Cryptography-Digest Digest #111, Volume #13 Mon, 6 Nov 00 21:13:01 EST
Contents:
Panama integrated cipher/MAC? (Wei Dai)
Re: AES only 128 bit-blocksize? (David Crick)
Re: Calculating the redudancy of english? ("David C. Barber")
Updated XOR Software Utility (freeware) Version 1.1 from Ciphile (Anthony Stephen
Szopa)
Re: XOR Software Utility (freeware) available from Ciphile Software (Tim Tyler)
Re: XOR Software Utility (freeware) available from Ciphile Software (Andre van
Straaten)
Re: Crypto Export Restrictions (Anthony Stephen Szopa)
Re: Crypto Export Restrictions (Anthony Stephen Szopa)
Re: XOR Software Utility (freeware) available from Ciphile Software (Anthony Stephen
Szopa)
Re: XOR Software Utility (freeware) available from Ciphile Software (Tim Tyler)
Re: Calculating the redudancy of english? (Steve Portly)
NESSIE Workshop 13-14 November (Antoon Bosselaers)
Re: Crypto Export Restrictions (CiPHER)
Re: BENNY AND THE MTB? (Bryan Olson)
Re: XOR Software Utility (freeware) available from Ciphile Software (Scott Craver)
Re: BENNY AND THE MTB? (Bryan Olson)
Re: Crypto Export Restrictions (Scott Craver)
Re: Crypto Export Restrictions (Anthony Stephen Szopa)
----------------------------------------------------------------------------
From: Wei Dai <[EMAIL PROTECTED]>
Subject: Panama integrated cipher/MAC?
Date: Mon, 6 Nov 2000 13:22:29 -0800
Panama is currently the fastest MAC available (at least on x86
architecture, see http://weidai.com/benchmarks.html) and among the
fastest stream ciphers, but it seems like it shouldn't be too hard to
use Panama to encrypt and MAC simultaneously and get twice the speed. I
wonder if anyone has given this any thought? One problem is that Panama
defines separate Pull and Push operations. To encrypt and MAC
simultaneously it seems a combined Pull and Push operation would be
needed.
--
cryptopp.com - a free C++ class library of cryptographic schemes
------------------------------
From: David Crick <[EMAIL PROTECTED]>
Subject: Re: AES only 128 bit-blocksize?
Date: Mon, 06 Nov 2000 22:41:05 +0000
Tom St Denis wrote:
>
> In article <[EMAIL PROTECTED]>,
> Makoto Miyamoto <[EMAIL PROTECTED]> wrote:
> > Hi,
> >
> > I'm curios, if the AES is only defined with 128 bit-blocksize or if
> > all blocksizes mentioned in the Rijndael-paper are considered as AES?
>
> Rijndael in it's 128/192/256 bit key length and 128 bit block length is
> the proposed AES standard.
NIST have said that they will only consider other block lengths if
they receive adequate analysis by others of them.
--
+-------------------------------------------------------------------+
| David A Crick <[EMAIL PROTECTED]> PGP: (NOV-2000 KEY) 0x710254FA |
| Damon Hill Tribute Site: http://www.geocities.com/MotorCity/4236/ |
| M. Brundle Quotes: http://members.tripod.com/~vidcad/martin_b.htm |
+-------------------------------------------------------------------+
------------------------------
From: "David C. Barber" <[EMAIL PROTECTED]>
Subject: Re: Calculating the redudancy of english?
Date: Mon, 6 Nov 2000 16:14:42 -0700
I was speaking of dictionary entries *and* their following definitions,
where common words would likely be more used than uncommon words.
*David Barber*
"Kristopher Johnson" <[EMAIL PROTECTED]> wrote in
message news:5KFM5.16697$[EMAIL PROTECTED]...
> Dictionary entries aren't representative of "real-world" letter or word
> frequencies.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: alt.freespeech,talk.politics.misc,talk.politics.crypto,alt.hacker
Subject: Updated XOR Software Utility (freeware) Version 1.1 from Ciphile
Date: Mon, 06 Nov 2000 15:27:26 -0800
Updated XOR Software Utility (freeware) Version 1.1 from Ciphile
Software
This updated XOR software utility Version 1.1 from Ciphile Software
now allows for the two input files AND the output file to each be
in a different directory if the user chooses.
http://www.ciphile.com
go to the Downloads Currently Available web page.
scroll to the bottom of the page.
Click on the blue anchor tag: CiphileXOR_11.zip (156kb)
------------------------------
Crossposted-To: talk.politics.crypto,alt.hacker,talk.politics.misc
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: XOR Software Utility (freeware) available from Ciphile Software
Reply-To: [EMAIL PROTECTED]
Date: Mon, 6 Nov 2000 23:23:15 GMT
In sci.crypt Andre van Straaten <[EMAIL PROTECTED]> wrote:
: The disadvantage of the OTP is that only one added or left
: character in the key file or ciphertext file messes up the rest
: of the plaintext file. (E.g.: encrypting on Unix and decrypting on MS
: Windows)
Hmm - this sort of error can usually be rectified with a small volume
of effort. I don't think this is "the disadvantage" of OTPs.
--
__________ http://alife.co.uk/ http://mandala.co.uk/
|im |yler [EMAIL PROTECTED] http://hex.org.uk/ http://atoms.org.uk/
------------------------------
From: Andre van Straaten <[EMAIL PROTECTED]>
Subject: Re: XOR Software Utility (freeware) available from Ciphile Software
Crossposted-To: talk.politics.crypto,alt.hacker,talk.politics.misc
Date: Mon, 06 Nov 2000 23:35:49 GMT
In sci.crypt Richard Heathfield <[EMAIL PROTECTED]> wrote:
> [alt.freespeech snipped from crosspost - my news server hates free
> speech]
> Anthony Stephen Szopa wrote:
>>
>> XOR Software Utility (freeware) available from Ciphile Software
>>
>> This software simply performs the universally available logical XOR
>> process on two files chosen by the user and outputs the resulting
>> file.
>>
>> http://www.ciphile.com
> I tried to have a look at this, but failed. No source code. Just the
> binary. On the system I'm using right now, I couldn't have run it even
> if I'd wanted to.
> Since it's such a simple program to write, why no source code?
The intended audience has only a rough understanding of what source
code is.
> If someone will kindly point out what they would expect to happen if the
> two source files are of different lengths, I will happily post portable
> C source code to do this, on alt.crypto.sources (to avoid clogging up
> all the splendid newsgroups to which this was cross-posted). Mind you,
> if the code exceeds twenty lines of code (not including #includes, {,
> and }, I'll be very surprised indeed...
If you go to "Instructions" there is on the bottom a short sentence that
the process will stop when the end of the shortest file is reached.
That's the only thing you can do when using it as an OTP, as there are no
"truly" random numbers on a PC, not even "golden" ones. ;-)
The thing is named XOR, works as an OTP, and ...
Well, the user will know what he/she is doing ... LOL
BTW: I couldn't find that NG "alt.crypto.sources". Even on Deja.com I
could find it.
-- avs
Andre van Straaten
http://www.vanstraatensoft.com
______________________________________________
flames please to [EMAIL PROTECTED]
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,talk.politics.misc,alt.freespeech
Subject: Re: Crypto Export Restrictions
Date: Mon, 06 Nov 2000 15:39:56 -0800
CiPHER wrote:
>
> In article <[EMAIL PROTECTED]>,
> Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
>
> > Anyone who uses encryption software that does not generate pure
> > random numbers is nutty if you ask me.
>
> No computer program can generate pure random numbers, no computer
> program requesting input from users will generate pure random numbers,
> in fact I'd go as far as saying that 90% of the time in all occasions
> in life 'pure' randomness cannot be attained. Perhaps that's getting
> into too much arithmetic theory for you though - you can't even
> understand the concept of equations.
>
> /* He also doesn't seem to grasp the concepts of simple open
> cryptography, his guide/help file is vague (at best) and generally
> posting messages such as - "Nothing in this world comes easy. These
> guys wanted to be spoon fed. I hope they are wise enough to know that
> they get what they pay for. n this case, they got what they made the
> personal effort to achieve." - makes him come across as a bit of a
> twat.
>
> That's not to mention the fact that he took so much pride in showing
> everyone how little he kept himself up to date on US export
> restrictions. Which was quite funny. */
>
> I'd advise everyone to treat this guy's/company's (lol) programs like
> the plague and use something infinitely better like PGP or even
> something like a nice implementation of DES, Blowfish, Twofish, etc.
>
> --
> Marcus
> ---
> [ www.cybergoth.cjb.net ] [ alt.gothic.cybergoth ]
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
Give us the link to the latest BXA export restrictions pointing to
the specific part that allows free and free from red tape export of
unlimited key length crypto (yes?), etc.
The regs are all available on the Web for download. Just give us
the precise link and point us to the exact place in the BXA regs,
please.
Or copy and paste the pertinent paragraphs here for us.
Pretender?
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,talk.politics.misc,alt.freespeech
Subject: Re: Crypto Export Restrictions
Date: Mon, 06 Nov 2000 15:45:12 -0800
Scott Craver wrote:
>
> Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
> >
> >Like I said, if you do not have the intelligence and the energy and
> >the interest to read the Help Files and have all your questions
> >answered then just forget about it.
>
> I read them. Still no pseudocode nor source code. And
> you keep dodging the question: _which_ help file contains
> the pseudocode? Which one?
>
> >Since you have demonstrated that you will not even devote the time
> >and energy to read the Help Files you clearly don't know what you
> >are talking about regarding OAP-L3.
>
> If someone is going to do you the favor of analyzing your
> system, you should at least do them the favor of providing
> psuedocode for the algorithm.
>
> Insisting that people must reverse engineer the system
> from vague descriptions help files? Sounds like animosity
> towards cryptanalysts. Sounds like you're not very keen
> on letting people analyze your system.
>
> >Anyone who uses encryption software that does not generate pure
> >random numbers is nutty if you ask me.
>
> YOUR ENCRYPTION PROGRAM DOES NOT GENERATE PURE RANDOM
> NUMBERS. It takes hopefully random numbers as input,
> but probably horribly misuses them.
>
> Why not take those beans or those cards and use them as
> a seed for RC5? This has been thoroughly tested, and
> designed by an expert. And the algorithm is well
> documented.
>
> Much more likely to be secure than some shuffling program
> written by someone who does not know about permutation
> groups.
>
> >OAP-L3 requires true random number user input then generates pure
> >random numbers for encryption purposes.
>
> If the output is larger than the input, OAP-L3 (provably)
> does not generate "pure random numbers." You can not
> increase the amount of entropy in data.
>
> >But you say this is nutty.
>
> It's fraudulent, is what.
> -S
Wow!
Do you think any one of us thinks that you would be doing us a
favor?
You must know the software very well to have such strong opinions.
Yes? No?
I am not asking you to do anything except to stop wasting your time.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.hacker,talk.politics.misc
Subject: Re: XOR Software Utility (freeware) available from Ciphile Software
Date: Mon, 06 Nov 2000 16:25:35 -0800
Tom St Denis wrote:
>
> In article <[EMAIL PROTECTED]>,
> Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
> > XOR Software Utility (freeware) available from Ciphile Software
> >
> > This software simply performs the universally available logical XOR
> > process on two files chosen by the user and outputs the resulting
> > file.
> >
> > http://www.ciphile.com
> >
> > goto the Downloads Currently Available web page.
> > scroll to the bottom of the page.
> >
> > Click on the blue anchor tag: CiphileXOR_10.zip (155kb)
>
> How on earth did you make such a simple program take 155kb?
>
> Tom
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
Updated XOR Software Utility (freeware) Version 1.1 from Ciphile
Software
This updated XOR software utility Version 1.1 from Ciphile Software
now allows for the two input files AND the output file to each be
in a different directory if the user chooses.
http://www.ciphile.com
go to the Downloads Currently Available web page.
scroll to the bottom of the page.
Click on the blue anchor tag: CiphileXOR_11.zip (156kb)
------------------------------
Crossposted-To: talk.politics.crypto,alt.hacker,talk.politics.misc
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: XOR Software Utility (freeware) available from Ciphile Software
Reply-To: [EMAIL PROTECTED]
Date: Tue, 7 Nov 2000 00:17:46 GMT
In sci.crypt Andre van Straaten <[EMAIL PROTECTED]> wrote:
: In sci.crypt Richard Heathfield <[EMAIL PROTECTED]> wrote:
:> Anthony Stephen Szopa wrote:
:>> http://www.ciphile.com
:> I tried to have a look at this, but failed. No source code. Just the
:> binary. On the system I'm using right now, I couldn't have run it even
:> if I'd wanted to.
:> Since it's such a simple program to write, why no source code?
: The intended audience has only a rough understanding of what source
: code is.
No doubt that same audience will be advised by those who /do/ know what
source code is not to use a system which might (for all anyone knows) take
your precious files and email them to some unnamed third party at the
first opportunity.
--
__________ http://alife.co.uk/ http://mandala.co.uk/
|im |yler [EMAIL PROTECTED] http://hex.org.uk/ http://atoms.org.uk/
------------------------------
From: Steve Portly <[EMAIL PROTECTED]>
Subject: Re: Calculating the redudancy of english?
Date: Mon, 06 Nov 2000 19:41:58 -0500
"David C. Barber" wrote:
> I was speaking of dictionary entries *and* their following definitions,
> where common words would likely be more used than uncommon words.
>
> *David Barber*
> "Kristopher Johnson" <[EMAIL PROTECTED]> wrote in
> message news:5KFM5.16697$[EMAIL PROTECTED]...
> > Dictionary entries aren't representative of "real-world" letter or word
> > frequencies.
Within a percent or so you are probably right. It is funny to think how
terms like "cod liver oil" common as recently as the 1960's could change the
frequency of distribution though.
------------------------------
From: Antoon Bosselaers <[EMAIL PROTECTED]>
Subject: NESSIE Workshop 13-14 November
Date: Tue, 7 Nov 2000 02:04:50 +0100
NESSIE (New European Schemes for Signature, Integrity, and Encryption) is a
project within the Information Societies Technology (IST) Programme of the
European Commission. The main objective of the project is to put forward a
portfolio of strong cryptographic primitives that have been obtained after =
an
open call and evaluated using a transparent and open process.=20
At the first open NESSIE workshop most NESSIE submitters will present their
submissions. This workshop will take place at the Katholieke Universiteit
Leuven, Belgium on 13-14 November 2000. The list of accepted NESSIE
submissions and the workshop program are available through the main NESSIE
web page at http://cryptonessie.org or at
http://www.cosic.esat.kuleuven.ac.be/nessie. =20
The workshop venue is the Arenberg Castle, Kardinaal Mercierlaan 94, Heverl=
ee,
Belgium. Registration starts at 13:15 on Monday 13 November, and the
workshop ends around 17:45 on Tuesday 14 November. Interested parties are
invited to attend this workshop. If you do, please register as soon as
possible at
http://www.cosic.esat.kuleuven.ac.be/nessie/registration/registration.html.
DRAFT PROGRAM
Monday, 13 November 2000
Registration and Introduction
13:15 - 14:00 Registration in the Arenberg Castle, K. Mercierlaan 94, Hever=
lee
14:00 - 14:15 Welcome and Introduction
Stream Ciphers
14:15 - 14:35 BMGL (Johan H=E5stad and Mats N=E4slund)
14:35 - 14:55 Leviathan (Cisco Systems, Inc.)
14:55 - 15:15 Lili-128 (L. Simpson, E. Dawson, J. Golic, W. Millan)
15:15 - 15:35 SNOW (Thomas Johansson and Patrik Ekdahl)
15:35 - 16:05 Coffee Break
Message Authentication Codes
16:05 - 16:25 Two-Track-MAC (Bert den Boer and Bart Van Rompay)
Block Ciphers I
16:25 - 16:40 RC6 (RSA Security Inc.)
16:40 - 17:00 SAFER++ (Cylink Corporation)
17:00 - 17:20 SC2000 (Fujitsu Laboratories LTD.)
17:20 - 17:40 Noekeon (Joan Daemen, Michael Peeters, Gilles Van Assche, Vin=
cent Rijmen)
Testing Methodology
17:40 - 18:00 J.C. Hern=E1ndez, J.M. Sierra, C. Mex-Perera, D. Borrajo, A. =
Ribagorda, P. Isasi,=20
`Using the general next bit predictor like an evaluation crit=
eria'
Tuesday 14 November 2000
Asymmetric Primitives=20
8:30 - 8:55 RSA-OAEP and RSA-PSS (RSA Security Inc.)
8:55 - 9:25 ACE Encrypt/Sign (IBM and Ronald Cramer)
9:25 - 9:55 ECDSA and ECIES (Certicom)
9:55 - 10:25 Coffee Break
10:25 - 11:10 EPOC, PSEC, and ESIGN (Nippon Telegraph and Telephone Corpora=
tion)
11:10 - 11:40 QUARTZ, FLASH and SFLASH (BULL CP8)
11:40 - 12:00 GPS (France T=E9l=E9com and La Poste)
12:00 - 14:00 Lunch
Block Ciphers II (including hash functions)
14:00 - 14:10 SHACAL (Gemplus)
14:10 - 14:30 CS-Cipher (CS Communication & Syst=E8mes)
14:30 - 14:50 Hierocrypt-L1 and Hierocrypt-3 (Toshiba Corporation)
14:50 - 15:10 IDEA (Mediacrypt AG)
15:10 - 15:30 MISTY1 (Mitsubishi Electric Corporation)
15:30 - 16:00 Coffee Break
16:00 - 16:30 Khazad, Anubis, and Whirlpool (Paulo Barreto and Vincent Rijm=
en)
16:30 - 16:50 Camellia (Nippon Telegraph and Telephone Corporation and=20
Mitsubishi Electric Corporation)
16:50 - 17:10 Q (Leslie McBride)
17:10 - 17:30 NUSH (LAN Crypto, Int.)
17:30 - 17:45 Conclusions
Following submissions are not presented at the workshop.=20
Block Ciphers: Nimbus (Alexis Machado), Grand Cru (Johan Borst)
Stream Ciphers: SOBER-t16 and SOBER-t32 (Qualcomm International)
MACs: UMAC (Ted Krovetz, John Black, Shai Halevi, Hugo Krawczyk, Phillip Ro=
gaway)
------------------------------
From: CiPHER <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,talk.politics.misc,alt.freespeech
Subject: Re: Crypto Export Restrictions
Date: Tue, 07 Nov 2000 00:56:35 GMT
In article <[EMAIL PROTECTED]>,
Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
> Give us the link to the latest BXA export restrictions pointing to
> the specific part that allows free and free from red tape export of
> unlimited key length crypto (yes?), etc.
Ahhh note how you add in 'red-tape'. Let me ask, what kind of company
is it that you 'are'? One that releases vague closed-
source 'cryptographic' (ha!) programs that doesn't wish to even APPLY
for an export licence / program self-categorisation? I'm sure that
instills much confidence in your 'firm'.
Here's the chart to make it simple for you:
http://www.bxa.doc.gov/Encryption/lechart1.html
Here's a paragraph to save you searching:
"Exports to the European Union (EU) plus an additional eight countries:
U.S. exporters can export and reexport all encryption items, except
cryptanalytic products and their related technology, immediately to the
15 EU member states and Australia, Czech Republic, Hungary, Japan, New
Zealand, Norway, Poland and Switzerland without a license (i.e., under
a license exception). Exports to worldwide offices of firms,
organizations and governments headquartered in these nations and Canada
are also permitted. U.S. exporters can ship their products under this
new policy immediately after submitting a commodity classification
request to BXA, rather than waiting for the review and classification
to be completed."
I'm not sure I would say much "red-tape" is involved when (to quote
from directly above) "U.S. exporters can ship their products under this
new policy immediately after submitting a commodity classification
request to BXA, rather than waiting for the review and classification
to be completed.".
Look even PGP managed to understand the regulations:
http://www.pgp.com/aboutus/press/pr_template.asp?
PR=/PressMedia/01202000.asp&Sel=664
*snip*
> Or copy and paste the pertinent paragraphs here for us.
>
> Pretender?
What are you a h4x0r d00d or something? How exactly am I pretending?
The funny thing is that you don't even need to report any open source
programs... but as we all already know your software and/or attitude is
obviously very anti open source, and I'm sure if the situation ever
came to pass, many people here would be more than willing to point this
out to the BXA.
I really don't know why I'm bothering. To be realistic, who in their
right mind would download your software _anyway_. Let's be honest
anyone with know-how is going to spot the warning sign straight away
(*flash-flash* "Uses no mathematical equations" *flash-flash*) and 'the
man on the street' is going to be much more eager to use some program
like PGP which is well-made and user friendly. And not, of course, from
a 'company' that likes to engage in fraud and legality-dodging.
I mean, come on, does this (http://www.ciphile.com/mainmnu8.jpg) even
_look_ like a program anyone in their right mind would trust? It looks
like an end-of-term project for a high school class.
--
Marcus
---
[ www.cybergoth.cjb.net ] [ alt.gothic.cybergoth ]
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: BENNY AND THE MTB?
Date: Tue, 07 Nov 2000 01:04:07 GMT
Tim Tyler wrote:
> Matt Timmermans wrote:
> : What is the "oddness" of 0? Certainly less than the "oddness" of 1.
>
> In my books, 0 is indeed less "odd" than 1. 1 is odd, and 0 is not.
>
> : Since 1 is finitely odd, then 0 must be too.
>
> Am I losing it? If the conclusion follows from the premise
> here, I don't see how.
The idea is that "not odd at all" is a finite amount of
oddness.
--Bryan
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Crossposted-To: talk.politics.crypto,alt.hacker,talk.politics.misc
Subject: Re: XOR Software Utility (freeware) available from Ciphile Software
Date: 7 Nov 2000 01:09:39 GMT
Tim Tyler <[EMAIL PROTECTED]> wrote:
>In sci.crypt Andre van Straaten <[EMAIL PROTECTED]> wrote:
>
>: The disadvantage of the OTP is that only one added or left
>: character in the key file or ciphertext file messes up the rest
>: of the plaintext file. (E.g.: encrypting on Unix and decrypting on MS
>: Windows)
>
>Hmm - this sort of error can usually be rectified with a small volume
>of effort. I don't think this is "the disadvantage" of OTPs.
Indeed, this is a disadvantage of both stream ciphers AND
block ciphers, even in ECB mode. After all, block sizes are
typically multiple bytes long, so a single missing character
will misalign block boundaries.
-S
------------------------------
From: Bryan Olson <[EMAIL PROTECTED]>
Subject: Re: BENNY AND THE MTB?
Date: Tue, 07 Nov 2000 01:21:46 GMT
Matt Timmermans wrote:
> [...] It's too late to change now, and it's intuitive to me.
> What is the "oddness" of 0? Certainly less than the "oddness"
> of 1. Since 1 is finitely odd, then 0 must be too.
>
> The term made a lot of sense in the context in which it was
> coined:
>
> The arithcoder writes a finitely odd binary number in [0,1)
I think the term is O.K., but each description of what
it means should be clear about the 000... case. The
definition in the paper is fine. I had the misfortune
of first reading the comment in the source file
"trivial.h", which is clearly not what you meant:
[...] where a finitely odd bit stream is of infinite
length, but the position of the rightmost 1 bit is finite,
i.e., there is a final 1 bit somewhere in the stream, which
is followed by an infinite number of zero bits
I think I agree with you about the technique: the bijection is
clever and elegant, but not significant to cryptographic
security.
--Bryan
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Crossposted-To: talk.politics.crypto,talk.politics.misc,alt.freespeech
Subject: Re: Crypto Export Restrictions
Date: 7 Nov 2000 01:23:10 GMT
Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
>
>Wow!
>
>Do you think any one of us thinks that you would be doing us a
>favor?
"Us?" You believe others agree with you?
Yes, analysts are doing you a favor if they are willing to analyze
your system for you. Cryptanalytic consulting for free! Who would
pass up such a deal? Why discourage open analysis?
>You must know the software very well to have such strong opinions.
It is _fact,_ not opinion, that your (deterministic) program does
not output any more bits of randomness than the user inputs. It
is, in fact, a theorem often known as the DPE, or Data Processing
Inequality.
It is also a fact, not opinion, that your software does rely on
"mathematical equations" if it relies on permutations. Just because
there are no large integers doesn't mean it isn't math.
>I am not asking you to do anything except to stop wasting your time.
Let me guess, you want me to stop publicly posting these objections
to your system.
-S
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,talk.politics.misc,alt.freespeech
Subject: Re: Crypto Export Restrictions
Date: Mon, 06 Nov 2000 17:39:43 -0800
CiPHER wrote:
>
> In article <[EMAIL PROTECTED]>,
> Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
>
> > Give us the link to the latest BXA export restrictions pointing to
> > the specific part that allows free and free from red tape export of
> > unlimited key length crypto (yes?), etc.
>
> Ahhh note how you add in 'red-tape'. Let me ask, what kind of company
> is it that you 'are'? One that releases vague closed-
> source 'cryptographic' (ha!) programs that doesn't wish to even APPLY
> for an export licence / program self-categorisation? I'm sure that
> instills much confidence in your 'firm'.
>
> Here's the chart to make it simple for you:
> http://www.bxa.doc.gov/Encryption/lechart1.html
>
> Here's a paragraph to save you searching:
> "Exports to the European Union (EU) plus an additional eight countries:
> U.S. exporters can export and reexport all encryption items, except
> cryptanalytic products and their related technology, immediately to the
> 15 EU member states and Australia, Czech Republic, Hungary, Japan, New
> Zealand, Norway, Poland and Switzerland without a license (i.e., under
> a license exception). Exports to worldwide offices of firms,
> organizations and governments headquartered in these nations and Canada
> are also permitted. U.S. exporters can ship their products under this
> new policy immediately after submitting a commodity classification
> request to BXA, rather than waiting for the review and classification
> to be completed."
>
> I'm not sure I would say much "red-tape" is involved when (to quote
> from directly above) "U.S. exporters can ship their products under this
> new policy immediately after submitting a commodity classification
> request to BXA, rather than waiting for the review and classification
> to be completed.".
>
> Look even PGP managed to understand the regulations:
> http://www.pgp.com/aboutus/press/pr_template.asp?
> PR=/PressMedia/01202000.asp&Sel=664
>
> *snip*
> > Or copy and paste the pertinent paragraphs here for us.
> >
> > Pretender?
>
> What are you a h4x0r d00d or something? How exactly am I pretending?
>
> The funny thing is that you don't even need to report any open source
> programs... but as we all already know your software and/or attitude is
> obviously very anti open source, and I'm sure if the situation ever
> came to pass, many people here would be more than willing to point this
> out to the BXA.
>
> I really don't know why I'm bothering. To be realistic, who in their
> right mind would download your software _anyway_. Let's be honest
> anyone with know-how is going to spot the warning sign straight away
> (*flash-flash* "Uses no mathematical equations" *flash-flash*) and 'the
> man on the street' is going to be much more eager to use some program
> like PGP which is well-made and user friendly. And not, of course, from
> a 'company' that likes to engage in fraud and legality-dodging.
>
> I mean, come on, does this (http://www.ciphile.com/mainmnu8.jpg) even
> _look_ like a program anyone in their right mind would trust? It looks
> like an end-of-term project for a high school class.
>
> --
> Marcus
> ---
> [ www.cybergoth.cjb.net ] [ alt.gothic.cybergoth ]
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
Continue to spend more of your time posting about something you
know nothing of if it amuses you.
I don't know why you are bothering, either.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
