Cryptography-Digest Digest #568, Volume #13 Sat, 27 Jan 01 11:13:01 EST
Contents:
Re: Why Microsoft's Product Activation Stinks (Anthony Stephen Szopa)
Re: Why Microsoft's Product Activation Stinks (Gunner)
Re: William's P+1 ("The Death")
Re: Mr Szopa's encryption (was Why Microsoft's Product Activation (Lord Running Clam)
Re: Dynamic Transposition Revisited (long) (John Savard)
Re: Encoded serial number:Help! (Giannikol)
Re: 32768-bit cryptography (SCOTT19U.ZIP_GUY)
Re: Help with algorithm needed (Mok-Kong Shen)
what was the problem with E2 ? (Henning Koester)
Re: Why Microsoft's Product Activation Stinks (Lord Running Clam)
----------------------------------------------------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Date: Sat, 27 Jan 2001 04:15:41 -0800
Splaat23 wrote:
>
> Do you even know what a spammer is? Because this individual is not.
>
> You don't seem to understand that the source code _is_ available, just
> in slightly obfuscated form. If your program was protecting anything
> valuable, people might spend the time to reverse-engineer it. Then
> you'd get the security analysis that would vindicate/condemn your
> software. But since no one here wants to spend a lot of time to satisfy
> some obnoxious usenet poster's cipher, if you _really_ are so sure of
> your algorithm, save us some time and give us the source.
>
> Unless, of course, you think your source code is somehow unobtainable.
> In which case you're just an idiot.
>
> You are a very confrontational person - when you are the one attacking.
> But whenever you feel attacked, you simply don't respond. Would you
> mind actually responding rather this time?
>
> - Andrew
>
> In article <[EMAIL PROTECTED]>,
> Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
> > Richard Heathfield wrote:
> > >
> > > Anthony Stephen Szopa wrote:
> > > >
> > > > Pointless program where to stop software piracy could increase
> > > > revenues by tens of billions of dollars each year? Pointless?
> > >
> > > Pretty much, yes. It's like trying to protect Pythagoras' Theorem.
> > > Counter-productive.
> > >
> > > > I will not defend copy protection here and now. You slide on this
> > > > point.
> > >
> > > (I don't know whether "slide on this point" is American idiomatic
> usage,
> > > but I don't /quite/ understand it. But I'm guessing it means you
> don't
> > > want to talk about copy protection. Fair enough.)
> > >
> > > >
> > > > Some people like the XOR program and have downloaded it. It works
> > > > just fine as someone in this news group pointed out.
> > >
> > > It would be astonishing if it /didn't/ work just fine. It's not
> exactly
> > > a tricky program to write, is it?
> > >
> > > > And here you
> > > > go again, trying to assail my software's aesthetics.
> > >
> > > I don't have to assail it. People only need look at it to make
> their own
> > > minds up.
> > >
> > > > Can't prove anything negative about the theory of OAP-L3?
> > >
> > > Until you release the source code, why should anyone bother trying?
> > >
> > > And, until it can be *used* conveniently (my understanding is that,
> at
> > > present, the user is obliged to shuffle cards for an hour or
> three), why
> > > should anyone bother trying?
> > >
> > >
> > > > Say, you don't want anybody stealing your money: give it away,
> it's
> > > > that simple, too.
> > >
> > > That's the first rational debating point you've made.
> > >
> > > My answer? Simple, really. High quality software is being written
> for
> > > free, every day. It's very competitive on price. Example: I can get
> a
> > > very powerful operating system that works for 100% less than it
> costs me
> > > to buy a slightly less powerful and broken operating system. Think
> about
> > > it. It'll take a while for people to catch on to the idea that they
> > > don't have to pay for their software, but they'll cotton on
> eventually.
> > >
> > > This works in encryption software too (to get us at least marginally
> > > back on-topic). Since people are writing better cryptographic
> products
> > > than yours for free, why should anyone pay for yours?
> > >
> > > By the way, the source code for Twofish is freely available, and
> Twofish
> > > has been heavily analysed.
> > >
> > > >
> > > > You still haven't figured out why I wrote the XOR program and
> posted
> > > > it on my web site for all to download. I guess if you don't get
> it:
> > > > you just don't get it.
> > >
> > > No, I don't get it. But I can't /wait/ for you to explain. What will
> > > your next masterpiece be? A program to add two numbers together?
> Without
> > > source code, and weighing in at 300 KB?
> > >
> > > >
> > > > I mentioned to a guy once that US laser weapons are only about 10%
> > > > efficient. He said who cares, they get the job done.
> > >
> > > If you have the choice between 10% efficiency and 90% efficiency,
> which
> > > do you choose? If I have the choice between OAP-L3 and Twofish, I
> choose
> > > Twofish. Why? Because it's free, it is known to work (or, at least,
> has
> > > been extensively cryptanalysed with no known breaks surfacing as
> yet),
> > > it's fast, and the source code is available.
> > >
> > > > What are MSs objectives? It matters.
> > > >
> > > > MS is losing a bundle on its software being pirated. You are just
> > > > spamming when you ask who would want MSs software. The answer is
> > > > just about everybody, especially if its free.
> > >
> > > The price is still too high. If you can persuade MS to /pay/ me to
> have
> > > their software, I /might/ consider it.
> > >
> > > --
> > > Richard Heathfield
> > > "Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
> > > C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
> > > K&R Answers: http://users.powernet.co.uk/eton/kandr2/index.html
> >
> > You are a spammer.
> >
> > Anyone reading your posts / replies can easily tell.
> >
> > In the university when you take a test, you are not given data to
> > solve the problem. You solve the problem by using the techniques
> > on variables. If you cannot solve the problem on variables you
> > cannot solve the problem when these variables are assigned values.
> >
> > The theory upon which OAP-L3 is based is completely explained in
> > the help files readily available from the web site:
> > http://www.ciphile.com
> >
> > If you cannot assail the encryption based upon any hoped for
> > weakness in the theory then you cannot assail the encryption theory
> > knowing the source code.
> >
> > What you are hoping to do is not disprove the theory but are
> > slumming in hopes of finding a bug in the implementation.
> >
> > You must first admit that you have given up on any hopes to assail
> > the theory upon which OAP-L3 is based before we even get on with
> > discussing the source code.
> >
> > So, is this the end of your spamming?
> >
> > We all hope so.
> >
>
> Sent via Deja.com
> http://www.deja.com/
I will ask you as I have done before to others, are you thinking
about attacking my encryption theory or are you desirous of
attacking my implementation of the theory?
If you agree that my encryption theory is unassailable then we can
discuss the source code.
But if you cannot successfully trash my encryption theory then admit
it or show us.
The theory is explained thoroughly in the Help Files available at my
web site.
Thank you.
------------------------------
From: Gunner <[EMAIL PROTECTED]>
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
Subject: Re: Why Microsoft's Product Activation Stinks
Reply-To: [EMAIL PROTECTED]
Date: Sat, 27 Jan 2001 04:25:59 -0800
Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
>
>
>I know. You could have thought of it just like a bunch of monkeys
>banging away on a typewriter would eventually write Shakespeare's
>plays.
>
>It is no big deal? MS just loves wasting its time and money? They
>wouldn't be promoting this if they were not serious.
>
>They are trying to have their anti-piracy feature accepted as the
>industry standard, by Jove!
>
>A nine year old?
>
>Sounds like you are ready for your first Eric Clapton air guitar.
"We have all heard that a million monkeys banging on a million
typewriters will eventually reproduce the entire works of
Shakespeare...Thanks to AOL and WebTV, we know this is not possible."
------------------------------
From: "The Death" <[EMAIL PROTECTED]>
Subject: Re: William's P+1
Date: Fri, 26 Jan 2001 17:00:36 +0200
Seems there s no reason for me to use it then.
Is it in any way better than Pollard's P-1 ?
Bob Silverman <[EMAIL PROTECTED]> wrote in message
news:94rr5t$hsm$[EMAIL PROTECTED]...
> In article <94n6eq$lhj$[EMAIL PROTECTED]>,
> "The Death" <[EMAIL PROTECTED]> wrote:
> > I saw several websites, and they all mentioned this algorithm but
> didn't
> > have any info about it. Can any1 give me information about this
> algorithm?
>
>
> It finds a factor p dividing n if p+1 only has small prime
> factors.
>
> It only works 1/2 the time even when p has the required property.
> (you choose a Lucas sequence. It succeeeds iff the discriminant is a
> non-residue mod p)
>
> It is obsolete.
>
> What more would you like?
>
> --
> Bob Silverman
> "You can lead a horse's ass to knowledge, but you can't make him think"
>
>
> Sent via Deja.com
> http://www.deja.com/
------------------------------
Date: Sat, 27 Jan 2001 06:41:26 -0600
From: Lord Running Clam <Use-Author-Address-Header@[127.1]>
Subject: Re: Mr Szopa's encryption (was Why Microsoft's Product Activation
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
=====BEGIN PGP SIGNED MESSAGE=====
On Sat, 27 Jan 2001, Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote:
>Joseph Ashwood wrote:
>If you expect to acquire the raw random digits then please, tell us
>how you are going to get them.
>
>If you are somehow going to breach the security of my computer and
>access the raw random digits this way then you are successfully
>attacking the security of my computer, not my encryption software.
I still ain't running Mr. Szopa-onna-da-Ropa.
You just don't get it do you?
Security through obscurity doesn't work. Publish and/or be damned.
Check my mail headers, and follow the trail to a little puzzle of mine. Or
is 3EBG39 beyond you? <g>
If you play with fire you will get burnt.
LRC.
- --
The bigger the humbug, the better people will like it.
~ Phineas Taylor Barnum.
=====BEGIN PGP SIGNATURE=====
Version: N/A
iQEVAwUBOnIBcoer+ijnZohVAQFbdQgAmq9c9Oj14qi5jcr42fmRCqqDAd2es3ih
zWFZSBX/5iDsvU+lsLTEnCs3hyxB8w6tKg+pqtUEsVgjwT7Jn82SLWhmERDU107G
vRnHusuh26I6GWsnhzkauERy9cqaiG1U22P/g1KhBl+UjFrho7hMnkMvid9g4zmC
VpAUMWEdlu+jCOEFUj5cpD4nFzU4sEVDl6qyDmHAaxrnS0TsdyQdqfewbmWAW9dW
E6vNGFfdLpzTE7F2gYTHjxBPR9emc/6/XTr+Yp/gmCpy8z0WUDY9hDpILh3EaUID
FsvtaTo7/gYhV8GduIIRPSSEwjxjCTjLVsSVdT1RdbmEWS/tpkSdkQ==
=3tCK
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Dynamic Transposition Revisited (long)
Date: Sat, 27 Jan 2001 13:18:29 GMT
On Sat, 27 Jan 2001 10:41:46 +0100, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote, in part:
>I suppose you have a different and problematical concept
>of the (THEORETICAL) OTP. The bit sequence of OTP is by
>definition/assumption unpredictable. If a 'claimed' OTP
>uses a predictable bit sequence and consequently is weak
>as you said, then it is by definition NOT an OTP, though
>snake-oil peddlers used to call that OTP.
This is true.
But Terry Ritter isn't talking about fake OTPs based on algorithmic
PRNGs, as far as I understand it.
He is saying that even what people acknowledge as "real" OTPs, where
the key has been generated by physical randomness, aren't provably the
'theoretical OTP', because you can't prove a particular physical
random noise generator to be perfect.
That is not, in itself, untrue. Physical random number generators can
have bias, for example.
However, it his his insistence that this is a major concern, and more
specifically the implication that this makes the proof that the
theoretical OTP is unbreakable _irrelevant_ to physically realizable
OTPs, that I fear strikes many as simply bizarre. Because, whether or
not that is his intention, it makes it sound as if he is worried about
the NSA having a cryptanalytic attack which enables them to predict
the roll of a die or the flip of a coin.
In VENONA, not only did the NSA exploit pads used twice, but they even
made use of the bias of numbers generated by hand by typists 'at
random', so they did come closer to doing that than anyone might have
expected.
While precautions are needed in using the raw output of a simple
physical RNG, there are still limits to what constitutes reasonable
concern.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: Giannikol <[EMAIL PROTECTED]>
Subject: Re: Encoded serial number:Help!
Date: Sat, 27 Jan 2001 16:21:27 +0200
> One thing that might help in analysis is the date of manufacture of these
> machines. Is the first built in '96 and the second in '95? If so then things
> become a lot easier. Then we have the resulting binary numbers to work with
> (s/n then checksum):
You are right. The two first digits indicate the year. I am 100% percent sure
about that.
>
> What I would really like to know is why you need to know the algorithm to
> generate checksums? If you need to do your own eprom then just copy in the
> value. If you want to take the eprom from another (dead) machine then move
> the serial nmber eprom across.
Unfortunately I cannot move it because is stuck with special material in the
bottom. And if I remove it it's going to be useless.
>
> Or, if you want to get really sneaky, patch the eprom and disable the
> checking for a valid serial number :)
I made a little dissasembly ( It's a Mitsubishi M50374 controller) with IDA 4,
but I am not 100% sure I can recognise the checking routine.
Thanks anyway
If you have any suggestions I would like to know them.
Nikos Giannoulis
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: 32768-bit cryptography
Date: 27 Jan 2001 14:34:34 GMT
[EMAIL PROTECTED] (Paul Schlyter) wrote in <94c05u$fgv$[EMAIL PROTECTED]>:
>In article
><[EMAIL PROTECTED]>,
>
>> On Fri, 19 Jan 2001, Paul Pires wrote:
>>
>>> 1024 bit cryptography (If you are talking symmetric) will never be
>>> broken
>>
>> Pfffft!
>>
>> Computing power doubles every 18 months or so. Brute force is all you
>> need if you have enough power. Within your lifetime, 3xDES will be
>> completely crackable.
>
>Lemme see here -- 1xDES is barely crackable now (it can be done on
>custom-built hardware for perhaps $100,000 which is allowed to run
>for a few days on each brute-force key search). If computing power
>doubles every 18 months, then 3xDES will be equally crackable in
>56*18/12 = 84 years. I'm 51 years now, so by then I'll be 135
>years... <g>
>
>Someone who now is 16 years now will be 100 years in 84 years. Not
>very many people live until they are 100 years.... <double g>
>
>And anyone younger than 16 years probably don't know much about
>encryption at all....
>
>Finally: is it reasonable to assume computing power will continue to
>double every 18 months also for the next 84 years? We are fast
>approaching the physical limits of microelectronics, so unless there
>will be a breakthough in e.g. quantum computing, Moore's law won't
>hold that long.
>
Actually DES was easily crackable with custom circuits back in
the early 70's at a rate much shorter than a day so where have you
been.
Also it appears if anything Moore's law may be a conservative
estimate and that computing power is increasing much faster so you
may be alive when such a dumb blind search is possible in the
nonblack world.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Help with algorithm needed
Date: Sat, 27 Jan 2001 15:41:20 +0100
Michael Brown wrote:
>
[snip]
> A table of pairs is generated like this:
>
> Column 0 : no pairs
> Column 1 : (1,2)
> Column 2 : (1,3)
> Column 3 : (1,4) (2,3)
> Column 4 : (1,5) (2,4)
> Column 5 : (1,6) (2,5) (3,4)
> Column 6 : (2,6) (3,5)
> Column 7 : (3,6) (4,5)
> Column 8 : (4,6)
> Column 9 : (5,6)
> Column 10 : no pairs
> Column 11 : no pairs
>
> It is easy to get from Column number & pair number to the pair, but how do
> you get from an arbitary pair to a column and pair number?
Look what is commonly termed list processing in CS.
You can invert any dynamic data structure (i.e. of
non-constant size) by using pointers (references). Some
schemes may be more elegant than others and an appropriate
PL can help quite a lot. Common LISP is generally very
advantageous for such tasks. But Pascal and C would also
be good. A simple though fairly clumsy way is to invert
'directly', i.e. for the present example declare an array
X[1..n, 1..3] with sufficiently large n, and store, say,
for a certain index t, X[t,1]=3, X[t,2]=6, X[t,3]=7 of
the data concerning (3,6) above. (This is admittedly not
elegant, but I want simply to show the feasibility of
solving the problem.)
M. K. Shen
=============================
http://home.t-online.de/home/mok-kong.shen
------------------------------
From: Henning Koester <[EMAIL PROTECTED]>
Subject: what was the problem with E2 ?
Date: Sat, 27 Jan 2001 15:33:11 +0100
Hi,
Can someone tell me why E2 wasn't chosen as an AES finalist?
Thanks
------------------------------
Date: Sat, 27 Jan 2001 09:51:40 -0600
From: Lord Running Clam <Use-Author-Address-Header@[127.1]>
Subject: Re: Why Microsoft's Product Activation Stinks
Crossposted-To: or.politics,talk.politics.crypto,misc.survivalism
=====BEGIN PGP SIGNED MESSAGE=====
On Sat, 27 Jan 2001, Anthony Stephen Szopa <[EMAIL PROTECTED]> was
suckered into writing message <[EMAIL PROTECTED]>, thus
archiving the fact that...
>In Message-ID: <[EMAIL PROTECTED]> Lord Running Clam
>gave him a spanking, and he was dumb enough to respond as follows:
>I reserve the right to act stupid any time I please.
>
>It keeps the infidels motivated.
Just don't play with anything sharper than a crayon. Okay?
LRC.
- --
The bigger the humbug, the better people will like it.
~ Phineas Taylor Barnum.
=====BEGIN PGP SIGNATURE=====
Version: N/A
iQEVAwUBOnIBcoer+ijnZohVAQHk8gf/fQWsJnqeaVKahlhmYLvPpC8VMVvrGlr+
r6eKbg3brsVOgrF304uNxbQnLIwmOg88ZGGv5g085wKWkTLQCxIB/AxsfMnzPIdJ
ZhOpZFatRbzanRbwBg1g6T5U1vQcK83CdDcipn7vyjG4hXBewS/x/yFYgFLvsvUx
+qPloY8Lx2TXc1mNKMX4EYC0rz9cGFSdByn9lINMf/afvUHqRtCO13Y/R/ow3RAJ
d+4wYiU2CGF+c4ojDu8TKHT+WJRrnqnRRsLxwUwEILVxW/Wbh8gEzUJZy+Mvrp6k
xsGIuzDokAp2F/3cDyeleT03LmXndBawsrSqtg3v/XbQ+aBXc4SgqQ==
=dmoS
=====END PGP SIGNATURE=====
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
