Cryptography-Digest Digest #784, Volume #13 Fri, 2 Mar 01 21:13:01 EST
Contents:
Re: => FBI easily cracks encryption ...? (SCOTT19U.ZIP_GUY)
Re: => FBI easily cracks encryption ...? (SCOTT19U.ZIP_GUY)
beyond "group signatures": how to prove sibling relationships? (Fen Labalme)
Re: => FBI easily cracks encryption ...? ("Mxsmanic")
Re: => FBI easily cracks encryption ...? ("Mxsmanic")
Re: => FBI easily cracks encryption ...? ("Mxsmanic")
Re: => FBI easily cracks encryption ...? ("Mxsmanic")
Re: Will RIJNDAEL EVER HAVE BIJECTIVE MODES? (SCOTT19U.ZIP_GUY)
Re: Completly wiping HD (Joe H. Acker)
Re: Will RIJNDAEL EVER HAVE BIJECTIVE MODES? ("Tom St Denis")
Re: "RSA vs. One-time-pad" or "the perfect enryption" ("Mxsmanic")
Re: => FBI easily cracks encryption ...? ("Mxsmanic")
Re: The Key Vanishes: Scientist Outlines Unbreakable Code, Read it and Weep Boys
("Mxsmanic")
Re: => FBI easily cracks encryption ...? (Tony L. Svanstrom)
Re: => FBI easily cracks encryption ...? (Free-man)
Re: HPRNG ("Matt Timmermans")
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: 3 Mar 2001 00:12:06 GMT
[EMAIL PROTECTED] (William Hugh Murray) wrote in
<[EMAIL PROTECTED]>:
>kroesjnov wrote:
>
>> > Sometimes I wonder about these groups. Are you all drug dealers or
>> > something? What would be so bad about the FBI or NSA, with
>> > considerable effort and expense, being able to decrypt a PGP
>> > message? Aren't they the good guys trying to protect _us_ against
>> > spies, terrorists and organized crime? If they had an encrypted
>> > message in their hands detailing a plan
>> to
>> > nuke your city, none of you would want them to be able to decrypt
>> > it?
>> >
>> > As long as the cost for decrypting a PGP message is too high to go
>> > looking for petty crimes, so what if they could decode one if they
>> > wanted to?
>> They
>> > would never let the cat out of the bag that they had the ability for
>> > even someone like Hanssen, so I think all your porno is safe.
>> >
>> > Don't get me wrong, I use and like PGP, but it's not the NSA and FBI
>> > that
>> I
>> > worry about. I simply want to keep some things private from
>> > co-workers,
>> ISP
>> > employees and the like, and there's no doubt that PGP works very
>> > well for that.
>>
>> Could not agree more with you.
>> Although I am not an American, I would not mind, if the BVD (Dutch
>> National Intellegence service) would have this abillity.
>> I think they (Like any other country`s national intellegence service)
>> should try their very best, to make this possible...
>
>Were you in Holland when the Nazi's invaded and took over all the police
>records?
>
I new someone had a good anwser for this. Thanks
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: 3 Mar 2001 00:15:08 GMT
[EMAIL PROTECTED] (William Hugh Murray) wrote in
<[EMAIL PROTECTED]>:
>Jim Taylor wrote:
>
>> Sometimes I wonder about these groups. Are you all drug dealers or
>> something?
>
>No. We are patriots. We are interested in protecting an arrogant state
>from the kinds of excesses that are likely to enslave us or destroy the
>legitimacy of that government.
>
>> What would be so bad about the FBI or NSA, with considerable
>> effort and expense, being able to decrypt a PGP message?
>
>If they had a warrant and served it, nothing. The problem is that read
>other people's mail without serving the warrant. They overreach. They
>ask for privilges and capabilities that are useful for surveillance but
>unnecessary for investigation.
>
>> Aren't they the
>> good guys trying to protect _us_ against spies, terrorists and
>> organized crime?
>
>Perhaps. Perhaps they are bureaucrats. I am simply heeding Orwell's
>warning that bureaucrats, simply doing what bureaucrats do, without any
>particular motive or intent, will use technology to enslave the people.
>I am trying to heed Franklin's warning that "the price of Liberty is
>eternal vigilance."
>
>> If they had an encrypted message in their hands detailing a plan to
>> nuke your city, none of you would want them to be able to decrypt it?
>
>Perhaps. What I oppose is their reading all messages in the name of
>finding that one. What I object to is their presumption that because I
>take the precaution of hiding my message that I am otherwise doing
>something wrong. I object to their spending my money to have 83 agents
>on capital hill lobbying for the Congress to make my use of cryptography
>illegal per se. What I object to is that such a law invites arbitrary
>and capricious enforcement and that such enforcement undermines the rule
>of law. I object to their demanding that the telecommunications
>industry provide them with 1000 times the eavesdropping capacity that
>they have ever had warrants for and then, instead of paying for on the
>budget, requiring that the industry pass the cost to the subscribers. I
>object to them spending $500M per year for that capacity when they will
>only admit to 1000 warrants per year. I object to them telling the
>congress that they have significant evidence that terrorists, drug
>dealers, pornographers and mafiosi are using crypto but that they cannot
>discuss it for fear of compromising ongoing investigations.
>
>> As long as the cost for decrypting a PGP message is too high to go
>> looking for petty crimes, so what if they could decode one if they
>> wanted to?
>
>I was once ridiculed here because I published a 386 bit RSA key. I
>figured that that was sufficient to prevent anyone but NSA and the FBI
>from reading my traffic and that I could not prevent them from reading
>it in any case.
>
>How do you feel when they tell the congress that strong encryption
>should be outlawed for all users because it provides perfect security
>for their adversaries?
>
>> They
>> would never let the cat out of the bag that they had the ability for
>> even someone like Hanssen, so I think all your porno is safe.
>
>That argument holds for NSA. The FBI has a very different reputation
>for protecting sources and methods.
>
>> Don't get me wrong, I use and like PGP, but it's not the NSA and FBI
>> that I worry about. I simply want to keep some things private from
>> co-workers, ISP employees and the like, and there's no doubt that PGP
>> works very well for that.
>
>Lessig warns us that Liberty is proportional to the cost of surveillance
>to the state. Since the cost of surveillance falls with the cost and
>use of technology in any case, it behooves us to keep the cost as high
>as we can.
>
>>
>>
>> --
>> Jim Taylor
>
>Bill Murray
>
Bill this is even better than the first anwser. I hope
you idea of gun control is a strong trigger finger.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: Fen Labalme <[EMAIL PROTECTED]>
Subject: beyond "group signatures": how to prove sibling relationships?
Date: 02 Mar 2001 16:29:08 -0800
crypto problem to solve:
the players (sorry if the notation is non-standard):
T a "parent" public key pair
use of T's secret key may be involved in the generation of its "child" nyms:
Ci a "child" of T (public key pair) named "i"
Cj a "child" of T (public key pair) named "j"
Ck a "child" of T (public key pair) named "k"
desired properties:
1) Ci, Cj, Ck cannot prove who its parent (T) is
2) Ci, Cj, Ck cannot prove they are siblings
3) T can prove parenthood of children (e.g. Ci, Cj, and/or Ck)
4) T is able to prove Ci and Cj are siblings
4a) (4), but T can do so anonymously
4b) (4) or (4a) without leaking proof that Ck is also a sibling
discussion:
the closest thing I have found to this problem is "Group Signatures" in
section 4.6 of _Applied Cryptography_.
since T creates Ci, Cj and Ck, it can keep copies of their secret keys and
act as a trusted third party ("Trent"). so far, so good.
1) Trent's children cannot prove who their parent is - this is easy, too.
2) Trent's children cannot connect themselves to each other as siblings,
unless trustworthy Trent publishes a "master list" of connected keys
3) Trent can prove parenthood by signing a message signed by Ci (which is
can forge since he know's Ci's secret key), but this has a bug:
Trent could claim ownership of any child
(including children it did not parent)
simply by signing a message that that child has signed
4) In the same vein, Trent can prove Ci and Cj are siblings only so far as
you trust Trent.
There ought to be a way for Trent to undeniably prove parenthood.
Further, anonymous proof of connection should be possible.
Any ideas or pointers will be most gratefully accepted.
--
Fen Labalme
http://www.OpenPrivacy.org
"The right of the people to be secure in their persons, houses, papers, and
effects, against unreasonable searches and seizures, shall not be violated"
- the Fourth Amendment to the U.S. Constitution
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Sat, 03 Mar 2001 00:28:58 GMT
"William Hugh Murray" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> And, as a matter of public record, until recently
> their messaging system certainly was essentially
> like any other.
There's nothing intrinsically wrong with that; even commercial systems
provide for encryption and digital signature. Traffic analysis is a
different matter, but a messaging system isn't necessarily the place to
look to defeat that.
Even the DoD uses a messaging (e-mail) system that is essentially off
the shelf.
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Sat, 03 Mar 2001 00:35:29 GMT
"kroesjnov" <[EMAIL PROTECTED]> wrote in message
news:97p483$90mg$[EMAIL PROTECTED]...
> Although I am not an American, I would not mind,
> if the BVD (Dutch National Intellegence service)
> would have this abillity.
Sometimes you don't know what you have until it's gone.
I'm sure the BVD would like to have this ability, too!
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Sat, 03 Mar 2001 00:34:35 GMT
"Jim Taylor" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Sometimes I wonder about these groups. Are you
> all drug dealers or something?
There are other people with real or perceived needs for confidentiality
besides drug dealers.
> What would be so bad about the FBI or NSA, with
> considerable effort and expense, being able to
> decrypt a PGP message?
The FBI and NSA don't trust anyone (not even each other); why should
anyone trust them? It's just good business.
> Aren't they the good guys trying to protect _us_
> against spies, terrorists and organized crime?
In theory, yes. In practice, they are managed and employ human beings
who often have very different agendas.
I trust machines, not people.
> If they had an encrypted message in their hands
> detailing a plan to nuke your city, none of you
> would want them to be able to decrypt it?
How would they know what the message detailed without decrypting it?
> As long as the cost for decrypting a PGP message
> is too high to go looking for petty crimes, so what
> if they could decode one if they wanted to?
Did you grow up in a democracy with freedom of speech?
> They would never let the cat out of the bag that
> they had the ability for even someone like Hanssen ...
I don't even know if they would use such a capability for him.
Sometimes it's more important to keep the capability itself a secret
than it is to use it to decrypt something.
> ... so I think all your porno is safe.
Why would anyone encrypt pornography with PGP?
> Don't get me wrong, I use and like PGP, but it's
> not the NSA and FBI that I worry about.
I don't worry about them, either, but that doesn't mean that I want them
reading my mail.
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Sat, 03 Mar 2001 00:38:33 GMT
"Jim Gillogly" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In addition, suppose the FBI or CIA or NSA <can>
> read your data.
There's a difference between the FBI and the NSA. Many people in the
FBI wants to crack codes so they can snoop on you and other people.
Many people in the NSA want people to snoop on so that they can crack
codes. The former motivation is a lot unhealthier than the latter, in
my view.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Will RIJNDAEL EVER HAVE BIJECTIVE MODES?
Date: 3 Mar 2001 00:26:13 GMT
[EMAIL PROTECTED] (Tom St Denis) wrote in
<y6Vn6.6944$[EMAIL PROTECTED]>:
>Start the CTR mode with Hash(msg + timestamp). Simple solution to both
>problems. If you modify the message or send it at a later date the
>timestamp or msg hash will not match. What I mean is you sent the hash
>and the ciphertext. They then can use the IV to decrypt (assuming they
>know the key) and compare the hash they can make with the IV.
>
>Tom
Tommy if this mode turns you on then why don't you write code
using it in this mode. I for one don't think for most uses its
worth it. But if you see great worth in it then write a product
using it this way. Or do you just want to flap your jaws says
how great it is.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
From: [EMAIL PROTECTED] (Joe H. Acker)
Subject: Re: Completly wiping HD
Date: Sat, 3 Mar 2001 01:42:38 +0100
David Griffith <[EMAIL PROTECTED]> wrote:
> I wish to completly wipe a 2gig harddisk.
check out http://www.cs.auckland.ac.nz/~pgut001/secure_del.html
The PGP source code does also contain a lot of disk wiping routines.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Will RIJNDAEL EVER HAVE BIJECTIVE MODES?
Date: Sat, 03 Mar 2001 00:58:19 GMT
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Tom St Denis) wrote in
> <y6Vn6.6944$[EMAIL PROTECTED]>:
> >Start the CTR mode with Hash(msg + timestamp). Simple solution to both
> >problems. If you modify the message or send it at a later date the
> >timestamp or msg hash will not match. What I mean is you sent the hash
> >and the ciphertext. They then can use the IV to decrypt (assuming they
> >know the key) and compare the hash they can make with the IV.
> >
> >Tom
>
> Tommy if this mode turns you on then why don't you write code
> using it in this mode. I for one don't think for most uses its
> worth it. But if you see great worth in it then write a product
> using it this way. Or do you just want to flap your jaws says
> how great it is.
What on earth are you talking about? My suggestion is to prevent two
messages from having the same IV in CTR mode.
Tom
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Subject: Re: "RSA vs. One-time-pad" or "the perfect enryption"
Date: Sat, 03 Mar 2001 01:02:53 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> It is said that one such application may have
> been in nuclear monitoring.
It is rumored that PAL locks on nuclear weapons use public-key
encryption methods, and if so, the NSA has known about PK for quite a
long time.
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Subject: Re: => FBI easily cracks encryption ...?
Date: Sat, 03 Mar 2001 01:04:26 GMT
"William Hugh Murray" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Seems very unlikely that the FBI can collect
> such information on its own and even less
> likely that the NSA would trust the FBI with it.
I agree, but the NSA might have its arm twisted. Indeed, there might be
people in the NSA cursing the FBI for being so stupidly careless with
methods and procedures that the NSA managed to keep _secret_.
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Subject: Re: The Key Vanishes: Scientist Outlines Unbreakable Code, Read it and Weep
Boys
Date: Sat, 03 Mar 2001 01:09:08 GMT
<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "Empty space".
The surface of the Earth is covered with a thick layer of air, which
must be traversed by any type of radio signal passing between a
satellite and a ground station. There might not be any problem on the
Moon, however.
> They are in the Crypto conference proceedings,
> available at a good university library. Books,
> they're made of bound paper. You've probably
> heard of them.
I've heard of them, but I don't use them much these days.
> You were the one claiming that an N bit shared
> secret could give you only N bits of security:
If that's what actually secures the system, yes.
------------------------------
Subject: Re: => FBI easily cracks encryption ...?
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Date: Sat, 03 Mar 2001 01:13:13 GMT
Timothy M. Metzinger <[EMAIL PROTECTED]> wrote:
> Additionally, there's a lot of information shared to law enforcement
> agencies by businesses about their business and security practices... That
> information, if disclosed (especially to foreign interests) would degrade
> our national security by possibly weakening our economy.. So that too
> becomes classified.
A good example of that is the spy they caught in Sweden a cpl of weeks
ago; he'd been active since the 70's, and he could provide the
USSR/russia with information regarding how to take out the electricity-
distribution in other countries the easiest way possible... (This
company worked worldwide...)
/Tony
------------------------------
From: [EMAIL PROTECTED] (Free-man)
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Sat, 03 Mar 2001 01:17:48 GMT
On Fri, 02 Mar 2001 21:26:28 GMT, Jim Taylor <[EMAIL PROTECTED]>
wrote:
>Sometimes I wonder about these groups. Are you all drug dealers or
>something? What would be so bad about the FBI or NSA, with considerable
>effort and expense, being able to decrypt a PGP message? Aren't they the
>good guys trying to protect _us_ against spies, terrorists and organized
>crime?
No. Most of what law enforcement does is a violation of individual
rights. Most of the laws that they enforce are unjust, bullshit laws
that criminalize honest trade and peaceful behavior. Many cops are
nothing but enforcement goons for the government mafias. They
enforce monopolies on drugs, guns, gambling, etc. They commit more
crimes than the bad guys.
Rich Eramian aka freeman at shore dot net
------------------------------
From: "Matt Timmermans" <[EMAIL PROTECTED]>
Subject: Re: HPRNG
Date: Sat, 03 Mar 2001 01:22:44 GMT
"Benjamin Goldberg" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> And does someone who /doesn't/ believe in randomness call quantum
> effects "messages from God?"
Maybe. There are alternatives, though. All QM says about randomness is
that the state of your universe at time t-1 does not completely determine
the state of your universe at time t.
Sometimes, for example, I don't believe in causality, which makes
"randomness" a meaningless concept. (how Zen!)
Sometimes I like to believe in two-way causality, i.e., the correlation of
the photons is caused, in part, by comparing their polarizations at some
point in the future. There may be enough future cause to let a simply
chaotic process, rather than a non-deterministic one, fill in the
information that quantum randomness seems to produce.
It's also possible to believe in "indirect causality", such that information
can disappear from the universe at time t-2 (down a black hole, for
example), only to reappear at time t as a seemingly random event.
And, of course, that popular-though-profoundly-annoying many-worlds
interpretation of QM destroys randomness as well.
>
> --
> The difference between theory and practice is that in theory, theory and
> practice are identical, but in practice, they are not.
nice. How long has that been your .sig?
================
Of course I know there's no life on Mars -- they all live inside!
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
