> futile, and will remain so until quantum computers are widespread.
It's not so certain. Yes the algorithm describes a permutation, and each key
describes a (hopefully) different permutation. But if you were to read a bit
more you would find that the odds of there existing a 128-bit key that
performs that exact change is approximately 63% in a random cipher. It would
be of interest to know if one exists, both from an interest and a
cryptographic point of view. If it exists it would mean that we can prove
something about the permutations chosen by Rijndael, and if we could do it
significantly faster than 2^128 this could very well lead to an attack. Of
course this is all rather a pointless discussion, we still don't know
whether the probability of Rijndael containing that mapping is 0 or 1.
Joe
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Maximal security for a resources-limited microcontroller
Date: Thu, 5 Oct 2000 10:59:25 -0700
I know I'm late to the party. But if it hasn't been decided already, and
your security requirements don't exceed it, might I recommend Skipjack. It's
a rather slow cipher, but it offers very good security, and operates well in
very confined spaces. The specification is on the NIST site, or if you
search your archives there was a version posted to sci.crypt. I will say
though that it is an 80-bit cipher, which may be considered too small. If it
is then I would recommend Rijndael (soon to be called AES), or Twofish, or
Serpent, any of which would be a good choice.
Joe
ps I would second the notion of not trusting a "new system" as proposed by
the "Chief Cryptographer" from Protego.
------------------------------
From: Johnny Bravo <[EMAIL PROTECTED]>
Subject: Re: No Comment from Bruce Schneier?
Date: Fri, 06 Oct 2000 05:46:15 -0400
On 4 Oct 2000 18:22:58 GMT, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote:
> Actually I would expect a comment from him to be more like a comment
>of Al Gore attempting to sound nice.
Your opinions do not reality make.
> I would rather hear from people who know him.
Why? How are they a better source than the man himself.
> Like the anonymous guy who helped set up my website
>so I could be a thorne in the side of the phony crypto elite.
LOL. You're a legend in your own mind.
> Notice I did not honor him with his intials.
That's because we've noticed from day 1 that you are insulting him
by calling him Mr BS. What's the matter, you've never before passed
up the opportunity to perform an ad hominem attack in place of logical
thought.
> Maybe he still carrys enough weight that they can override the first
> choice and pick his yet.
And why would you think he can override the selection?
>I hate being wrong. Since I would have bet money the NSA had his
>lined up to win especially with that clever name.
Ahh, here is the ad hominem we've come to expect from you.
<snip rest of poorly constructed insult>
--
Best Wishes,
Johnny Bravo
BAAWA Knight, EAC - Temporal Adjustments Division
"The most merciful thing in the world, I think, is the inability
of the human mind to correlate all its contents." - HP Lovecraft
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: are doubly encrypted files more secure than singly encrypted ones?
Date: Fri, 06 Oct 2000 09:43:46 GMT
In article <[EMAIL PROTECTED]>,
jtnews <[EMAIL PROTECTED]> wrote:
> If I use gnupg on a file and then encrypt the encrypted file again
> is it anymore secure? Will it take longer for someone to crack it?
>
> What if I do it more times?
Generally no.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: David Blackman <[EMAIL PROTECTED]>
Subject: Re: No Comment from Bruce Schneier?
Date: Fri, 06 Oct 2000 21:06:37 +1100
There are rumours he may have made a comment to the US media. I expect
he will make a comment in his monthly newsletter on the 15th also. Be
patient. It's only a few days away.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
