Cryptography-Digest Digest #138, Volume #13 Fri, 10 Nov 00 19:13:00 EST
Contents:
Re: End to end encryption in GSM (Marc)
Re: End to end encryption in GSM (Marc)
Re: Photons, polarization and quantum crypto ("Dirk Bruere")
Re: voting through pgp (John Myre)
Re: voting through pgp (David Schwartz)
Independent :CueCat Driver for Win2k/Me/98 ([EMAIL PROTECTED])
Re: The Freedom to Communicate the Power to Protect ("Kristopher Johnson")
Re: voting through pgp ("Kristopher Johnson")
Re: MY BANANA REPUBLIC ("CMan")
Re: voting through pgp ([EMAIL PROTECTED])
Re: voting through pgp (David Crick)
Re: voting through pgp (David Wagner)
Re: voting through pgp (David Wagner)
Re: voting through pgp (David Schwartz)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Marc)
Crossposted-To: alt.cellular.gsm
Subject: Re: End to end encryption in GSM
Date: 10 Nov 2000 22:14:09 GMT
>I suspect that the encryption provided is not that secure, i.e. the
>conversation could still be eavesdropped, as the encryption scheme can't
>be that powerful, given the data rate limitations (max. 9.6 or 14
>Kbit/s).
Security of encrypted comm is not related to data rate. I can create
a 64 bit block that is virtually impossible to crack, and send it
to you at a 1 bit per day rate.
------------------------------
From: [EMAIL PROTECTED] (Marc)
Crossposted-To: alt.cellular.gsm
Subject: Re: End to end encryption in GSM
Date: 10 Nov 2000 22:14:16 GMT
>Does this scheme of yours work without modifying the switching equipment
>at the service providers facility.
I see no reason why it should not. The GSM vocoder introduces big
loss of voice quality. This should be reason enough for providers
to hand-through the frames untouched whereever possible.
------------------------------
From: "Dirk Bruere" <[EMAIL PROTECTED]>
Crossposted-To: sci.optics,sci.physics
Subject: Re: Photons, polarization and quantum crypto
Date: Fri, 10 Nov 2000 22:22:28 -0000
<[EMAIL PROTECTED]> wrote in message news:8uhnb1$k7a$[EMAIL PROTECTED]...
> Hi Paul,
>
> Thanks very much for the input. It appears that my understanding of QM
> is even more incomplete than I had thought. But ...
Take a look at this:
http://matu1.math.auckland.ac.nz/~king/Preprints/book/quantcos/qnonloc/qnonl
oc.htm
Dirk
> In article <zeYO5.2013$[EMAIL PROTECTED]>,
> "Paul Lutus" <[EMAIL PROTECTED]> wrote:
> > <[EMAIL PROTECTED]> wrote in message
> news:8uhgt6$efb$[EMAIL PROTECTED]...
> >
> > > During this interaction, a torque is imparted on the plate in order
> to
> > > preserve angular momentum. Now, this torque may be vanishingly
> small,
> > > but *hypothetically* I propose that it could be measured.
> Furthermore,
> > > the magnitude of this torque would be proportional to the angle
> between
> > > the photon polarization. Thus, one could know, certainly to within
> 90
> > > degrees, what the state of the photon was just prior to entering the
> > > plate.
> >
> > You managed to miss the point of the original text. If you observe the
> > photon sufficiently to make this statement about it, you have
> collapsed its
> > wave function and this eavesdropping can be detected.
> >
> > To say it simply, if you find out what state the photon has, you have
> > harvested the photon -- its wave function has collapsed.
>
> I would have to say that "within the text", the simplified explanation
> describes only 4 possible directions of the linearly polarized photon,
> basically equally spaced at 45 degrees. Vertical, horizontal, 45 left,
> 45 right. This is by choice of the sender, at least as it is described,
> not suggesting that only these states can exist. (Sorry, I had suggested
> an eavesdropper need only determine the polarization state to within 90
> degrees before.)
>
> The eavesdropper was described as trying to use a linear polarizer to
> determine the state. (With no comment about a detector!) Neglecting that
> for a moment, the possibilities were described as: 1) Guessing right and
> having the LP parallel to the photon. The photon passes through. 2)
> Guessing wrong and having the LP at +/- 45 degrees to the photon, then
> having equal probability of the photon passing through or not. This
> leave the eavesdropper in doubt. 3) Guessing wrong and having the LP
> perpendicular to the photon, thus blocking it, but still knowing its
> state.
>
> My suggestion about the half-wave plate was 1) It gave you a
> hypothetical actual detection means 2) you did not have to determine the
> state exactly, just to within some large error. (Again, I meant <22.5
> degrees, not 90.) My thinking (perhaps incorrectly as you suggest) is
> that because you do not try to determine the exact polarization
> direction, the Uncertainty Principle leaves you some room for letting
> the photon continue to exist. Here my ignorance may be blazing.
>
>
> >
> > > Following the first half-wave plate would be another, identically
> > > aligned half-wave plate. This would then reverse the effects of the
> > > first plate, leaving the photon in its initial state, or at least
> very
> > > close to its intitial state.
> >
> > "Very close" isn't good enough. You've detected the photon's state.
> This is
> > like trying to detect which slit the single photon goes through in the
> > classic two-slit experiment -- the detection prevents the effect to be
> > measured.
>
> Ah, but here there are only two conditions that *can* exist, slit 1 or
> slit 2. What I suggest is that the direction of photon polarization can
> be anything, and the eavesdropper is only trying to determine what it is
> to within <22.5 degrees. Unless, of course, that by virtue of the sender
> *choosing* only 1 of four possible states the wavefunction must collapse
> once one of those four is determined. Is this the case?
>
> Spencer
>
> Spencer Luster, Owner
> Light Works -- Creative Optical Devices
> 333 N. 14th Street
> Toledo, OH 43624
> Phone: 419-534-3718
> FAX: 419-534-3717
> e-mail: [EMAIL PROTECTED]
> http://www.LW4U.com
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: voting through pgp
Date: Fri, 10 Nov 2000 15:23:13 -0700
That PGP would allow votes to be coerced through guns pointed
at the backs of voters heads is, at best, irrelevant. It just
won't happen, at least not frequently enough to matter.
The anonymity issue, on the other hand, I regard as serious.
It would be hard to trust that only a computer ever sees the
decrypted ballot, particularly since it would then be impossible
to audit the result. (We could perhaps audit the source code
of the program, but that isn't the same thing.)
There is no cryptographic or social reason why voting from
home couldn't be supported. Once a good protocol is chosen,
it could be implemented in as many places as necessary. I
agree that this hasn't happened yet, but it certainly could.
JM
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: voting through pgp
Date: Fri, 10 Nov 2000 14:38:36 -0800
[EMAIL PROTECTED] wrote:
>
> In article <ydXO5.191030$[EMAIL PROTECTED]>,
> "binary digit" <[EMAIL PROTECTED]> wrote:
>
> Your proposal blatantly ignores one very important factor in the US
> style voting. If we allow people to vote from wherever they choose, we
> run a very distinct risk of a person with a gun pointed to the back of
> someone else's head swaying the vote. How many people do you _really_
> think would vote their conscience with a gun at the back of their head?
That's actually trivial to fix. One possible way to fix it is to
include a 'serial number' in the vote. A vote from the same person with
a higher serial number erases the previous vote. A vote with a zero
serial number takes precedence over a prior vote with the lowest serial
number. Since an attacker wouldn't know the previous or future serial
numbers I voted with or might vote with in the future, he can't assure
that the vote he coerces me into making is the one that gets counted.
DS
------------------------------
From: [EMAIL PROTECTED]
Subject: Independent :CueCat Driver for Win2k/Me/98
Date: Fri, 10 Nov 2000 23:15:43 GMT
_Independent :CueCat Driver for Windows 2k/Me_
Transform your CueCat into a standard barcode scanner. Encryption is
broken.
Replace the software that is packaged with your :CueCat handheld
optical barcode scanner by using this keyboard filter driver instead.
Protect your privacy and enable your device.
This Windows Driver Model (WDM) Driver sits on top of the keyboard
stack and filters requests from the scanner and decrypts the output.
It does not replace your standard keyboard driver, it just augments
it. The current version of this driver will transform your device into
a standard barcode reader (it does not launch a webbrower, nor
reference the codes through Digital Convergence's database to get the
matching URL). It will soon though.
Enjoy,
Shawn C. Reimerdes
Homepage: http://CueCatastrophe.com
Download Driver:
http://CueCatastrophe.com/driver/Your_CueCat_Driver_0.91_Win2kMe.zip
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Kristopher Johnson" <[EMAIL PROTECTED]>
Subject: Re: The Freedom to Communicate the Power to Protect
Date: Fri, 10 Nov 2000 23:23:06 GMT
>From the FAQ:
"Q: What user authentication methods are available?
A: e-OPI supports the following authentication methods:
- Pass-phrase
- Group Member Authentication (a definable group of people)
- Member of NT Domain/LDAP Group Member Authentication
- A Specific user authenticated against NT/LDAP logon
- PKI/Digital Certificate
The NT/LDAP authentication methods require Microsoft's ADSI be installed.
This is available from the Microsoft website and is pre-loaded into Windows
2000.
PKI support requires that the Entrust PKI engine is installed on each
machine
Q: As a system administrator what do I need to know about protection?
A: Key points are:
- Uses 448 bit Blowfish encryption (very secure)
- Supports document recovery
- There is a freely distributable version at www.e-OPI.com
- A protected document can only be viewed in approved applications
- NTP is used for some of its more secure date authentication methods. This
will require that either you have an NTP server or you allow NTP request
completion with your firewall software.
"
I'd bet the "document recovery" mechanism is a good target for hackery. Do
Microsoft's NT/LDAP security or ADSI have any known holes?
-- Kris
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:8uhmsu$jpf$[EMAIL PROTECTED]...
> In article <8uhjmc$h3s$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > http://www.winvista.com
> >
> > Electronic Officedocument Protection Interface� from WinVista�
> > represents the next generation of enterprise content protection,
> > providing a range of author-configured controls that stay with a
> > document throughout the information lifecycle, from composition to
> > distribution to iteration and propagation to termination.
>
>
> And who is going to post the first hack of WinVista?
>
> Tom
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: "Kristopher Johnson" <[EMAIL PROTECTED]>
Subject: Re: voting through pgp
Date: Fri, 10 Nov 2000 23:24:47 GMT
If people can't figure out butterfly ballots, what hope is there that
they'll be able to use PGP intelligently?
-- Kris
"binary digit" <[EMAIL PROTECTED]> wrote in message
news:ydXO5.191030$[EMAIL PROTECTED]...
> Imagine if everyone had pgp in the world and voted through pgp, every
single
> vote could be verrified and everyone would be happy, and there wouldnt be
> this problem that is going on now in florida
>
>
------------------------------
From: "CMan" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto
Subject: Re: MY BANANA REPUBLIC
Date: Fri, 10 Nov 2000 16:37:43 -0700
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> For those of you not in the US let my explain.
> The Clinton machine has decided to make GORE president.
> Many elctions in my country are rigged. Chicago Daly city
> is famous for having rigged elections. They use to have
> a saying. In chicago the dead not only vote they vote
> many times.
> Apparently they
> didn't stuff enough ballots in FLorida. They obviously
> added or exchanged more ballots in the last recount. But
> You can bet your sweet ass the longer it takes to recount
> the democrats will perfect the stuffing until Gore wins.
> Cheating is a way of government in my country. But we have
> the balls to tell everyone else how to run an election. By the
> way the democrats desinged the ballot there bitching about.
> THe next recount if necessary will be desinged to give it
> to GORE.
>
> David A. Scott
> --
> SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
> http://www.jim.com/jamesd/Kong/scott19u.zip
> Scott famous encryption website **now all allowed**
> http://members.xoom.com/ecil/index.htm
> Scott LATEST UPDATED source for scott*u.zip
> http://radiusnet.net/crypto/ then look for
> sub directory scott after pressing CRYPTO
> Scott famous Compression Page
> http://members.xoom.com/ecil/compress.htm
> **NOTE EMAIL address is for SPAMERS***
> I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: voting through pgp
Date: Fri, 10 Nov 2000 23:29:24 GMT
In article <[EMAIL PROTECTED]>,
John Myre <[EMAIL PROTECTED]> wrote:
>
> That PGP would allow votes to be coerced through guns pointed
> at the backs of voters heads is, at best, irrelevant. It just
> won't happen, at least not frequently enough to matter.
And how many guns against heads would it have taken to sway the vote in
Florida this time around? In elections where there is very significant
vote differences (i.e. 1996 Clinton vs Dole) it would take a large
quantity of guns. But in a race as tight as the current, or as tight as
Kennedy/Nixon every gun matters.
[snip agreement on anonymity problem]
> There is no cryptographic or social reason why voting from
> home couldn't be supported. Once a good protocol is chosen,
> it could be implemented in as many places as necessary. I
> agree that this hasn't happened yet, but it certainly could.
It's an ease of coercion problem, right now to directly influence the
vote of a person, I need to without being noticed enter the voting
booth with that person, or verify their ballot before it enters the
box. Two very visible things, both to the people waiting to vote, and
to the people observing the process to gaurentee that these things
don't happen. To gaurentee the same from home would require trusting
1/2 the population to not sway the vote with their presence, and then
trust the other half while the first half votes. We cannot grant this
level of trust in our society. Additionally the protocol itself can
cause problems simply through direct denial of service, if I snip the
wires leading from your computer (aka voting booth) and make sure they
stay snipped for the entire election day, I have effectively coerced
your vote through denial. I can do this to enter segments of society by
blowing up a single phone building, and under our laws those people
should not be allowed to vote once their system is online. They can't
be able to vote from someone else's computer because of the coercion
factor.
For the sake of security, we need a centralized location where votes
are made, where a small number of people are trusted. Home voting is
far from this, and should be restricted to those individuals who
require the home vote ability in order to effectively vote (i.e. those
people who are physically unable to leave their residence). I see no
reason that the centralized location can't use electronic voting, but
the ability to forcibly change even one vote can sway an election, and
cannot be tolerated.
Joe
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: David Crick <[EMAIL PROTECTED]>
Subject: Re: voting through pgp
Date: Fri, 10 Nov 2000 23:41:40 +0000
Kristopher Johnson wrote:
>
> If people can't figure out butterfly ballots,
This is chaos theory, right?
;)
--
+-------------------------------------------------------------------+
| David A Crick <[EMAIL PROTECTED]> PGP: (NOV-2000 KEY) 0x710254FA |
| Damon Hill Tribute Site: http://www.geocities.com/MotorCity/4236/ |
| M. Brundle Quotes: http://members.tripod.com/~vidcad/martin_b.htm |
+-------------------------------------------------------------------+
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: voting through pgp
Date: 10 Nov 2000 23:41:56 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
John Myre wrote:
>There is no cryptographic or social reason why voting from
>home couldn't be supported.
I disagree on both counts.
For cryptographic and security reasons, see the recent California report
on online voting. It really does an excellent job of making the case
that we should go slow on voting in the home; they argue that the risks
are fundamentally different when the voting equipment is not under the
control of the election authorities.
For social reasons, it occurs to me that many people might vote
differently if their vote was at risk of becoming known to family members
(as is inevitably the case when voting with your home PC).
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: voting through pgp
Date: 10 Nov 2000 23:46:09 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
David Schwartz wrote:
> That's actually trivial to fix. One possible way to fix it is to
>include a 'serial number' in the vote. A vote from the same person with
>a higher serial number erases the previous vote. A vote with a zero
>serial number takes precedence over a prior vote with the lowest serial
>number. Since an attacker wouldn't know the previous or future serial
>numbers I voted with or might vote with in the future, he can't assure
>that the vote he coerces me into making is the one that gets counted.
On the other hand, this "fix" introduces new risks.
What if someone gets ahold of my voter authentication information and
votes under my name _after_ I have already voted? Of course, my vote
won't be counted; his will. And, thanks to the anonymity protection,
I will have no way of knowing that this occurred. This puts a lot of
trust in the authentication mechanism.
Compare to today's voting system, where there is very little
authentication of voters, but if someone else votes under your name
before show up at the polls, you'll know to scream bloody murder when you
are refused a ballot. And after you've voted, you are absolutely safe,
because noone else can vote under your name once it has been marked down
in the register as "he has voted already today".
The property of being able to _detect_ widespread voting fraud is very
important, and should not be eliminated without very serious consideration.
------------------------------
From: David Schwartz <[EMAIL PROTECTED]>
Subject: Re: voting through pgp
Date: Fri, 10 Nov 2000 15:52:34 -0800
David Wagner wrote:
> On the other hand, this "fix" introduces new risks.
Nope, no risks that weren't already there.
> What if someone gets ahold of my voter authentication information and
> votes under my name _after_ I have already voted? Of course, my vote
> won't be counted; his will. And, thanks to the anonymity protection,
> I will have no way of knowing that this occurred. This puts a lot of
> trust in the authentication mechanism.
The same is true if you don't use this scheme and do a 'first vote
wins' scheme. In that case, if he votes first, his vote will count too.
> Compare to today's voting system, where there is very little
> authentication of voters, but if someone else votes under your name
> before show up at the polls, you'll know to scream bloody murder when you
> are refused a ballot. And after you've voted, you are absolutely safe,
> because noone else can vote under your name once it has been marked down
> in the register as "he has voted already today".
> The property of being able to _detect_ widespread voting fraud is very
> important, and should not be eliminated without very serious consideration.
Absolutely! However, the scheme I suggested neither makes this easier
nor harder. The two questions are completely orthogonal.
Perhaps, for example, there could be a period after the polls close but
before the results are released wherein people could query their votes
and compare them to what they believe they voted. If there's a mismatch,
they would have to go to some polling center and scream bloody murder.
The problem is how to make votes both anonymous and auditable. But,
again, that's a totally different issue.
DS
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
