Cryptography-Digest Digest #500, Volume #13 Fri, 19 Jan 01 15:13:00 EST
Contents:
Random oracle proofs (was Re: Comparison of ECDLP vs. DLP) (Kenneth Almquist)
Re: Comparison of ECDLP vs. DLP (DJohn37050)
Re: Why Microsoft's Product Activation Stinks ("Aaron R. Kulkis")
Re: Why Microsoft's Product Activation Stinks ("Aaron R. Kulkis")
Re: Why Microsoft's Product Activation Stinks ("Aaron R. Kulkis")
Re: Why Microsoft's Product Activation Stinks ("Aaron R. Kulkis")
Re: Why Microsoft's Product Activation Stinks ("Aaron R. Kulkis")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Kenneth Almquist)
Subject: Random oracle proofs (was Re: Comparison of ECDLP vs. DLP)
Date: 19 Jan 2001 19:21:19 GMT
David Hopwood <[EMAIL PROTECTED]> wrote:
> As an example to show the difference, consider the following Message
> Authentication Code:
>
> MAC_K(M) =3D H(K || M)
>
> This is provably secure when H is assumed to be a random oracle.
> However, it is well-known to be insecure when H is instantiated as
> any Merkle-Damgard hash function (see Applied Crypto 2nd ed.
> Section 18.14, page 458). The attack is that the output of H(K || M)
> can be used as the initial chaining variable to find the MAC of a
> message that starts with pad(M), where 'pad' is the padding function
> for H.
>
> There are several possible ways of interpreting this:
> 1. SHA-1, SHA-256/384/512, RIPEMD-160, Tiger, and all other
> Merkle-Damgard hash functions are flawed.
I'd say that they are flawed.
By way of analogy, if a block cipher can be broken using a related key
attack, most people would consider that to be a flaw. In most cases,
if the system designer is aware that a block cipher is vulnerable to a
specific related key attack, the system designer can find a design
that protects the cipher from that particular attack. So a related
key attack does not significantly limit the applicability of a block
cipher. What it does do is to force the system designer to address
the possibility of related key attacks and prevent them. As a user of
cryptographic primitives, I would much rather have the designers of
the primitives do the hard work of making the primitives strong, so
I don't have to worry about working around the weaknesses in them.
> 2. The random oracle model is flawed.
There are several things we want from a model of a cryptographic
primitive:
1) The model should be simple, straightforward, and easy to apply.
I'd have to work with the random oracle model for a while to
see how well it does on this score, but at a first glance it
seems to do pretty well on this score.
2) It should be possible to efficiently implement approximations
to the model which are good enough that security proofs using
the model are convincing.
I can see no reason why a cryptographic hash function which
attempts to model a random oracle should be significantly
slower than a Merkle-Damgard hash function. For example,
consider a variant of the Merkle-Damgard design in which the
compression function takes two additional bits of input--one
indicating whether the block being compressed is the first
block of the input, and another indicating whether the block
being compressed is the last block of the input. This would
defeat the attack you describe, and only increase the complexity
of the hash function slightly.
3) Algorithms which aproximate the model should be available "off
the shelf." The random oracle model falls down here, but that
could change over time.
> 3. Merkle-Damgard hashes should not be used to instantiate random
> oracles with variable length inputs that are not prefix-free.
They shouldn't--but who wants to worry about rules like this? That
is why I would like to see the cryptographic community develop hash
functions that are not (known to be) vulnerable to any attacks.
> 4. The random oracle model is inappropriate for modelling symmetric
> schemes, because the RO assumption trivially implies most
> results about symmetric schemes that we would want to prove (i.e.
> we are basically assuming the result).
It's *good* if the correctness of a scheme is trivially self-evident;
any time you deal with something that's nontivial you risk getting it
wrong. So, assuming that we can in fact build hash algorithms that
can be modelled as random oracles, we should do so.
Kenneth Almquist
------------------------------
From: [EMAIL PROTECTED] (DJohn37050)
Date: 19 Jan 2001 19:53:57 GMT
Subject: Re: Comparison of ECDLP vs. DLP
Splaat23 wrote that he thought that a well-designed RSA ownership test would be
sufficient.
This is obviously not true when considering an active adversary. Just make up
an key that looks like an RSA key but is easy to invert, in the toy example,
let the modulus n be prime. Any test can be done by the owner, as he can
certainly invert it, but anyone else can also invert this key.
My beliefs are that POP and PKV are best thought of as indenpendent and
complementary. Both are useful. But the fact that some POP test MIGHT give
some PKV fuzzies is not enough. If you want PKV, you should really try to do
PKV, that is, check the components for arithmetic validity.
Both POP and PKV are tools, both are valid and useful. For DL/ECC POP and PKV
separate cleanly, for RSA, perhaps it is not as clean to separate them, I am
not sure what this means, except that the RSA sandbox (group info) must remain
a secret while for DL/ECC it is public. I do agree that RSA POP does provide
SOME assurance of RSA PKV, just that it is partial.
Don Johnson
------------------------------
From: "Aaron R. Kulkis" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Date: Fri, 19 Jan 2001 14:58:10 -0500
zapzing wrote:
>
> In article <[EMAIL PROTECTED]>,
> "buddy_holly" <[EMAIL PROTECTED]> wrote:
> > here are some good free PC operating systems:
> > (you can burn these ISO images with most cd-r software and a cd
> burner)
> >
> > Red Hat Linux 7.0:
> > ftp://ftp.redhat.com/pub/redhat/current/i386/iso/7.0-respin-disc1.iso
> > ftp://ftp.redhat.com/pub/redhat/current/i386/iso/7.0-respin-disc2.iso
> >
> > FreeBSD 4.2:
> >
> ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/ISO-IMAGES/4.2-install.i
> so
> >
>
> Most people. like me, won't want to deal
> with the installation hassles of Linux, so
> the danger remains that a national crisis
> could be made much worse by MS's Product
> Activation scheme.
Linux is EASIER to install than windows.
Boot up the install program...it installs ALL of your hardware drivers
in one pass...AND about 1,500 applications.
all that with ONE reboot.
Doing the equivalent on Windows would take you over a month.
>
> In the past, the FedGov has required
> private companies to come up with plans
> just in case of a national emergency, and
> MS might have to do the same as regards
> Product activation.
>
> --
> Void where prohibited by law.
>
> Sent via Deja.com
> http://www.deja.com/
--
Aaron R. Kulkis
Unix Systems Engineer
DNRC Minister of all I survey
ICQ # 3056642
H: "Having found not one single carbon monoxide leak on the entire
premises, it is my belief, and Willard concurs, that the reason
you folks feel listless and disoriented is simply because
you are lazy, stupid people"
I: Loren Petrich's 2-week stubborn refusal to respond to the
challenge to describe even one philosophical difference
between himself and the communists demonstrates that, in fact,
Loren Petrich is a COMMUNIST ***hole
J: Other knee_jerk reactionaries: billh, david casey, redc1c4,
The retarded sisters: Raunchy (rauni) and Anencephielle (Enielle),
also known as old hags who've hit the wall....
A: The wise man is mocked by fools.
B: Jet Silverman plays the fool and spews out nonsense as a
method of sidetracking discussions which are headed in a
direction that she doesn't like.
C: Jet Silverman claims to have killfiled me.
D: Jet Silverman now follows me from newgroup to newsgroup
...despite (C) above.
E: Jet is not worthy of the time to compose a response until
her behavior improves.
F: Unit_4's "Kook hunt" reminds me of "Jimmy Baker's" harangues against
adultery while concurrently committing adultery with Tammy Hahn.
G: Knackos...you're a retard.
------------------------------
From: "Aaron R. Kulkis" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Date: Fri, 19 Jan 2001 15:00:44 -0500
Gordon Walker wrote:
>
> On Thu, 18 Jan 2001 13:22:39 -0800, David Schwartz
> <[EMAIL PROTECTED]> wrote:
>
> >> Which begs the question of how they could tell it was being abused.
> >
> > Oh, come on. You think they don't already know which serial numbers are
> >being abused? They're posted in warez newsgroups for chrissakes.
>
> Think about it for a moment. The scheme being proposed would no longer
> permit you to grab a serial number from a warez site or group since it
> must be generated from your hardware (unless MS leave in backdoor
> codes). Therefore that apparently easy means of blacklisting numbers
> is not available to them.
>
> Consider what is actually going to happen. A legitimate customer
> changes his harddrive, or processor or whatever and finds he cannot
> reinstall Windows. He calls Microsoft for a new code. Exactly what
> criteria are you suggesting they use to determine whether or not to
> give out the code? How do they know he's not asking for a code for his
> mate, his mother-in-law etc? What it comes down to is whether they
> will tend to believe or tend to disbelieve. If they tend to disbelieve
> then a lot of customers will get badly treated. If they tend to
> believe their copy protection scheme becomes a pointless irritation.
>
Or...a construct for institutionalized fraud.
> The worst of it is the scheme won't stop the large scale pirates whose
> cost Microsoft so much since they will either patch the OS or else
> produce key generators. The only people it will affect are the
> individual users giving a copy or two to their friends and in stopping
Or LEGITIMATELY changing their hardware (board swaps, disk upgrades, etc.).
> this insignificant trickle of piracy they will inconvenience the vast
> majority of their customers.
> --
> Gordon
--
Aaron R. Kulkis
Unix Systems Engineer
DNRC Minister of all I survey
ICQ # 3056642
H: "Having found not one single carbon monoxide leak on the entire
premises, it is my belief, and Willard concurs, that the reason
you folks feel listless and disoriented is simply because
you are lazy, stupid people"
I: Loren Petrich's 2-week stubborn refusal to respond to the
challenge to describe even one philosophical difference
between himself and the communists demonstrates that, in fact,
Loren Petrich is a COMMUNIST ***hole
J: Other knee_jerk reactionaries: billh, david casey, redc1c4,
The retarded sisters: Raunchy (rauni) and Anencephielle (Enielle),
also known as old hags who've hit the wall....
A: The wise man is mocked by fools.
B: Jet Silverman plays the fool and spews out nonsense as a
method of sidetracking discussions which are headed in a
direction that she doesn't like.
C: Jet Silverman claims to have killfiled me.
D: Jet Silverman now follows me from newgroup to newsgroup
...despite (C) above.
E: Jet is not worthy of the time to compose a response until
her behavior improves.
F: Unit_4's "Kook hunt" reminds me of "Jimmy Baker's" harangues against
adultery while concurrently committing adultery with Tammy Hahn.
G: Knackos...you're a retard.
------------------------------
From: "Aaron R. Kulkis" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Date: Fri, 19 Jan 2001 15:02:14 -0500
David Schwartz wrote:
>
> Gordon Walker wrote:
> >
> > On Thu, 18 Jan 2001 13:22:39 -0800, David Schwartz
> > <[EMAIL PROTECTED]> wrote:
> >
> > >> Which begs the question of how they could tell it was being abused.
> > >
> > > Oh, come on. You think they don't already know which serial numbers are
> > >being abused? They're posted in warez newsgroups for chrissakes.
> >
> > Think about it for a moment. The scheme being proposed would no longer
> > permit you to grab a serial number from a warez site or group since it
> > must be generated from your hardware (unless MS leave in backdoor
> > codes). Therefore that apparently easy means of blacklisting numbers
> > is not available to them.
>
> Huh? You're still going to have some kind of product key or something,
> otherwise how would they know whether or not you bought the software?
> The value the installer generates will contain a combination of your
> fixed 'serial number' and a hardware-dependent value.
>
> > Consider what is actually going to happen. A legitimate customer
> > changes his harddrive, or processor or whatever and finds he cannot
> > reinstall Windows. He calls Microsoft for a new code. Exactly what
> > criteria are you suggesting they use to determine whether or not to
> > give out the code? How do they know he's not asking for a code for his
> > mate, his mother-in-law etc? What it comes down to is whether they
> > will tend to believe or tend to disbelieve. If they tend to disbelieve
> > then a lot of customers will get badly treated. If they tend to
> > believe their copy protection scheme becomes a pointless irritation.
>
> Nonsense. I don't think Microsoft really cares about people installing
> software for their friend of mother-in-law. In fact, that's how
> Microsoft's products got the dominance they have now. What they really
> do care about, however, is mass piracy, especially for money.
No...what they REALLY care about is...now that they've got every
joe 6-pack hooked on the heroin....extracting every last penny possible.
Here's the detox regimine:
http://www.redhat.com/
http://www.suse.com/
http://www.caldera.com/
>
> > The worst of it is the scheme won't stop the large scale pirates whose
> > cost Microsoft so much since they will either patch the OS or else
> > produce key generators. The only people it will affect are the
> > individual users giving a copy or two to their friends and in stopping
> > this insignificant trickle of piracy they will inconvenience the vast
> > majority of their customers.
>
> I don't think you understand how the scheme works. There is no key to
> generate.
>
> DS
--
Aaron R. Kulkis
Unix Systems Engineer
DNRC Minister of all I survey
ICQ # 3056642
H: "Having found not one single carbon monoxide leak on the entire
premises, it is my belief, and Willard concurs, that the reason
you folks feel listless and disoriented is simply because
you are lazy, stupid people"
I: Loren Petrich's 2-week stubborn refusal to respond to the
challenge to describe even one philosophical difference
between himself and the communists demonstrates that, in fact,
Loren Petrich is a COMMUNIST ***hole
J: Other knee_jerk reactionaries: billh, david casey, redc1c4,
The retarded sisters: Raunchy (rauni) and Anencephielle (Enielle),
also known as old hags who've hit the wall....
A: The wise man is mocked by fools.
B: Jet Silverman plays the fool and spews out nonsense as a
method of sidetracking discussions which are headed in a
direction that she doesn't like.
C: Jet Silverman claims to have killfiled me.
D: Jet Silverman now follows me from newgroup to newsgroup
...despite (C) above.
E: Jet is not worthy of the time to compose a response until
her behavior improves.
F: Unit_4's "Kook hunt" reminds me of "Jimmy Baker's" harangues against
adultery while concurrently committing adultery with Tammy Hahn.
G: Knackos...you're a retard.
------------------------------
From: "Aaron R. Kulkis" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Date: Fri, 19 Jan 2001 15:06:07 -0500
Greggy wrote:
>
> In article <[EMAIL PROTECTED]>,
> David Schwartz <[EMAIL PROTECTED]> wrote:
> >
> > Richard John Cavell wrote:
> >
> > > I bought Word 2000, then had to reformat my hard disk because
> Windows
> > > crashed. They refused to give me a registration key for six months
> > > because 'it has already been installed'. I got cranky with them
> all that
> > > time, and they couldn't have cared less.
> > >
> > > I lodged papers with the VCAT (Small claims court) and Wacko! A
> > > registration key was available literally within an hour.
> >
> > That I have a problem with. If, on the other hand, they only
> refused to
> > permit installation if they knew a key was being abused, that would
> be a
> > totally different story.
> >
> > DS
> >
> The problem I have is using software like that. Doesn't there exist a
> good free Office clone for Linux by Sun?
Star Office. Runs on LoseDOS products as well.
http://www.sun.com/products/staroffice/
>
> --
> I prefer my fourth amendment rights over a dope free
> society, even if the latter could actually be achieved.
> Al Gore and the Florida Robes - More than just another rock group;
> a clear and present danger to America's national security.
>
> Sent via Deja.com
> http://www.deja.com/
--
Aaron R. Kulkis
Unix Systems Engineer
DNRC Minister of all I survey
ICQ # 3056642
H: "Having found not one single carbon monoxide leak on the entire
premises, it is my belief, and Willard concurs, that the reason
you folks feel listless and disoriented is simply because
you are lazy, stupid people"
I: Loren Petrich's 2-week stubborn refusal to respond to the
challenge to describe even one philosophical difference
between himself and the communists demonstrates that, in fact,
Loren Petrich is a COMMUNIST ***hole
J: Other knee_jerk reactionaries: billh, david casey, redc1c4,
The retarded sisters: Raunchy (rauni) and Anencephielle (Enielle),
also known as old hags who've hit the wall....
A: The wise man is mocked by fools.
B: Jet Silverman plays the fool and spews out nonsense as a
method of sidetracking discussions which are headed in a
direction that she doesn't like.
C: Jet Silverman claims to have killfiled me.
D: Jet Silverman now follows me from newgroup to newsgroup
...despite (C) above.
E: Jet is not worthy of the time to compose a response until
her behavior improves.
F: Unit_4's "Kook hunt" reminds me of "Jimmy Baker's" harangues against
adultery while concurrently committing adultery with Tammy Hahn.
G: Knackos...you're a retard.
------------------------------
From: "Aaron R. Kulkis" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Date: Fri, 19 Jan 2001 15:08:15 -0500
Greggy wrote:
>
> In article <944nvc$9t9$[EMAIL PROTECTED]>,
> zapzing <[EMAIL PROTECTED]> wrote:
> > Upcoming versions of windows may have, I
> > read, something called "product activation".
> > This means that you must call up microsoft
> > so that the OS can have permission to run.
> > I have a few questions about this. First of
> > all, under what conditions will MS
> > *refuse* to activate the product. It seems
> > to me that if they never refuse activation,
> > then putting in product activation code is
> > pretty useless. And if they do, they may
> > deny legitimate users who reconfigure their
> > systems frequently.
>
> My first thought would be to get the product serial number and ensure
> it is not a pirate copy.
>
> > Also, what about the possibility of a major
> > computer virus that requires many machines
> > to restore. This would of course require
> > that the OS be reactivated, but in that case
> > the product reactivation lines could be
> > jammed. This would make me think about it
> > very carefully before I bought an OS that
> > included product reactivation code.
>
> It would seem that under that circumstance, contacting the MS server
> would merely restore the OS, but what if you had to reinstall and when
> you did the hardware changed? Would the server then say that it was an
> illegal copy and not allow it to run? That is a bad idea!!!! What if
> you want to take the OS off one machine, because you are going to throw
> the obsolete hardware away and upgrade to the fastest stuff in town?
> Would you be able to activate the OS on new hardware?
>
> Didn't they learn from Intel's folly of the serial number in the chip?
>
> > I understand MS's desire to protect their
> > intellectual property, but please try to think
> > of something that will not cause the collapse
> > of civilization.
>
> How about, just say no to Microsoft. That works wonders. I guess
> Linux can expect a boost in deployment soon...
>
It's time for Monopoly$oft to gooo goo gooooo away.
> --
> I prefer my fourth amendment rights over a dope free
> society, even if the latter could actually be achieved.
>
> Sent via Deja.com
> http://www.deja.com/
--
Aaron R. Kulkis
Unix Systems Engineer
DNRC Minister of all I survey
ICQ # 3056642
H: "Having found not one single carbon monoxide leak on the entire
premises, it is my belief, and Willard concurs, that the reason
you folks feel listless and disoriented is simply because
you are lazy, stupid people"
I: Loren Petrich's 2-week stubborn refusal to respond to the
challenge to describe even one philosophical difference
between himself and the communists demonstrates that, in fact,
Loren Petrich is a COMMUNIST ***hole
J: Other knee_jerk reactionaries: billh, david casey, redc1c4,
The retarded sisters: Raunchy (rauni) and Anencephielle (Enielle),
also known as old hags who've hit the wall....
A: The wise man is mocked by fools.
B: Jet Silverman plays the fool and spews out nonsense as a
method of sidetracking discussions which are headed in a
direction that she doesn't like.
C: Jet Silverman claims to have killfiled me.
D: Jet Silverman now follows me from newgroup to newsgroup
...despite (C) above.
E: Jet is not worthy of the time to compose a response until
her behavior improves.
F: Unit_4's "Kook hunt" reminds me of "Jimmy Baker's" harangues against
adultery while concurrently committing adultery with Tammy Hahn.
G: Knackos...you're a retard.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
