Cryptography-Digest Digest #786, Volume #13 Sat, 3 Mar 01 06:13:01 EST
Contents:
Completly wiping HD: forget it, it can't be done. (Paul Rubin)
Re: beyond "group signatures": how to prove sibling relationships? (Benjamin
Goldberg)
Re: Fractal encryption? ("John A. Malley")
Re: Completly wiping HD (Guy Macon)
Re: HPRNG ("Matt Timmermans")
Re: => FBI easily cracks encryption ...? (Tony L. Svanstrom)
Re: => FBI easily cracks encryption ...? ("kroesjnov")
Re: => FBI easily cracks encryption ...? ("kroesjnov")
Re: => FBI easily cracks encryption ...? ("kroesjnov")
Cryptanalysis of GOST? ("Rebus Mauser")
Re: => FBI easily cracks encryption ...? ("Michael Brown")
----------------------------------------------------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Completly wiping HD: forget it, it can't be done.
Date: 02 Mar 2001 22:13:37 -0800
David Griffith <[EMAIL PROTECTED]> writes:
> I wish to completly wipe a 2gig harddisk. There is now no data i want to
> keep, however neither do i want anything to be recoverable.
If you really want to totally trash the data on your disk, you must
forget all those software things you were asking about. The only
thing you can really do is take the drive apart, and sand the oxide
off the platters with a grinding wheel. Then heat the metal discs to
above the curie point for several minutes, to get rid of any remaining
magnetization. Or better yet, melt them. Or slag the whole drive in
a blast furnace.
There is absolutely no way that software can 100% reliably totally
erase a disk. You have no idea what the capacity of the disk really
is. When you say 2 gig, it means 2 gig are available for your files.
But the real capacity might be, say 2.1 gig, because there are
reserved areas for flushing the internal drive cache on powerdown, for
forwarding bad sectors to as the firmware detects them, and whatever
else. All this happens completely behind the scenes and you have no
way to know whether any of your data has ever been written to those
areas. The areas are simply not externally visible.
You simply cannot be sure you have totally destroyed the data, except
by physically destroying the drive.
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: beyond "group signatures": how to prove sibling relationships?
Date: Sat, 03 Mar 2001 06:37:06 GMT
I'm not sure if this is quite what you want, but what about ElGamal type
PK systems? Either ECC, or DH.
ECC/ElGamal encryption works as follows:
Common to both parts:
some curve with many points on it. The more, the merrier :)
The private key
a = a random integer
The public key:
P = a random point
Q = aP
Encrypt:
r = a random integer
ct = (rP,rQ + pt)
Decrypt:
pt = ct[1] - a*ct[0]
Call a, T, and call (Pi,Qi), (Pj,Qj), Ci and Cj.
As many public keys as desired can be created from one private key.
They could be considered siblings.
AFAIKS, (1) and (2) are fulfilled.
(3) It is possible to prove that T is the parent of Ci, simply by
encrypting a random nonce with Ci, and decrypting with T, and sending
the nonce back to the holder of the Ci.
(4) To learn that Ci and Cj are siblings, with the help of T:
r0 = a random number
r1 = a random point
ct = (r0(Pi+Pj), r0(Qi+Qj)+r1)
Ask T to decrypt this.
T sends back a plaintext, which has the value r1 iff Ci and Cj are
siblings.
I think that (4b) is also fulfilled, but I'm not certain what is mean by
anonymously, in (4a).
--
The difference between theory and practice is that in theory, theory and
practice are identical, but in practice, they are not.
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Fractal encryption?
Date: Fri, 02 Mar 2001 22:44:21 -0800
David A Molnar wrote:
[snip]
> Besides eprint.iacr.org, what other preprint archives/sites are there worth
> looking at in cryptography?
I only know of and monitor (on an at-least weekly basis) two preprint
services - the IACR and the LANL sites.
The LANL site covers number theory, group theory, physics and cryptology
preprints. There's a computer science specific subject index at
http://xxx.lanl.gov/archive/cs
and a mathematics specific subject index at
http://xxx.lanl.gov/archive/math
and there's the already cited IACR cryptology preprint site at
http://eprint.iacr.org
Does anyone know any more crypto preprint sites? Google search didn't
reveal any more to me.
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Completly wiping HD
Date: 03 Mar 2001 08:53:47 GMT
Albert P. Belle Isle wrote:
Good info! thanks!
I use a floppy disk and a fireplace to wipe my info.
Let them try to recover *THOSE* bits!
>Forensic disk data recovery attacks attempt to read "deleted" (or
>inadequately overwritten) magnetically stored data on your disk either
>
>(1) through its drive controller connector, using PC-hosted software;
>(2) through its drive heads, bypassing the disk's controller circuits;
>or
>(3) directly on each disk platter's recording surface in a clean-room.
>
>Class 1 ("keyboard") attacks can be mounted directly with forensic
>software, hosted on your PC or on the attackers' PC. These
>software-based attack measures can be countered with software-based
>countermeasures; viz., any kind of disk data overwriting (such as
>Clearing per DOD 5220.22-M).
>
>Class 2 ("laboratory") attacks use special amplifiers and signal
>processing to extract previously recorded data from under subsequent
>overwrites. They rely on increased capabilities over the disk's
>on-board electronics. Sanitizing per DOD 5220.22-M was designed to
>counter such attacks by increasing the noise-to-signal ratio beyond
>their capabilities.
>
>Many (but not all) INFOSEC people believe that the increased
>signal-processing sophistication of the on-board controllers required
>to even read the last-written data has kept Sanitizing ahead in this
>particular measure/countermeasure race. However, most question the
>adequacy of Sanitizing in protecting older, lower-density disks
>(especially diskettes) against the most modern and sophisticated Class
>2 attacks.
>
>Class 3 ("cleanroom") attacks (such as with magnetic force
>microscopy), are generally considered able to penetrate any software
>countermeasures, including _any_ kind of overwriting. They are very
>costly techniques to use to recover the entire image-as-it-used-to-be
>of an overwritten multi-gigabyte disk, as opposed to a few
>specifically targeted bytes, however.
>
>(Try getting a quote for recovery of overwritten data - not just
>"reformatted" drive contents.)
>
>Nevertheless, any data of sufficient value to intelligence services or
>comparably-funded adversaries should not have its confidentiality rely
>upon overwriting countermeasures.
>
>The value of your data to the kinds of attackers who can use each
>class of techniques will determine whether you must counter that
>class.
>
>This is the basis for requiring defense contractors to use Clearing or
>Sanitizing per DOD 5220.22-M (for re-use or for disposal,
>respectively) of media containing data classified as Confidential or
>Secret, while requiring NSA-approved degaussing and destruction for
>Top Secret media.
>
>According to the Navy's Magnetic Remanence Guidebook, a Type II
>degausser (351-to-750 Oersteds) - preferrably an evaluated model
>from the NSA's Degausser Products List - is required for Purging hard
>drives. This removes even the servo tracking data, making the drive
>totally unusable, as well as suitably free of Classified data.
>
>The three armed services' standards for disk data overwriting are
>NAVSO P5239-26, AFSSI-5020 and AR 380-19, respectively.
>
>If your main concern is "keyboard attacks," such as with forensic
>software or disk sector editors, IBM's free WIPE.EXE utility from
>their website overwrites all software-accessable sectors with zeros,
>restoring the disk to "as-new" condition.
>
>
>Albert P. BELLE ISLE
>Cerberus Systems, Inc.
>================================================
>ENCRYPTION SOFTWARE with
> Forensic Software Countermeasures
> http://www.CerberusSystems.com
>================================================
------------------------------
From: "Matt Timmermans" <[EMAIL PROTECTED]>
Subject: Re: HPRNG
Date: Sat, 03 Mar 2001 09:19:49 GMT
"Benjamin Goldberg" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Matt Timmermans wrote:
>
> > Sometimes, for example, I don't believe in causality, which makes
> > "randomness" a meaningless concept. (how Zen!)
>
> I sorta understand the other things in this post, but not this. Not
> believe in causality? What does that mean, and what does it imply?
In the causal view, the universe is a 3-dimensional space in which things
happen over time, and in which things that happen "earlier" determine, to a
large extent, things that happen later. Over time it evolves according to
the laws of physics, and these laws create "patterns" that hold invariably
over the entirety of space-time.
In the non-causal view, the universe is a 4-dimensional object that simply
is. Its structure is arranged in patterns that we call the laws of physics.
These patterns imply correlations between parts of this object, but to say
that any one part (the past) causes another (the future) just because we
happened to see that part first is overly presumtuous.
After a game of scrabble has been played, for example, you're left with a
valid scrabble board position. It has a definite sturcture that was created
by the application of the rules of scrabble throughout its evolution. After
the game has been played, however, there is no way to tell in what order the
words were layed down, and there are many other ways you can make valid
positions without playing scrabble. In fact, you could define the set of
valid scrabble end positions without making any reference at all to the
taking of turns and the playing of the game.
The non-causal universe is like this scrabble board after the game has been
played -- you can pick an arbitrary order for the words, and infer
cause-effect relationships based on that ordering, but the ordering _is_
arbitrary. In reality, the board (and the universe), simply has manifest
patterns that we can recognize even when we even we scan it from
left-to-right (or early to late).
> > Sometimes I like to believe in two-way causality, i.e., the
> > correlation of the photons is caused, in part, by comparing their
> > polarizations at some point in the future. There may be enough future
> > cause to let a simply chaotic process, rather than a non-deterministic
> > one, fill in the information that quantum randomness seems to produce.
>
> Hmm. Of course, you might want to consider that, from the point of view
> of the photon, it's creation(emmision) and destruction(absorbtion) occur
> simultaneously, due to relativity. Hmm. Perhaps you *are* considering
> that, and from that got your two-way causality conclusion -- after all,
> if you're a photon, then to you, birth, death, and everything in between
> all all take place simultaneously, then you can't say that one thing
> happened before another... so "later" things /could/ indeed "cause"
> "earlier" things.
Again the idea is that the unidirectional flow of time is an illusion caused
by our inability to remember the future. Observations do not rule out the
possibility of real future causes. If there were to be no future event in
which the polarizations of the photons are compared, then their
polarizations would not necessarily be correlated. The measurement in the
future can cause the event in the past. When a quantum event happens, it
appears random, but the possibility exists that some events in the future
are as predetermined as events in the past, and the quantum event had to
happen the way it did in order to satisfy those future preconditions.
In this view, the universe unfolds like the solution to a mystery. Sherlock
will determine facts about events that are spread out over time, and _then_
fill in intermediate events according to their plausibility.
> > It's also possible to believe in "indirect causality", such that
> > information can disappear from the universe at time t-2 (down a black
> > hole, for example), only to reappear at time t as a seemingly random
> > event.
>
> Huh?
This one challenges our intuition that the state of the universe is a
continuous function whose deterministic components at any time can be
completely determined by its value at any other time.
It is quite possible, instead, that the function is discontinuous, and that
there are laws of physics which relate the state of the present universe to
the state of the universe at some time in the not-necessarily-immediate
past. If we haven't recorded or considered this past information that
affects the present state, then its effects appear random. In other words,
you can have determinism without predictability.
> > And, of course, that popular-though-profoundly-annoying many-worlds
> > interpretation of QM destroys randomness as well.
>
> Randomness, yes, but not unpredictableness. If many-worlds is true,
> there is no way to determine which of them we are going to be in; and if
> we are measuring some quantum phenomenon, and have recoded bot not
> looked at the recording, there is no way to determine which one we are
> in.
Right. Again, determinism without predictability. This applies to all of
the above, because QM does guarantee _unpredictable_ events. But again,
this just means that you can't determine the future by measuring the
present. It it still possible that measurments in the future could reveal a
key that you generated in the past.
> Umm. Does the probability wave collapse when the phenomena is recorded,
> or when a human looks at it? If it's the later, not the former, are we
> able to tell?
This is the question that always leads me into the non-causal view. QM
doesn't say anything about us human observers that doesn't apply to every
other physical object. If the wave function is real, then it is highly
unlikely that it "collapses" at all. The apparent collapse is a subjective
thing that has a lot more to do with how we see the world than with the
world itself.
------------------------------
Subject: Re: => FBI easily cracks encryption ...?
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Date: Sat, 03 Mar 2001 10:03:05 GMT
Michael Brown <[EMAIL PROTECTED]> wrote:
> "Tony L. Svanstrom" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Nemo psj <[EMAIL PROTECTED]> wrote:
> >
> > > Makes you want to use undisclosed algorithms made with home grown stream
> > > ciphers doesnt it.. Because you know if it has a password box or a
> source
> > > code for it somewhere its security is basicly ZERO.
> >
> > Yeah, right, if you have the source code you can crack any code... and
> > if you give it a password... wow... then it's so crackable... Some one
> > needs to do his homework...
> >
> >
> > /Tony
> > PS I dunno, I think I must be too tired to understand what he's really
> > saying...
> I think he's saying "password logger" and "modified executable" :)
Ooooooh... that does make more sense; gotta stop with the midnight-
postings. ;)
/Tony
------------------------------
From: "kroesjnov" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Sat, 3 Mar 2001 11:16:40 +0100
> > Could not agree more with you.
> > Although I am not an American, I would not mind, if the BVD (Dutch
National
> > Intellegence service) would have this abillity.
> > I think they (Like any other country`s national intellegence service)
should
> > try their very best, to make this possible...
>
> Were you in Holland when the Nazi's invaded and took over all the police
> records?
(Well this is going to be a touchy discussion...)
Nope, I was not there.
I am only 19 years old.
I think this is slightly off the topic, but I will run with it any way:
I assume you are refering to the fact, that the Dutch administration (and
with that, the National Intellegence agency) on people was to good organized
(Thinks like race and religion where also archieved, so that the Nazi`s had
a very easy job, finding out who was off jewish origin).
If you want my opinion on this: This was wrong afcourse, and so history has
teached us (The hard way).
Yet I do not see the connection to the ability off a Secret Service being
abble to crack an encrypted message (With effort afcourse), So that
Terrorist could be intercepted, who are going to bomb some building in The
Netherlands, or any other Country in the World.
Did I assume wrong, on what you are referring to? Or do I just missed the
point you were trying to make?
Please be patience with me, I may be slow off understanding...
"Wisdom lies not in obtaining knowledge, but in using it in the right way"
kroesjnov
email: [EMAIL PROTECTED] (remove nov to reply)
UIN: 67346792
pgp fingerprint: 4251 4350 4242 7764 80DA DB1C E2B2 850A DF15 4D85
------------------------------
From: "kroesjnov" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Sat, 3 Mar 2001 11:22:16 +0100
> Sometimes you don't know what you have until it's gone.
That`s a fact for sure.
And it goes double for the National and International safety many off us
take for granted... When war breaks out, we will all - in a split second -
understand what we have right now...
> I'm sure the BVD would like to have this ability, too!
And with them, any other country`s Intelligence service...
And because, not every country has the ability to set up a country wide
Security network, I do understand why a World wide intelligence service like
Echelon would have more pro`s over the con`s (Well, that`s going to be good
for a good discussion I guess :)
"Wisdom lies not in obtaining knowledge, but in using it in the right way"
kroesjnov
email: [EMAIL PROTECTED] (remove nov to reply)
UIN: 67346792
pgp fingerprint: 4251 4350 4242 7764 80DA DB1C E2B2 850A DF15 4D85
------------------------------
From: "kroesjnov" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Sat, 3 Mar 2001 11:29:10 +0100
> In Germany the Nazis came first for the Communists; and I didn't
> speak up because I wasn't a Communist.
> Then they came for the Jews, and I didn't speak up because I
> wasn't a Jew.
> Then they came for the trade unionists, and I didn't speak up
> because I wasn't a trade unionist.
> Then they came for the Catholics, and I didn't speak up because
> I was a Protestant.
> Then they came for me, and by that time there was no one left to
> speak for me.
>
> Pastor Martin Niemoller
Strong one.
"Wisdom lies not in obtaining knowledge, but in using it in the right way"
kroesjnov
email: [EMAIL PROTECTED] (remove nov to reply)
UIN: 67346792
pgp fingerprint: 4251 4350 4242 7764 80DA DB1C E2B2 850A DF15 4D85
------------------------------
From: "Rebus Mauser" <[EMAIL PROTECTED]>
Subject: Cryptanalysis of GOST?
Date: Sat, 03 Mar 2001 10:43:39 GMT
Is anything known about practical attacks on the GOST algorithm? I found a
related-key differential attack which cannot be practically extended to the
full 32 round cipher and a chosen-key attack which recovers the _secret_
s-boxes with 2^32 encryptions, however i think this attack is mainly useful
against dedicated hardware implementations. Also you have to keep in mind
that even if the s-boxes are known, the algorithm itself isn't broken yet. I
conclude that GOST still can be seen as secure, please tell me if I'm
wrong...
------------------------------
From: "Michael Brown" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Sun, 4 Mar 2001 00:01:19 +1300
"Jim Taylor" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Sometimes I wonder about these groups. Are you all drug dealers or
> something? What would be so bad about the FBI or NSA, with considerable
> effort and expense, being able to decrypt a PGP message? Aren't they the
> good guys trying to protect _us_ against spies, terrorists and organized
> crime? If they had an encrypted message in their hands detailing a plan
to
> nuke your city, none of you would want them to be able to decrypt it?
>
> As long as the cost for decrypting a PGP message is too high to go looking
> for petty crimes, so what if they could decode one if they wanted to?
They
> would never let the cat out of the bag that they had the ability for even
> someone like Hanssen, so I think all your porno is safe.
>
> Don't get me wrong, I use and like PGP, but it's not the NSA and FBI that
I
> worry about. I simply want to keep some things private from co-workers,
ISP
> employees and the like, and there's no doubt that PGP works very well for
> that.
>
> --
> Jim Taylor
We've got a honkin' great big Echelon station down here (New Zealand) so I
better not disagree :)
Michael
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
