Cryptography-Digest Digest #188, Volume #13 Sun, 19 Nov 00 13:13:00 EST
Contents:
Re: Mode of operation to maintain input size with block ciphers? (Paul Crowley)
Re: Big-block cipher, perhaps a new cipher family? (Paul Crowley)
Re: Hardening against known plaintext attacks? (Simon Johnson)
Re: Cryptogram Newsletter is off the wall? (Anne & Lynn Wheeler)
Re: Cryptogram Newsletter is off the wall? ("Brian Gladman")
Re: Cryptogram Newsletter is off the wall? ("Brian Gladman")
Re: Cryptogram Newsletter is off the wall? (Simon Johnson)
Re: Cryptogram Newsletter is off the wall? (Tom St Denis)
Re: XOR: A Very useful and important utility to have (Tom St Denis)
Re: Cryptogram Newsletter is off the wall? (Tom St Denis)
Re: XOR: A Very useful and important utility to have (Jim)
Re: Cryptogram Newsletter is off the wall? ("Michael Scott")
Re: Mode of operation to maintain input size with block ciphers? (John Savard)
Re: Cryptogram Newsletter is off the wall? (John Savard)
Re: Cryptogram Newsletter is off the wall? (wtshaw)
----------------------------------------------------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Re: Mode of operation to maintain input size with block ciphers?
Date: Sun, 19 Nov 2000 16:23:01 GMT
Benny Nissen wrote:
>
> Sorry but your URL does not work.
Of course it doesn't - it's a local URL for my local copy! D'oh!
Try
http://www.cluefactory.org.uk/paul/mercy/mercy-paper/bibliography.html
sorry...
--
__
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
From: Paul Crowley <[EMAIL PROTECTED]>
Subject: Re: Big-block cipher, perhaps a new cipher family?
Date: Sun, 19 Nov 2000 16:24:43 GMT
Mok-Kong Shen wrote:
> It is in my (and also some others, I presume) view that
> one need not very sharply distinguish between stream and
> block ciphers.
No, I think it's just you.
--
__
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: Hardening against known plaintext attacks?
Date: Sun, 19 Nov 2000 16:21:55 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Hi.
>
> Would it be possible to make a algorithm that makes
> known plaintext attacks harder?
Known plain-text is used by differential and linear cryptoanalysis to
find the key with less work than a brute-force attack. The way to make
a plain-text harder is clearly to make these attacks harder. Simply
increasing the number of rounds has this affect (in general). If you
want to make a known plain-text attack impossible, simple show that the
number of rounds you have selected for that algorithm requires more
plain-text than exists to break.
>
> I've found indicators with such dynamic constructions
> as stream ciphers with self modifying internals, that
> this may be a VERY hard thing to do.
>
> I've also found out that great emphasis should be taken
> on checking if the key is crap or not before running it
> in the self modification... "thing".
If the key space is linear then this isn't a problem. Though in some
cases weak-keys may exist. If there are not many weak-keys this aint a
problem, and you don't really need to test for them.
> Any comments?
>
> Thanks,
> Glenn
>
> --
> Ichinin (.SE)
> "Anything-over-IP-&-802.11"-Solutions provider.
> ---------------------------------------------------------------
> NOTE: EMAIL ADDRESS IS FOR SPAMMERS, IT WILL BOUNCE REGARDLESS.
>
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Subject: Re: Cryptogram Newsletter is off the wall?
Reply-To: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
From: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
Date: Sun, 19 Nov 2000 16:30:23 GMT
Bruce Schneier <[EMAIL PROTECTED]> writes:
> The mathematics of cryptography, no matter how strong, cannot bridge
> the gap between me and my computer. Because the computer is not
> trusted, I cannot rely on it to show me what it is doing or do what I
> tell it to. Checking the calculation afterwards doesn't help; the
> untrusted computer can't be relied upon to check the calculations
> properly. It wouldn't help to verify the code, because the untrusted
> computer is running the code (and probably doing the verification).
> It wouldn't even help to store the digital signature key in a secure
> module: the module still has to rely on the untrusted computer for
> input and output.
it is likely even more complex ... 3-factor authentication talks about
"something you have", "something you know", & "something you are".
trusted computer can be "something you have" ... tieing intent to a
digital signature probably means more, something like each & ever
digital signature has to carry with it some way of prooving that some
combination of 3-factor authentication was used for each & every
application of that digital signature (including that a "something you
have" trusted computer was used for the actual operation)
--
Anne & Lynn Wheeler | [EMAIL PROTECTED] - http://www.garlic.com/~lynn/
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: Cryptogram Newsletter is off the wall?
Date: Sun, 19 Nov 2000 16:50:29 -0000
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:8v8qsv$eri$[EMAIL PROTECTED]...
[snip]
> I doubt that. In a lot of respects a hand signature involves variables
> in your head that are not known immediately to the attacker. They must
> observe and work on a proper forgery.
It is quite hard to forge an ordinary signature because there are a lot of
physical factors involved, many of which are difficult to reproduce
accurately. On the other hand there is very little to tie a machine made
signature to the person who is alleged to have asked the machine to make it.
There is almost nothing to tie a digital signature to the person who is
alleged to have made it but it is really quite hard to forge an ordinary
signature
>
> I do not doubt that perhaps people are a bit stupid about security and
> get caught doing stupid things (i.e bad passwords, bad software,
> trojan'ed... etc) but when it is done right it can be just as secure.
>
> If I put my signature key on a smartcard and only sign hashes of a
> document the only point of attack is really to send an incorrect hash
> to the smartcard. The signature is still unbroken just
> misrepresentative.
Tell that to the user who has had their bank account cleared out as a result
of what you call a 'misrepresentative' signature.
The plain fact is that 99.99..% of the computer systems that people are
expected to use for digital signatures are completely insecure. And its no
use talking about all sorts of protection that computer knowledgeable people
might deploy since they are close to 0% of the users who are expected to
place their faith in this technology.
This might not matter if the user is not carrying the risk but some on-line
banks are using terms and conditions that make end users liable for the
consequences of such computer systems weaknesses.
Brian Gladman
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Subject: Re: Cryptogram Newsletter is off the wall?
Date: Sun, 19 Nov 2000 16:58:33 -0000
<[EMAIL PROTECTED]> wrote in message
news:8v8jmm$a3p$[EMAIL PROTECTED]...
> There are methods of detecting Trojan horses such as BO etc, BlackIce
> is one good Intrusion Detection Software. I am really surprised that
> Bruce seems to have given up on Trojans. I understood that Bruce
> Schneier has set up a new outfit dealing exclusively with things like
> Intrusion Detection, Security access etc...If he has already given up
> on things like BO well...what is it exactly is he recommending to his
> Clients...
The issue here is not that of the best computer environments we can think of
for making digital signatures but rather that of the security we can expect
from typical computer environments in which such signatures will be made.
And this is pretty poor at the moment.
Brian Gladman
------------------------------
From: Simon Johnson <[EMAIL PROTECTED]>
Subject: Re: Cryptogram Newsletter is off the wall?
Date: Sun, 19 Nov 2000 17:02:42 GMT
In article <[EMAIL PROTECTED]>,
Bruce Schneier <[EMAIL PROTECTED]> wrote:
> For those who do not subscribe to Crypto-Gram, here is my essay:
>
> Why Digital Signatures Are Not Signatures
>
> When first invented in the 1970s, digital signatures made an amazing
> promise: better than a handwritten signature -- unforgeable and
> uncopyable -- on a document. Today, they are a fundamental component
> of business in cyberspace. And numerous laws, state and now federal,
> have codified digital signatures into law.
>
> These laws are a mistake. Digital signatures are not signatures, and
> they can't fulfill their promise. Understanding why requires
> understanding how they work.
>
> The math is complex, but the mechanics are simple. Alice knows a
> secret, called a private key. When she wants to "sign" a document (or
> a message, or any bucket of bits), she performs a mathematical
> calculation using the document and her private key; then she appends
> the results of that calculation -- called the "signature" -- to the
> document. Anyone can "verify" the signature by performing a different
> calculation with the message and Alice's public key, which is publicly
> available. If the verification calculation checks out then Alice must
> have signed the document, because only she knows her own private key.
>
> Mathematically, it works beautifully. Semantically, it fails
> miserably. There's nothing in the description above that constitutes
> signing. In fact, calling whatever Alice creates a "digital
> signature" was probably the most unfortunate nomenclature mistake in
> the history of cryptography.
>
> In law, a signature serves to indicate agreement to, or at least
> acknowledgment of, the document signed. When a judge sees a paper
> document signed by Alice, he knows that Alice held the document in her
> hands, and has reason to believe that Alice read and agreed to the
> words on the document. The signature provides evidence of Alice's
> intentions. (This is a simplification. With a few exceptions, you
> can't take a signed document into court and argue that Alice signed
> it. You have to get Alice to testify that she signed it, or bring
> handwriting experts in and then it's your word against hers. That's
> why notarized signatures are used in many circumstances.)
>
> When the same judge sees a digital signature, he doesn't know anything
> about Alice's intentions. He doesn't know if Alice agreed to the
> document, or even if she ever saw it.
>
> The problem is that while a digital signature authenticates the
> document up to the point of the signing computer, it doesn't
> authenticate the link between that computer and Alice. This is a
> subtle point. For years, I would explain the mathematics of digital
> signatures with sentences like: "The signer computes a digital
> signature of message m by computing m^e mod n." This is complete
> nonsense. I have digitally signed thousands of electronic documents,
> and I have never computed m^e mod n in my entire life. My computer
> makes that calculation. I am not signing anything; my computer is.
>
> PGP is a good example. This e-mail security program lets me digitally
> sign my messages. The user interface is simple: when I want to sign a
> message I select the appropriate menu item, enter my passphrase into a
> dialog box, and click "OK." The program decrypts the private key with
> the passphrase, and then calculates the digital signature and appends
> it to my e-mail. Whether I like it or not, it is a complete article
> of faith on my part that PGP calculates a valid digital signature. It
> is an article of faith that PGP signs the message I intend it to. It
> is an article of faith that PGP doesn't ship a copy of my private key
> to someone else, who can then sign whatever he wants in my name.
>
> I don't mean to malign PGP. It's a good program, and if it is working
> properly it will indeed sign what I intended to sign. But someone
> could easily write a rogue version of the program that displays one
> message on the screen and signs another. Someone could write a Back
> Orifice plug-in that captures my private key and signs documents
> without my consent or knowledge. We've already seen one computer
> virus that attempts to steal PGP private keys; nastier variants are
> certainly possible.
>
> The mathematics of cryptography, no matter how strong, cannot bridge
> the gap between me and my computer. Because the computer is not
> trusted, I cannot rely on it to show me what it is doing or do what I
> tell it to. Checking the calculation afterwards doesn't help; the
> untrusted computer can't be relied upon to check the calculations
> properly. It wouldn't help to verify the code, because the untrusted
> computer is running the code (and probably doing the verification).
> It wouldn't even help to store the digital signature key in a secure
> module: the module still has to rely on the untrusted computer for
> input and output.
>
> None of this bodes well for digital signatures. Imagine Alice in
> court, answering questions about a document she signed. "I never saw
> it," she says. "Yes, the mathematics does prove that my private key
> signed the document, but I never saw it." And then an expert witness
> like myself is called to the stand, who explains to the judge that it
> is possible that Alice never saw the document, that programs can be
> written to sign documents without Alice's knowledge, and that Alice's
> digital signature doesn't really mean anything about Alice's
> intentions.
>
> Solving this problem requires a trusted signing computer. If Alice
> had a small hand-held computer, with its own screen and keyboard, she
> could view documents on that screen and sign them with that keyboard.
> As long as the signing computer is trusted, her signatures are
> trusted. (But problems remain. Viewing a Microsoft Word document,
> for example, generally involves the very software most responsible for
> welcoming a virus into the computer.) In this case we're no longer
> relying on the mathematics for security, but instead the hardware and
> software security of that trusted computer.
>
> This is not to say that digital signatures are useless. There are
> many instances where the insecurities discussed here are not relevant,
> or where the dollar value of the signatures is small enough not to
> warrant worrying about them. There are also instances where
> authenticating to the signing computer is good enough, and where no
> further authentication is required. And there are instances where
> real-world relationships can obviate the legal requirements that
> digital signatures have been asked to satisfy.
>
> Digital signatures prove, mathematically, that a secret value known as
> the private key was present in a computer at the time Alice's
> signature was calculated. It is a small step from that to assume that
> Alice entered that key into the computer at the time of signing. But
> it is a much larger step to assume that Alice intended a particular
> document to be signed. And without a tamperproof computer trusted by
> Alice, you can expect "digital signature experts" to show up in court
> contesting a lot of digital signatures.
>
> Comments on the new federal digital signature law:
> <http://www4.zdnet.com:80/intweek/stories/news/0,4164,2635346,00.html>
> (multipage, don't miss the others)
> <http://www4.zdnet.com:80/intweek/stories/news/0,4164,2634368,00.html>
>
<http://www.infoworld.com:80/articles/hn/xml/00/10/02/001002hnesign.xml>
> <http://www.pioneerplanet.com/tech/tcv_docs/028992.htm>
>
> A survey of laws in various states and countries:
> <http://rechten.kub.nl/simone/DS-LAWSU.HTM>
>
> **********************************************************************
> Bruce Schneier, Counterpane Internet Security, Inc. Tel: 408-556-2401
> 3031 Tisch Way, Suite 100PE, San Jose, CA 95128 Fax: 408-556-0889
> Free crypto newsletter. See: http://www.counterpane.com
>
It appears Tom and Bruce were talking about the different sides of the
same coin.
--
Hi, i'm the signuture virus,
help me spread by copying me into Signiture File
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Cryptogram Newsletter is off the wall?
Date: Sun, 19 Nov 2000 17:02:12 GMT
In article <[EMAIL PROTECTED]>,
Bruce Schneier <[EMAIL PROTECTED]> wrote:
> On Sat, 18 Nov 2000 21:23:10 GMT, Tom St Denis <[EMAIL PROTECTED]>
> wrote:
>
> >I think when a digital signature is done properly it can be just as
> >semantically secure as a real signature.
>
> Lots of things are secure when done properly; this is why so many
> security products are completely insecure. The job of the good
> security engineer is to imagine how things could not work properly,
> and to prepare for those eventualities.
Agreed.
Then why did you condem digital signatures? Or was it only a
particular subset of implementations you were referring to?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.hacker,alt.computer
Subject: Re: XOR: A Very useful and important utility to have
Date: Sun, 19 Nov 2000 17:04:18 GMT
In article <8v8si0$g2j$[EMAIL PROTECTED]>,
Simon Johnson <[EMAIL PROTECTED]> wrote:
> Moral of the story: USE AN AES IMPLEMENTATION FOR SECURITY.
This means anything that uses AES is secure?
Moral of the story: Get security right!
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: Cryptogram Newsletter is off the wall?
Date: Sun, 19 Nov 2000 17:06:54 GMT
In article <MqTR5.975$17.26756@stones>,
"Brian Gladman" <[EMAIL PROTECTED]> wrote:
> "Tom St Denis" <[EMAIL PROTECTED]> wrote in message
> news:8v8qsv$eri$[EMAIL PROTECTED]...
>
> [snip]
> > I doubt that. In a lot of respects a hand signature involves
variables
> > in your head that are not known immediately to the attacker. They
must
> > observe and work on a proper forgery.
>
> It is quite hard to forge an ordinary signature because there are a
lot of
> physical factors involved, many of which are difficult to reproduce
> accurately. On the other hand there is very little to tie a machine
made
> signature to the person who is alleged to have asked the machine to
make it.
>
> There is almost nothing to tie a digital signature to the person who
is
> alleged to have made it but it is really quite hard to forge an
ordinary
> signature
Ok if digital signatures are so bad why not sign your original post
with my public key off my website?
> > I do not doubt that perhaps people are a bit stupid about security
and
> > get caught doing stupid things (i.e bad passwords, bad software,
> > trojan'ed... etc) but when it is done right it can be just as
secure.
> >
> > If I put my signature key on a smartcard and only sign hashes of a
> > document the only point of attack is really to send an incorrect
hash
> > to the smartcard. The signature is still unbroken just
> > misrepresentative.
>
> Tell that to the user who has had their bank account cleared out as a
result
> of what you call a 'misrepresentative' signature.
What if I just walked into a real bank and faked your signature?
> The plain fact is that 99.99..% of the computer systems that people
are
> expected to use for digital signatures are completely insecure. And
its no
> use talking about all sorts of protection that computer knowledgeable
people
> might deploy since they are close to 0% of the users who are expected
to
> place their faith in this technology.
See above. (Note: My counterexample is very real!)
Tom
http://www.geocities.com/tomstdenis/
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Jim)
Crossposted-To: talk.politics.crypto,alt.hacker,alt.computer
Subject: Re: XOR: A Very useful and important utility to have
Reply-To: Jim
Date: Sun, 19 Nov 2000 17:26:48 GMT
On Sat, 18 Nov 2000 20:55:57 -0800, Anthony Stephen Szopa
<[EMAIL PROTECTED]> wrote:
>XOR: A Very useful and important utility to have
>
>A few people in this news group said any XOR program is less than
>useless.
>
>If a person has available random number files, an XOR program gives
>you the capability to XOR (encrypt) data.
>
>You really don't need a fancy encryption program. Just random
>numbers in a file and an XOR program.
>
>Many people say one encryption program is really great or this
>other one is really great, etc.
>
>But many people also question just exactly how secure one or the
>other really is.
>
>If a person has available a few random number generators or can
>generate random numbers from a few encryption programs they can
>combine shuffling several random number files from several of these
>different sources together and create a very secure collection of
>random number files to be used with a simple XOR program to encrypt
>data.
===============%<=======================
You are describing a one-time-pad. But you should also point out
that distributing and cancelling key, particularly where more than
one correspondent is involved, is a huge headache!
This little problem makes one-time-pad rather useless in practice!
--
______________________________
Posted by Jim Dunnett
dynastic at cwcom.net
nordland at lineone.net
------------------------------
From: "Michael Scott" <[EMAIL PROTECTED]>
Subject: Re: Cryptogram Newsletter is off the wall?
Date: Sun, 19 Nov 2000 17:42:35 -0000
I wonder sometimes if Rivest Shamir & Adleman and the other inventors of
public key cryptography regret bestowing the name "Digital Signature" on the
nice mathematical duality implicit in the RSA scheme.
>From the start Digital Sealing was a better term, and indeed that analogy is
widely used. The Seal is a device that we own, but its not part of us like a
written signature is.
Of course Seals have been used successfully for years, particularly in China
where "signature sticks" were widely used by the general population. Forgery
and theft was always possible, but stiff penalties (like death) helped make
this rare. In the west seals were only really used by important companies
and individuals, not by the general populace. The same might well happen to
Digital signature.
The problem is that a Seal is usually a big heavy permanent physical thing.
Digital signature depends on what may well prove to be transient technology.
I think it unlikely that any court could hold me to something with my
digital signature on it, associated with one of my many X.509 certificates,
in 20 years time.
Mike Scott
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Mode of operation to maintain input size with block ciphers?
Date: Sun, 19 Nov 2000 17:26:43 GMT
On Sun, 19 Nov 2000 11:33:41 +0100, "Benny Nissen"
<[EMAIL PROTECTED]> wrote, in part:
>Is there a mode of operation where I can maintain the size in all cases
>(input/output). I know that CFB mode can be used, but with this mode a new
>IV need to be generated each time to maintain security. I am looking for a
>way to maintain the size at all times and without the need to make a new IV
>(a fixed one is OK).
http://home.ecn.ab.ca/~jsavard/crypto/mi060706.htm
discusses one such mode. Although I think that a patent covers it,
I've been told that it was used before in the program Secure File
System (like Scramdisk, but works under DOS). But I tried checking
that, and I couldn't find what was referred to in the documentation.
>I have heard about a method called byte stealing, but I do not know what it
>is all about!
Ciphertext stealing is described in "Terminating Block Cipher Use" on
this page:
http://home.ecn.ab.ca/~jsavard/crypto/mi060303.htm
Thus, these two references on my web page may help answer some of your
questions.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Cryptogram Newsletter is off the wall?
Date: Sun, 19 Nov 2000 17:39:45 GMT
On Sun, 19 Nov 2000 09:39:24 -0600, Bruce Schneier
<[EMAIL PROTECTED]> wrote, in part:
>And without a tamperproof computer trusted by
>Alice, you can expect "digital signature experts" to show up in court
>contesting a lot of digital signatures.
Of course, a law that makes digital signatures "legal" presumably is
intended to disallow all such challenges.
For example, in Canada, the laws enacted by the Federal government -
which include the criminal code - exist in both French and English
versions. A law making both equally valid forbids lawyers from
referring to the version of any law in the other language from the one
used at the trial for the purpose of determining what the law says or
means.
Such laws, of course, have a great potential to cause injustice.
Perhaps it will take tragic injustices caused by such a law to get
people to take computer security seriously.
I saw a claim recently that a cleaning woman was sentenced to jail for
15 years because she picked up, and glanced at, a parcel discarded
that turned out to contain drugs - and this because the judge
*refused* to apply the mandatory minimum sentencing law of the state
in which this happened! Apparently, laws with such a potential to
cause injustice were enacted because of constitutionality problems
with laws that better targeted the truly guilty. We have an analogous
problem now in Canada, although our legislators have not acted upon it
in the same way, because the courts have found unconstitutional all
cases where the law reverses the normal burden of proof.
Thus, it appears that even injustice does not strongly motivate people
if they also suffer from fear - and naturally, they do feel a great
deal of fear, because of the serious crime problems which now exist,
partly fuelled by drugs.
Of course, I'm a radical. I would like to see _mens rea_ an *absolute*
requirement before the courts could even issue a five dollar fine.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Cryptogram Newsletter is off the wall?
Date: Sun, 19 Nov 2000 11:23:16 -0600
In article <8v6o3d$146$[EMAIL PROTECTED]>, Simon Johnson
<[EMAIL PROTECTED]> wrote:
> >
> yeah, at the end of the day, all the cryptography in the universe won't
> save you from a trojan. If some one manages to get BO2k, Netbus, Sub7
> etc on your machine then its all over.
>
> This attack is clearly more deadly than any mathematical attack, and
> takes a trivial effort to implement. Infact, a real life story proves
> how EASY this is.
>
These attacks are based on insecure configuration and system
vulnerablity. Better is to use a locked system that cannot be changed
from the outside, like available directly from a locked disk or CDROM.
At least on the Mac, a loaded CD or inserted disk will usurp any other
source. All depends on building a pristine backup. Curruption would not
be easy at all. Check the alternative to what you probably have and work
toward getting something like it to work in the jungle environment.
--
Pangram: Move zingy, jinxed products; hawk benign quality fixes.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
