Cryptography-Digest Digest #985, Volume #12 Mon, 23 Oct 00 06:13:00 EDT
Contents:
Re: How to post absolutely anything on the Internet anonymously (Andre van Straaten)
Re: Why trust root CAs ? ("Tor Rustad")
Re: Why trust root CAs ? (Vernon Schryver)
Re: Huffman stream cipher. (Richard Heathfield)
Re: Vigenere Cipher (was: What is desCDMF?) (Klaus Pommerening)
----------------------------------------------------------------------------
From: Andre van Straaten <[EMAIL PROTECTED]>
Subject: Re: How to post absolutely anything on the Internet anonymously
Date: Mon, 23 Oct 2000 08:09:59 GMT
In sci.crypt Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
> How to post absolutely anything on the Internet anonymously
> http://www.sciam.com/2000/1000issue/1000techbus2.html
You can produce an absolutely anonymous posting through some services
(where you don't know who really has control over these servers).
But if someone is tapping your modem or cable line, or your ISP, too,
they can see everything you send, even faked headers in messages for
(childish) DoS attacks.
So, to these people, your posting is not anonymous.
-- avs
Andre van Straaten
http://www.vanstraatensoft.com
______________________________________________
flames please to [EMAIL PROTECTED]
------------------------------
From: "Tor Rustad" <[EMAIL PROTECTED]>
Subject: Re: Why trust root CAs ?
Date: Sun, 22 Oct 2000 22:46:52 +0200
"Anne & Lynn Wheeler" <[EMAIL PROTECTED]> wrote in message
> Anne & Lynn Wheeler <[EMAIL PROTECTED]> writes:
> > there is a mapping of x9.59 to iso8583 (i.e. payment cards, debit,
> > credit, etc)
>
> one of the issues in mapping digital signatures to the existing
> payment infrastructure and providing end-to-end authentication ... was
> the typical 8583 message was 60-100 bytes. It was possible to map the
> additional x9.59 fields and a ec/dss into something like an additional
> 80 bytes or so (nearly doubling message size for authentication).
I'm reading your posts with interest, and will look into some of your links
on this matter. I must admit that I have not paid attention to X9.59. In
SET, the ISO8583 mapping is implemented already, why do we need another way
to do this? To open up for on-line debet card transactions?
As long as the card companies allow no security via credit cards, and the
banks earn more mony (in some countries) on credit card transactions, the
business case for implementing X9.59 doesn't look good. Also, _if_ X9.59
mandates new messages at the ASN.1 level, this will be expensive to
implement. Futhermore, some of us are starting to get really fed up with all
these PKI standards...
> A certificate-based infrastructure represented two approaches ...
>
> 1) use certificates in an internet-only mode and truncate them at
> boundary between the internet and the financial infrastructure. The
> downside was giving up on basic security tenets like end-to-end
> integrity and end-to-end authentication.
That is the way things are done in the real world.
> 2) carry the certificate ... but compress it into a manageable mode.
No, no learn from SET, we don't want to implement a new back-end for all the
banks and card companies. Proper security and audit at the Payment GW is
sufficient.
> Now, some things cropped up:
<snip>
Many want to make return of investment on SET. Unless the card companies
drop SET, that is still the way to go for interoperability beyond national
schemes. For the moment, we will only look into using PKI for on-line
banking and bill-presentment.
--
Tor
------------------------------
From: [EMAIL PROTECTED] (Vernon Schryver)
Subject: Re: Why trust root CAs ?
Date: 22 Oct 2000 18:14:16 -0600
In article <[EMAIL PROTECTED]>,
Anne & Lynn Wheeler <[EMAIL PROTECTED]> wrote:
> ...
>one of the issues in mapping digital signatures to the existing
>payment infrastructure and providing end-to-end authentication ... was
>the typical 8583 message was 60-100 bytes. It was possible to map the
>additional x9.59 fields and a ec/dss into something like an additional
>80 bytes or so (nearly doubling message size for authentication).
> ...
What's the big deal about +/- 60-180 bytes on the wire?
Yes, I realize that multiplying umptyzillion transactions per day by 60
bytes amounts to a lot of bits per second, but modern network performance
is determined to the first order by the number of packets, not the number
of bytes or the sizes of packets.
It costs the same (for all reasonable meanings of "cost") to send
a packet containing 80, 160, or 180 bytes on a modern network, with
the possible but quite implausible exceptions of some radio-telephone
and low speed modem links.
Part of the reason for that is network traffic is so extremely bursty
("self-similar") that you must over-provision, or your customers get
unhappy because sometimes their dirty HTTP pictures take longer to appear.
Vernon Schryver [EMAIL PROTECTED]
------------------------------
Date: Mon, 23 Oct 2000 10:24:23 +0100
From: Richard Heathfield <[EMAIL PROTECTED]>
Subject: Re: Huffman stream cipher.
"SCOTT19U.ZIP_GUY" wrote:
>
> >But as for the mistakes, please notice that I said:
> >
> >"I had a quick look at your source code. He's right. It's hard to read,
> >it's non-portable (I'd guess it's for DJGPP, but that's just a guess)
> >and in at least one place it's incorrect. I couldn't look at it for long
> >because it was so tiring."
> >
> >The "at least one place" is:
> >
> >void
> >main()
> >{
> >
>
> I state that is written for DJGPP.
No, you don't. You mention DJGPP in the source code as follows: "this
works even for a 25meg test file on a 486 with 4 megs of memory because
the gnu djgpp version of C handles virtual memory". This is not the same
as saying the program is written purely for DJGPP.
In the README file, however, you state: "ALso if you don't have GNU C
good luck in rehosting."
Well, I do have GNU C, so I tried it out on GNU C.
[rjh@arc11] /home/rjh/scott > gcc -W -Wall -ansi -pedantic scott19u.c
scott19u.c:5: pc.h: No such file or directory
scott19u.c:6: keys.h: No such file or directory
> If you have other compilers
> you may have to change it. But the above is not an error it complies
> and runs under DGJPP C.
Well, let's find out. One install of DJGPP later (I presume you mean
DJGPP, not DGJPP, by the way)...
Here is the output I got:
D:\alldata\dev\crypto\scott19u>gcc -W -Wall -ansi -pedantic scott19u.c
In file included from scott19u.c:8:
dstypes.h:2: warning: ANSI C does not support `long long'
scott19u.c:58: warning: return type of `main' is not `int'
scott19u.c: In function `main':
scott19u.c:78: warning: implicit declaration of function `typeof'
scott19u.c:78: `_a_p19' undeclared (first use in this function)
scott19u.c:78: (Each undeclared identifier is reported only once
scott19u.c:78: for each function it appears in.)
scott19u.c:78: parse error before `_b_p19'
scott19u.c:78: parse error before `_c_p19'
scott19u.c:78: `_j' undeclared (first use in this function)
scott19u.c:78: `_b_p19' undeclared (first use in this function)
scott19u.c:78: `_c_p19' undeclared (first use in this function)
scott19u.c:78: warning: ANSI C forbids braced-groups within expressions
scott19u.c: In function `goEnc':
scott19u.c:150: warning: suggest parentheses around comparison in
operand of &
scott19u.c:154: `_a_g19' undeclared (first use in this function)
scott19u.c:154: parse error before `_b_g19'
scott19u.c:154: `_i' undeclared (first use in this function)
scott19u.c:154: `_b_g19' undeclared (first use in this function)
scott19u.c:154: warning: ANSI C forbids braced-groups within expressions
scott19u.c:155: `_a_p19' undeclared (first use in this function)
scott19u.c:155: parse error before `_b_p19'
scott19u.c:155: parse error before `_c_p19'
scott19u.c:155: `_j' undeclared (first use in this function)
scott19u.c:155: `_b_p19' undeclared (first use in this function)
scott19u.c:155: `_c_p19' undeclared (first use in this function)
scott19u.c:155: warning: ANSI C forbids braced-groups within expressions
scott19u.c:159: warning: suggest parentheses around comparison in
operand of &
scott19u.c:161: parse error before `_b_g19'
scott19u.c:161: warning: ANSI C forbids braced-groups within expressions
scott19u.c:162: parse error before `_b_p19'
scott19u.c:162: parse error before `_c_p19'
scott19u.c:162: warning: ANSI C forbids braced-groups within expressions
scott19u.c:104: warning: unused variable `p2'
scott19u.c: In function `goDec':
scott19u.c:225: warning: suggest parentheses around comparison in
operand of &
scott19u.c:180: warning: unused variable `k'
scott19u.c:177: warning: unused variable `p2'
scott19u.c: In function `getables':
scott19u.c:250: warning: implicit declaration of function `access'
scott19u.c:250: `F_OK' undeclared (first use in this function)
scott19u.c:318: warning: implicit declaration of function `getkey'
scott19u.c:324: warning: `0' flag ignored with precision specifier and
`x' format
scott19u.c:419: warning: `0' flag ignored with precision specifier and
`x' format
scott19u.c: In function `rem_tab16':
scott19u.c:554: `_a_p19' undeclared (first use in this function)
scott19u.c:554: parse error before `_b_p19'
scott19u.c:554: parse error before `_c_p19'
scott19u.c:554: `_j' undeclared (first use in this function)
scott19u.c:554: `_b_p19' undeclared (first use in this function)
scott19u.c:554: `_c_p19' undeclared (first use in this function)
scott19u.c:554: warning: ANSI C forbids braced-groups within expressions
scott19u.c:560: `_a_g19' undeclared (first use in this function)
scott19u.c:560: parse error before `_b_g19'
scott19u.c:560: `_i' undeclared (first use in this function)
scott19u.c:560: `_b_g19' undeclared (first use in this function)
scott19u.c:560: warning: ANSI C forbids braced-groups within expressions
scott19u.c:561: parse error before `_b_p19'
scott19u.c:561: parse error before `_c_p19'
scott19u.c:561: warning: ANSI C forbids braced-groups within expressions
scott19u.c:562: parse error before `_b_g19'
scott19u.c:562: warning: ANSI C forbids braced-groups within expressions
scott19u.c:563: parse error before `_b_p19'
scott19u.c:563: parse error before `_c_p19'
scott19u.c:563: warning: ANSI C forbids braced-groups within expressions
scott19u.c:566: parse error before `_b_g19'
scott19u.c:566: warning: ANSI C forbids braced-groups within expressions
scott19u.c:567: parse error before `_b_p19'
scott19u.c:567: parse error before `_c_p19'
scott19u.c:567: warning: ANSI C forbids braced-groups within expressions
scott19u.c:569: parse error before `_b_g19'
scott19u.c:569: warning: ANSI C forbids braced-groups within expressions
scott19u.c:570: parse error before `_b_p19'
scott19u.c:570: parse error before `_c_p19'
scott19u.c:570: warning: ANSI C forbids braced-groups within expressions
scott19u.c:571: parse error before `_b_p19'
scott19u.c:571: parse error before `_c_p19'
scott19u.c:571: warning: ANSI C forbids braced-groups within expressions
scott19u.c:574: parse error before `_b_g19'
scott19u.c:574: warning: ANSI C forbids braced-groups within expressions
scott19u.c:574: warning: left-hand operand of comma expression has no
effect
scott19u.c:574: warning: value computed is not used
scott19u.c:579: parse error before `_b_g19'
scott19u.c:579: warning: ANSI C forbids braced-groups within expressions
scott19u.c:580: parse error before `_b_p19'
scott19u.c:580: parse error before `_c_p19'
scott19u.c:580: warning: ANSI C forbids braced-groups within expressions
scott19u.c:583: parse error before `_b_g19'
scott19u.c:583: warning: ANSI C forbids braced-groups within expressions
scott19u.c:584: parse error before `_b_p19'
scott19u.c:584: parse error before `_c_p19'
scott19u.c:584: warning: ANSI C forbids braced-groups within expressions
scott19u.c: In function `Paul':
scott19u.c:621: `_a_g19' undeclared (first use in this function)
scott19u.c:621: parse error before `_b_g19'
scott19u.c:621: `_i' undeclared (first use in this function)
scott19u.c:621: `_b_g19' undeclared (first use in this function)
scott19u.c:621: warning: ANSI C forbids braced-groups within expressions
scott19u.c:622: parse error before `_b_g19'
scott19u.c:622: warning: ANSI C forbids braced-groups within expressions
scott19u.c:623: parse error before `_b_g19'
scott19u.c:623: warning: ANSI C forbids braced-groups within expressions
scott19u.c:624: parse error before `_b_g19'
scott19u.c:624: warning: ANSI C forbids braced-groups within expressions
scott19u.c:625: parse error before `_b_g19'
scott19u.c:625: warning: ANSI C forbids braced-groups within expressions
scott19u.c:626: `_a_p19' undeclared (first use in this function)
scott19u.c:626: parse error before `_b_p19'
scott19u.c:626: parse error before `_c_p19'
scott19u.c:626: `_j' undeclared (first use in this function)
scott19u.c:626: `_b_p19' undeclared (first use in this function)
scott19u.c:626: `_c_p19' undeclared (first use in this function)
scott19u.c:626: warning: ANSI C forbids braced-groups within expressions
scott19u.c: In function `doEnce':
scott19u.c:669: warning: pointer of type `void *' used in arithmetic
scott19u.c:670: warning: pointer of type `void *' used in arithmetic
scott19u.c:671: warning: pointer of type `void *' used in arithmetic
scott19u.c:671: warning: pointer of type `void *' used in arithmetic
scott19u.c:677: `_a_g19' undeclared (first use in this function)
scott19u.c:677: parse error before `_b_g19'
scott19u.c:677: `_i' undeclared (first use in this function)
scott19u.c:677: `_b_g19' undeclared (first use in this function)
scott19u.c:677: `_go19' undeclared (first use in this function)
scott19u.c:677: warning: ANSI C forbids braced-groups within expressions
scott19u.c:679: parse error before `_b_g19'
scott19u.c:679: warning: ANSI C forbids braced-groups within expressions
scott19u.c:685: parse error before `_b_g19'
scott19u.c:685: warning: ANSI C forbids braced-groups within expressions
scott19u.c:686: parse error before `_b_g19'
scott19u.c:686: warning: ANSI C forbids braced-groups within expressions
scott19u.c:687: parse error before `_b_g19'
scott19u.c:687: warning: ANSI C forbids braced-groups within expressions
scott19u.c:688: `_a_p19' undeclared (first use in this function)
scott19u.c:688: parse error before `_b_p19'
scott19u.c:688: parse error before `_c_p19'
scott19u.c:688: `_po19' undeclared (first use in this function)
scott19u.c:688: `_b_p19' undeclared (first use in this function)
scott19u.c:688: `_j' undeclared (first use in this function)
scott19u.c:688: `_c_p19' undeclared (first use in this function)
scott19u.c:688: warning: ANSI C forbids braced-groups within expressions
scott19u.c:692: parse error before `_b_g19'
scott19u.c:692: warning: ANSI C forbids braced-groups within expressions
scott19u.c:693: parse error before `_b_g19'
scott19u.c:693: warning: ANSI C forbids braced-groups within expressions
scott19u.c:694: parse error before `_b_p19'
scott19u.c:694: parse error before `_c_p19'
scott19u.c:694: warning: ANSI C forbids braced-groups within expressions
scott19u.c:699: parse error before `_b_g19'
scott19u.c:699: warning: ANSI C forbids braced-groups within expressions
scott19u.c:700: parse error before `_b_g19'
scott19u.c:700: warning: ANSI C forbids braced-groups within expressions
scott19u.c:701: parse error before `_b_p19'
scott19u.c:701: parse error before `_c_p19'
scott19u.c:701: warning: ANSI C forbids braced-groups within expressions
scott19u.c:703: parse error before `_b_g19'
scott19u.c:703: warning: ANSI C forbids braced-groups within expressions
scott19u.c:704: parse error before `_b_p19'
scott19u.c:704: parse error before `_c_p19'
scott19u.c:704: warning: ANSI C forbids braced-groups within expressions
scott19u.c:705: parse error before `_b_p19'
scott19u.c:705: parse error before `_c_p19'
scott19u.c:705: warning: ANSI C forbids braced-groups within expressions
scott19u.c: In function `doDece':
scott19u.c:732: warning: pointer of type `void *' used in arithmetic
scott19u.c:733: warning: pointer of type `void *' used in arithmetic
scott19u.c:734: warning: pointer of type `void *' used in arithmetic
scott19u.c:734: warning: pointer of type `void *' used in arithmetic
scott19u.c:741: `_a_g19' undeclared (first use in this function)
scott19u.c:741: parse error before `_b_g19'
scott19u.c:741: `_i' undeclared (first use in this function)
scott19u.c:741: `_b_g19' undeclared (first use in this function)
scott19u.c:741: `_go19' undeclared (first use in this function)
scott19u.c:741: warning: ANSI C forbids braced-groups within expressions
scott19u.c:743: parse error before `_b_g19'
scott19u.c:743: warning: ANSI C forbids braced-groups within expressions
scott19u.c:751: parse error before `_b_g19'
scott19u.c:751: warning: ANSI C forbids braced-groups within expressions
scott19u.c:752: parse error before `_b_g19'
scott19u.c:752: warning: ANSI C forbids braced-groups within expressions
scott19u.c:753: `_a_p19' undeclared (first use in this function)
scott19u.c:753: parse error before `_b_p19'
scott19u.c:753: parse error before `_c_p19'
scott19u.c:753: `_j' undeclared (first use in this function)
scott19u.c:753: `_b_p19' undeclared (first use in this function)
scott19u.c:753: `_c_p19' undeclared (first use in this function)
scott19u.c:753: warning: ANSI C forbids braced-groups within expressions
scott19u.c:754: parse error before `_b_p19'
scott19u.c:754: parse error before `_c_p19'
scott19u.c:754: warning: ANSI C forbids braced-groups within expressions
scott19u.c:755: parse error before `_b_g19'
scott19u.c:755: warning: ANSI C forbids braced-groups within expressions
scott19u.c:756: parse error before `_b_g19'
scott19u.c:756: warning: ANSI C forbids braced-groups within expressions
scott19u.c:759: parse error before `_b_g19'
scott19u.c:759: warning: ANSI C forbids braced-groups within expressions
scott19u.c:760: parse error before `_b_p19'
scott19u.c:760: parse error before `_c_p19'
scott19u.c:760: warning: ANSI C forbids braced-groups within expressions
scott19u.c:761: parse error before `_b_p19'
scott19u.c:761: parse error before `_c_p19'
scott19u.c:761: `_po19' undeclared (first use in this function)
scott19u.c:761: warning: ANSI C forbids braced-groups within expressions
scott19u.c:765: parse error before `_b_g19'
scott19u.c:765: warning: ANSI C forbids braced-groups within expressions
scott19u.c:766: parse error before `_b_g19'
scott19u.c:766: warning: ANSI C forbids braced-groups within expressions
scott19u.c:767: parse error before `_b_p19'
scott19u.c:767: parse error before `_c_p19'
scott19u.c:767: warning: ANSI C forbids braced-groups within expressions
scott19u.c:770: parse error before `_b_g19'
scott19u.c:770: warning: ANSI C forbids braced-groups within expressions
scott19u.c:717: warning: unused variable `kx'
Conclusion: even DJGPP rejects this program. As well it should.
<snip Borland compile, or rather the lack thereof!>
>
> I can't help it if you use a poor compiler and don't
> have the smarts to make it fit the tools you have.
Borland C++ is not a poor compiler. In fact, it's pretty good. But we
have just seen that not even your compiler of choice will compile your
code when using the normal gcc options. I also tried it without any
flags at all, and it *still* gave me a warning - the one I originally
pointed out to you.
> I write
> for C
No, sir, you do not. I don't quite know what to call the language you
use, but it is not C.
> in DGJPP.
DJGPP disagrees with you (see above).
> If you can't figure out how to mode it to
> work with your complier thats to bad.
I think I could probably hammer it into shape, if I got a big enough
hammer. The point is, I shouldn't have to. It's your job to do that; not
my job, not sci.crypt's job - *your* job.
What you're actually saying here is that you don't /want/ people to
cryptanalyse your snake-oil, so you make it as unpleasant and
inconvenient an experience as possible in the hope that nobody will
bother, and then you will presumably make some spurious claim such as
"been on the Web 3 years now and never been cracked".
> ALso in case you
> lack the brains to figure it out. THe code is targeted for
> a PC so if you have a MAC to bad.
Algorithms are portable. Therefore, your algorithm is portable. But if
your code is /not/ portable, what good is it? If your code is not
portable, then your code does not serve your algorithm well, and your
algorithm is doomed to oblivion or, worse, notoriety.
--
Richard Heathfield
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
66 K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html (31
to go)
------------------------------
From: [EMAIL PROTECTED] (Klaus Pommerening)
Subject: Re: Vigenere Cipher (was: What is desCDMF?)
Date: 23 Oct 2000 10:03:51 GMT
In <[EMAIL PROTECTED]> phil hunt wrote:
> My question is: why did it take so long to crack?
>
Was it worth the effort? Did someone use a Vigen�re cipher?
Diplomats and spys used code books (or nomenclators).
--
Klaus Pommerening [http://www.Uni-Mainz.DE/~pommeren/]
Institut fuer Medizinische Statistik und Dokumentation
der Johannes-Gutenberg-Universitaet, D-55101 Mainz, Germany
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
