Cryptography-Digest Digest #676, Volume #13 Sun, 11 Feb 01 15:13:00 EST
Contents:
Re: Scramdisk, CDR and Win-NT (Darren New)
Re: Steganography with ASCII text files (Mok-Kong Shen)
Re: Steganography with ASCII text files (Mok-Kong Shen)
Re: ideas of D.Chaum about digital cash and whether tax offices are ("Thomas J.
Boschloo")
Re: ideas of D.Chaum about digital cash and whether tax offices are ("Thomas J.
Boschloo")
Re: CipherText patent still pending (Mok-Kong Shen)
Re: Steganography with ASCII text files (JPeschel)
Re: OverWrite freeware completely removes unwanted files from hard drive (Hit1Hard)
Re: Steganography with ASCII text files (Benjamin Goldberg)
Re: Anonymous communications (Benjamin Goldberg)
WiSCy99 v4.24 Calculator/Graph Suite (Windows'95/98/NT/2000) is the complete
and-to-use scientific calculator. ("Igor Evsikov")
Re: Steganography with ASCII text files ("John A. Malley")
Re: Anonymous communications (Splaat23)
----------------------------------------------------------------------------
From: Darren New <[EMAIL PROTECTED]>
Crossposted-To: alt.security.scramdisk
Subject: Re: Scramdisk, CDR and Win-NT
Date: Sun, 11 Feb 2001 18:14:15 GMT
Daniel James wrote:
> You should be aware that this doesn't give you a normal CD-formatted disk -
> you'll only be able to read it on machines that have suitable software (i.e.
> a copy of DirectCD).
AFAIK, the ability to *read* these disks comes (at least) with Win98.
There's also an option to put an ISO9660 header on the disk to change it
into a "normal" read-only format, but I imagine that could seriously mess up
scramdisk.
> It's also not germane to OP's question, as he says he is using CD-R not
> CD-RW, and his disks will most definitely be read-only.
This works on CD-R's too. You just don't get space back when you delete a
file.
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
Ignorance can be cured. Naivety cures itself.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Steganography with ASCII text files
Date: Sun, 11 Feb 2001 19:15:27 +0100
JPeschel wrote:
>
> Mok-Kong Shen [EMAIL PROTECTED] writes, in part:
>
> >Modern steganography is commonly done on graphical files
> >through manipulation of pixel values. The operations done
> >are in my humble view not very convenient to implement and
> >require, above all, the availability of graphical files.
>
> What's difficult about finding graphical files, or, for that matter, audio
> or video files?
>
> >We note that in general the sender will not send the HTMLfile but publish his
> >document at a site such that the receiver can access and get a copy of the
> >HTML file at his convenience, thus rendering it easier for the latter to keep
> >his anonymity.
>
> If the sender has web access, he should be able to find plenty
> of files (graphical, audio, or video) suitable to use as carriers.
It is a relative matter. At least in my personal case,
I have plenty of text files ready for use and don't
need to get these other files. What I find is more
inconvenient with graphical files is either to have to
get those algorithms to process or have to implement them
myself, while what I suggested is very elementary so that I
could easily start from scratch (composing my own cover
text) and be entirely independent of other people.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Steganography with ASCII text files
Date: Sun, 11 Feb 2001 19:15:35 +0100
"John A. Malley" wrote:
>
[snip]
> From a security viewpoint, the more people know about this means, the
> easier it gets to monitor the means - "Eve" could patrol web sites with
> 'bots to download and autoscan the HTML files for hidden messages.
You are certainly right in principle. However, I think
the situation is 'proportionately' unfavourable to Eve,
for the volume of informations on the internet, and with
it the subset of HTML materials, is growing at an almost
incredible speed, so that scaning would be barely possible
(the attack involves dealing with the PRNG or its eqivalents
and means at least some non-trivial computing work). This is
similar to the hypothetical scenario where everybody on the
internet encrypts all his e-mails such that Echelon-like
apparatus would be bogged down due to the sheer volume
of work load, I believe.
M. K. Shen
------------------------------
From: "Thomas J. Boschloo" <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt,talk.politics.crypto,alt.cypherpunks
Subject: Re: ideas of D.Chaum about digital cash and whether tax offices are
Date: Sun, 11 Feb 2001 19:08:54 +0100
"Trevor L. Jackson, III" wrote:
>
> "Thomas J. Boschloo" wrote:
>
> > I am not talking about a one grand GPS bullet or some other form of
> > smart bullet. Just some sci-fi (emphasis on 'fi') way to trace all
> > bullets around the world.
>
> OT, but in context. Professionals in the science/speculative fiction industry
> _hate_ the degenerate "sci-fi" as an ugly hollywood-ism. They use the term
> sf.
Sorry, I didn't know.
> Note that immediate consequence of forcing the use of such projectiles (by
> outlawing the production of any other), would be that all crimes would be
> committed by police and/or military bullets. Arsenal theft is an industry of
> respectable size.
In my 'mind' model the police and the military would use traceable
bullets too. If they were reported as stolen they could be traced. The
only problem would be if the 'criminals' would hack into the system that
traces all bullets. That way they would know when the police would come
or where to expect an (seals) attack. Maybe this is a very useful
observation with regard to an omnipotent NSA.
Thanks,
Thomas
--
=====BEGIN PGP MESSAGE=====
Comment: This dirty signed executable will twart Netsafe 4.2
Comment: Try Netsafe at <http://www.ozemail.com.au/~netsafe>
owEBzQAy/4kAeQMFADpc/IoBD9pfIlygCQEBvXYDHjqpd4mblDvTxQsubVPZAhEL
21LgMaNgT5rE9+Te4zLxaC4XpcnC7uMXSMPDWOPGHCijf9J2jo9HdrYsjQWPWUXH
JgwazJ88Df13S3QG8R3+i+uxtGxCG6OPr94nLSbdfcrO/6isT2IMdC11bnNhZmUu
Y29tAAAAAOsjLoA+/wAAdAHPgPwwdRBQLv4G/wC0TM0hLv4O/wBYLv8uXAC4ITXN
IYkeXACMBl4AtCW6AgHNIbIlzSc=
=3E5B
=====END PGP MESSAGE=====
------------------------------
From: "Thomas J. Boschloo" <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt,talk.politics.crypto,alt.cypherpunks
Subject: Re: ideas of D.Chaum about digital cash and whether tax offices are
Date: Sun, 11 Feb 2001 19:08:54 +0100
"Trevor L. Jackson, III" wrote:
>
> "Thomas J. Boschloo" wrote:
>
> > I am not talking about a one grand GPS bullet or some other form of
> > smart bullet. Just some sci-fi (emphasis on 'fi') way to trace all
> > bullets around the world.
>
> OT, but in context. Professionals in the science/speculative fiction industry
> _hate_ the degenerate "sci-fi" as an ugly hollywood-ism. They use the term
> sf.
Sorry, I didn't know.
> Note that immediate consequence of forcing the use of such projectiles (by
> outlawing the production of any other), would be that all crimes would be
> committed by police and/or military bullets. Arsenal theft is an industry of
> respectable size.
In my 'mind' model the police and the military would use traceable
bullets too. If they were reported as stolen they could be traced. The
only problem would be if the 'criminals' would hack into the system that
traces all bullets. That way they would know when the police would come
or where to expect an (seals) attack. Maybe this is a very useful
observation with regard to an omnipotent NSA.
Thanks,
Thomas
--
=====BEGIN PGP MESSAGE=====
Comment: This dirty signed executable will twart Netsafe 4.2
Comment: Try Netsafe at <http://www.ozemail.com.au/~netsafe>
owEBzQAy/4kAeQMFADpc/IoBD9pfIlygCQEBvXYDHjqpd4mblDvTxQsubVPZAhEL
21LgMaNgT5rE9+Te4zLxaC4XpcnC7uMXSMPDWOPGHCijf9J2jo9HdrYsjQWPWUXH
JgwazJ88Df13S3QG8R3+i+uxtGxCG6OPr94nLSbdfcrO/6isT2IMdC11bnNhZmUu
Y29tAAAAAOsjLoA+/wAAdAHPgPwwdRBQLv4G/wC0TM0hLv4O/wBYLv8uXAC4ITXN
IYkeXACMBl4AtCW6AgHNIbIlzSc=
=3E5B
=====END PGP MESSAGE=====
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: CipherText patent still pending
Date: Sun, 11 Feb 2001 19:37:31 +0100
Scott Fluhrer wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> >
> > Bryan Olson wrote:
> > >
> > > Mok-Kong Shen wrote:
> > > >
> > > > Bryan Olson wrote:
> > >
> > > [Bryan:]
> > > >>>>> Experts teaching writing say to write every day. I've never
> > > >>>>> heard an expert cryptologist recommend cipher design as an
> > > >>>>> exercise.
> > >
> > > [...]
> > > > There seems to be a misunderstanding here due to presumably
> > > > my poor formulation. My quoted sentence above simply
> > > > served as sort of apology for my inability to clearly
> > > > interpret the paragpraph of your previous post. It was
> > > > then followed by my two 'conjectured' interpretations with
> > > > my corresponding responses.
> > >
> > > The intended meaning that your analogy,
> > >
> > > | But don't you
> > > | see that at schools the pupils are continuing to write
> > > | compositions (after you have left school)? Should they
> > > | stop writing??
> > >
> > > was nonsense. Writing is a good exercise, unlike designing
> > > a cipher.
> >
> > I don't know any practically useful skill/ability that could
> > be gained without exercises.
> >
> However, an additional requirement for doing exercises is being able to know
> whether you've did a good job, or a poor one. If you can't tell, then
> you're not likely to become better, because you have no idea which direction
> is "better". That's the problem with just designing ciphers -- the novice
> designer has no way of knowing if any particular design is secure, and so is
> unable to know which ideas worked (and should be exploited further), and
> which ideas should be abandoned. In essence, the learner is attempting to
> go to Chicago, without having any clue about which direction Chicago is, or
> how far he is from it. He is not real likely to get anywhere near Chicago.
>
> In contrast, if you start by breaking ciphers, you do have positive
> knowledge whether an idea worked, and so a learner can start building
> knowledge of how this works.
I think that one of the motivations (at least this is
the case with me) of novices to post designs to the
group is to 'hope' that some kind experts would point out
the weaknesses, if present. Certainly the novices are
well advised to attack their own ciphers with some perhaps
marginal chance (due to their poor knowldege level.) The
novices can (and should) also try to attack certain ciphers
that are known to be breakable by certain techniques and
thereby gain very valuable knowledge about these techniques
but they are certainly very unlikely to develop new
effective techniques to attack ciphers that the professionals
have so far not succeeded. On the other hand, there is some
chance, I believe, that the novices occassionally by
chance/luck come upon some eventually useful ideas about
cipher constructs that others have not reflected upon before.
That's why I think promoting presentation of ideas from the
novices (and surely from the experts) to the group is not
a bad thing by itself.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 11 Feb 2001 18:36:44 GMT
Subject: Re: Steganography with ASCII text files
"John A. Malley" [EMAIL PROTECTED] writes in part:
>Good question. I venture this may be the reasoning -
>
>Every web browser supports HTML. Most browsers support graphical files
>(JPEG, GIF). Some browsers don't support the more complex media without
>us fetching plug-in modules. Given HTML is supported by every browser
>type through all of their versions from the early 90s to today, using
>HTML for steganography should facilitate the largest number of people to
>covertly communicate with one another with steganography.
>
>I suggest the steganographic HTML should also be in the most common HTML
>format recognized by all - HTML 1.0.
>
I don't think HTML/1.0 was made an official standard, but it
is decribed in RFC 1945. I think 1.1 replaced it fairly quickly.
Both the 1.0 and the 1.1 specifications support image files,
so I still don't understand steganograhpic HTML's raison d'etre.
Maybe Mok is thinking of users with text-only browsers;
maybe he will explain.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: Hit1Hard <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.hacker,alt.conspiracy
Subject: Re: OverWrite freeware completely removes unwanted files from hard drive
Date: Sun, 11 Feb 2001 13:49:48 -0500
Anthony Stephen Szopa wrote:
>
> Hit1Hard wrote:
> >
> > Anthony Stephen Szopa wrote:
> > >
> >
> > > So where are these technological sophisticates: these brain drained
> > > mental armchair hackers, now?
> > >
> >
> > They make sure the "crucial" information on the HD is encrypted with
> > their own encryption software.
> > wich is not placed on the system HD's.
> > Oh. And the swapfile is empty.
> >
> > >
> > > Thanks for the grilling.
> >
> > anytime.
> >
> > --
> > Hit1Hard
>
> You seem to have changed the topic of this thread.
Sorry , if I managed to do that.
>
> The thread is about overwriting confidential data on a hard drive.
Thats what I read.
>
> It is a given that there is confidential data on the hard drive
> that one desires to make unrecoverable.
Confidential, is a degree of secrecy. That means no plain readable or
recognisable files.
May i remind you of Kevin Mitmick (I have no clue if i spelled that
right.)and his encoded HD, that they can't/couldn't decode.
I wouldn't give shit, if they restored my "coded" (If I had any!!)
information, since it still has to be recognised as non-rubish, and then
decoded.
>
> Of course, if there is no confidential data on the hard drive then
> there would be no need to overwrite confidential data that does not
> exist.
>
> Hit one hard for me while you're at it.
I thought I did.
--
Hit1Hard
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Steganography with ASCII text files
Date: Sun, 11 Feb 2001 19:16:14 GMT
JPeschel wrote:
>
> "John A. Malley" [EMAIL PROTECTED] writes in part:
>
> >Good question. I venture this may be the reasoning -
> >
> >Every web browser supports HTML. Most browsers support graphical
> >files (JPEG, GIF). Some browsers don't support the more complex media
> >without us fetching plug-in modules. Given HTML is supported by every
> >browser type through all of their versions from the early 90s to
> >today, using HTML for steganography should facilitate the largest
> >number of people to covertly communicate with one another with
> >steganography.
> >
> >I suggest the steganographic HTML should also be in the most common
> >HTML format recognized by all - HTML 1.0.
> >
>
> I don't think HTML/1.0 was made an official standard, but it
> is decribed in RFC 1945. I think 1.1 replaced it fairly quickly.
> Both the 1.0 and the 1.1 specifications support image files,
> so I still don't understand steganograhpic HTML's raison d'etre.
> Maybe Mok is thinking of users with text-only browsers;
> maybe he will explain.
Perhaps it's a question of what level steganography should be
implemented at, or perhaps to do with traffic analysis.
Consider, if you do text stego by inserting extra whitespace in html,
this can be done on-the-fly, by the web server. Can you do image stego
quickly enough for it to be done this way?
Regardless of how stego is done, we need an excuse for downloading all
those image/html files. If the recipient's "normal" browsing habits
include looking through porn image sites, then doing image stego is
fine... but what about someone who doesn't... who reads alot, but
doesn't often look at porn? Doing things out of the ordinary is a bit
of a tip-off. If you want it to be successful, you have to make it look
like everything is "normal".
--
A solution in hand is worth two in the book.
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Anonymous communications
Date: Sun, 11 Feb 2001 19:16:33 GMT
Splaat23 wrote:
>
> This is a hard question to phrase, so I'll set it up as a fill-in-the-
> blank: "In order to have real-time, secure, anonymous communications
> with another person on the Internet, I will do _______, relying only
> on ______"
How about simply encrypting your message with the recipient's public
key, and sending a mail or posting to a NG with Mixmaster? This seems
to fulfil most of the requirements.
> I've been thinking about this, and it is very apropos of the
> situations today involving privacy, copyright, and growing use/theory
> on attacks such as traffic analysis. A solution to this that relies on
> the least might be an important evolution (as opposed to revolution)
> in Internet communication.
--
A solution in hand is worth two in the book.
------------------------------
From: "Igor Evsikov" <[EMAIL PROTECTED]>
Crossposted-To:
sci.cognitive,sci.cryonics,sci.edu,sci.electronics.basics,sci.electronics.cad,sci.electronics.components,sci.electronics.design,sci.electronics.equipment,sci.electronics.misc,sci.electronics.repair,sci.energy,sci.energy.hydrogen,sci
Subject: WiSCy99 v4.24 Calculator/Graph Suite (Windows'95/98/NT/2000) is the complete
and-to-use scientific calculator.
Date: Sun, 11 Feb 2001 14:18:26 -0500
Calculator (Real,Complex,Matrix)/Graph Suite
WiSCy99 v4.24 Calculator/Graph Suite (Windows'9x/NT/2000/ME) is the
complete and-to-use scientific calculator. The results of calculation
can be visualization, printing as graphic, as text or saving to disk.
Unit Converter is pre-configured to convert over 100 units in 8
categories.
Download:
http://www.simtel.net/pub/simtelnet/win95/calc/wiscy424.zip
ftp://ftp.simtel.net/pub/simtelnet/win95/calc/wiscy424.zip
- Arithmetic and logical operators
- Common functions such as exp, ln, sqrt, sqr etc.
- Common, trigonometric, hyperbolic complex functions
- Trigonometric, Hyperbolic functions
- Numerical Integration
- Equations can be solved
- Special functions (Gamma, Bessels, Si, Ci, erf etc.)
- Statistic functions (Average, Standard deviation, Sum, Random,
Gauss random, statistical variance etc.)
- FOR-type loop
- if (...) then (...) else (...) function
- Tape of results
- Assistant and debug: error position fixed
- Plot f(X), Contour Plot f(X,Y), Color Shading f(X,Y),
real 3D-Plot f(X,Y), Derivative, Fit.
- Print results, graphics and print preview
- Save graphics to BMP, WMF, EMF formats
- Matrix Operations(A+B=C, A-B=C, A*B=C, inverse(A)=C,
Power(A,n)=C, det |A|=C[1.1], Solve A(X)=C)
- Decimal, Hexadecimal and Binary bases
- Fixed point, Scientific, Engineering and Sexagesimal notations
- Radian and Degree modes for trigonometric functions
- Precision: 10-12 significant digits.
- Range: _(3.4E-4392 to 1.1E+4392)
- 10 pre defined variables, user define variables
- User define functions
- 30 user defined constants (up to 16000), search and edit file
with constants.
- Stack for expressions (up to 16000)
- Stack for results (up to 16000)
- Unit Converter
Special requirements: None.
Igor Evsikov
[EMAIL PROTECTED]
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Steganography with ASCII text files
Date: Sun, 11 Feb 2001 11:17:22 -0800
Mok-Kong Shen wrote:
>
> "John A. Malley" wrote:
> >
> [snip]
>
> > From a security viewpoint, the more people know about this means, the
> > easier it gets to monitor the means - "Eve" could patrol web sites with
> > 'bots to download and autoscan the HTML files for hidden messages.
>
> You are certainly right in principle. However, I think
> the situation is 'proportionately' unfavourable to Eve,
> for the volume of informations on the internet, and with
> it the subset of HTML materials, is growing at an almost
> incredible speed, so that scaning would be barely possible
> (the attack involves dealing with the PRNG or its eqivalents
> and means at least some non-trivial computing work). This is
> similar to the hypothetical scenario where everybody on the
> internet encrypts all his e-mails such that Echelon-like
> apparatus would be bogged down due to the sheer volume
> of work load, I believe.
>
Hey, here we have a situation requiring traffic analysis!
This thread could be a good exercise in exploring that concept for those
interested.
Not the idea of Echelon, or if it exists, or how it works, etc., more
like -
Eve wants to locate the steganographic HTML traffic of a group with many
members somewhere on the WWW. The group is using some set of publicly
accessible web servers open to any web browser (i.e. these are not
password protected HTML files.) Eve knows the group members by name.
Using public resources on the web (like Internic for example) can Eve
ferret out the steganographic "transmitter" network?
Eve then wants to monitor the rise and fall of that traffic as indicated
by updates to HTML files on those servers. How can she do it, directly
or indirectly?
Eve wants to detect migration of the "HTML transmitters" when the group
moves their steganographic HTML output activities from one set of
publicly accessible servers to another. How can she do it, directly or
indirectly?
How does the group select the public web servers they will use? Can the
group use steganographic HTML to tell each other to look for messages on
other servers in the future after some date? What are effective
countermeasures by the group to confuse Eve?
And more...
Any takers?
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: Splaat23 <[EMAIL PROTECTED]>
Subject: Re: Anonymous communications
Date: Sun, 11 Feb 2001 19:54:43 GMT
To summarize that technique:
Process:
Encrypt using a recipient's public key, then route through secure
mixmaster servers.
Relies on:
Knowing the recipient's public key ahead of time.
Inability to link messages sent between mixmaster servers.
**
I am aware of that technique, but it doesn't really satisfy requirement
#1: 'real-time'. It also doesn't scale too well because it requires
servers to volunteer their bandwidth for free. But besides that, it is
pretty powerful in that it only relies on all the mixmaster servers not
being in collusion. If they were, it would no longer be anonymous
because the two endpoints would be revealed.
Any other ideas? This one is the most popular, especially for anonymous
posting, but doesn't really handle real-time too well.
- Andrew
In article <[EMAIL PROTECTED]>,
Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
> Splaat23 wrote:
> >
> > This is a hard question to phrase, so I'll set it up as a fill-in-
the-
> > blank: "In order to have real-time, secure, anonymous communications
> > with another person on the Internet, I will do _______, relying only
> > on ______"
>
> How about simply encrypting your message with the recipient's public
> key, and sending a mail or posting to a NG with Mixmaster? This seems
> to fulfil most of the requirements.
>
> > I've been thinking about this, and it is very apropos of the
> > situations today involving privacy, copyright, and growing
use/theory
> > on attacks such as traffic analysis. A solution to this that relies
on
> > the least might be an important evolution (as opposed to revolution)
> > in Internet communication.
>
> --
> A solution in hand is worth two in the book.
>
>
Sent via Deja.com
http://www.deja.com/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
