Cryptography-Digest Digest #804, Volume #13 Mon, 5 Mar 01 06:13:00 EST
Contents:
Re: => FBI easily cracks encryption ...? ("Mxsmanic")
Re: => FBI easily cracks encryption ...? ("Mxsmanic")
Re: => FBI easily cracks encryption ...? ("Mxsmanic")
Re: Monty Hall problem (was Re: philosophical question?) ("Mxsmanic")
Re: Why do people continue to reply to Szopa? (Benjamin Goldberg)
Re: The Foolish Dozen or so in This News Group (Benjamin Goldberg)
Re: => FBI easily cracks encryption ...? (Matthew Montchalin)
Re: => FBI easily cracks encryption ...? (Arturo)
Re: OT: Legitimacy of Governmental Power (Was: Re: => FBI easily cracks encryption
...?) (Joe H. Acker)
Q: Crypto security of pseudo-random sequences (Mok-Kong Shen)
Re: PKI and Non-repudiation practicalities (Mark Currie)
Re: Monty Hall problem (was Re: philosophical question?) (Joe H. Acker)
Re: Monty Hall problem (was Re: philosophical question?) (Joe H. Acker)
Re: => FBI easily cracks encryption ...? ("kroesjnov")
Re: => FBI easily cracks encryption ...? ("kroesjnov")
Re: => FBI easily cracks encryption ...? ("kroesjnov")
----------------------------------------------------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Mon, 05 Mar 2001 08:26:07 GMT
"Open FleshWound" <[EMAIL PROTECTED]> wrote in message
news:VfCo6.1639$[EMAIL PROTECTED]...
> And what happens when someone or group
> nukes the city whithout conversing via email,
> encrypted or otherwise ?
Obviously, they should be required by law to discuss their plans in
unencrypted form _before_ nuking the city!
> McVeigh didn't use encryption ...
> The World Trade Center blew up without the use of
> encryption ...
> Ted Kazinsky didn't use encryption ...
> WACO burned without the use of encryption ...
The desire of law-enforcement and other agencies to be able to read
everyone's e-mail at will has nothing to do with catching bad guys.
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Mon, 05 Mar 2001 08:29:38 GMT
"Mark Livingstone" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Now, as an Australian, I might not be in the country
> being discussed but you do seem to be deprecating
> the FBI somewhat.
Considering how gravely one of their employees has compromised the
nation's security over the past decade and a half, some deprecation
would seem to be in order. I daresay he may have done more damage
himself than all of the spies caught by the FBI during that time.
> As such, why do you think they would NOT have data
> with as much requirement for security as other three
> letter agencies?
They apparently have access to classified information outside the
domains you mention, and I have to wonder why.
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Mon, 05 Mar 2001 08:31:57 GMT
"Mark Livingstone" <[EMAIL PROTECTED]> wrote in message
news:3aa2d578$[EMAIL PROTECTED]...
> I suspect that the average news:rec.guns user or
> IPSC / IDPA competitor has more training with their
> firearms than the average FBI agent; certainly more
> than the average cop as media reports on
> firefights continually prove.
In defense of the FBI, I think that FBI agents are better trained by
orders of magnitude than the average municipal or state cop. There is a
gulf of difference between the two, from what I've understood.
Nevertheless, it is true that law-enforcement agencies of all types tend
to attrack control freaks and people with violent tendencies. It is
difficult to screen for such people, and additionally they are such a
large part of the pool of available labor for these occupations that
screening them out completely would leave most agencies crying for
recruits.
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math
Subject: Re: Monty Hall problem (was Re: philosophical question?)
Date: Mon, 05 Mar 2001 08:41:30 GMT
"Fred Galvin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I pick door #1. Without opening any doors, Monty
> offers me the chance to switch to door #2. I don't
> know what's behind door #3, could be the car, could
> be a goat. However, if the car is behind door #3,
> then it doesn't matter what I do, I'm choosing
> between two goats. Therefore, in deciding what to
> do, I may as well assume that there's a goat behind
> door #3. Now, how does the decision I make, on the
> assumption that there's a goat behind door #3,
> differ from the decision I'd make if Monty opened
> door #3 and showed me a goat?
The difference is this:
When you first pick a door, the chances of it being a new car are 33%,
and the chances of a car being behind one of the other two doors are
66%. However, after Monty shows you what's behind one of the other
doors, the situation changes. After Monty shows you a goat behind one
of the other doors, the chances of your door concealing a car are still
33%, but the chances of the door shown by Monty concealing a car drop to
zero, whereas the chances of the remaining door concealing a car
increase to 66% (because it all has to add up to 100%). And Monty
always shows a door with a goat behind it, never a door with a car
behind it, so this shift in odds always works in favor of the unchosen,
unshown door. Therefore, if you switch choices, you double your chances
of getting the car.
If you build a truth table for all possibilities, you'll see that
switching gives you a better chance of getting the car.
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker
Subject: Re: Why do people continue to reply to Szopa?
Date: Mon, 05 Mar 2001 08:49:35 GMT
Douglas A. Gwyn wrote:
>
> Paul Crowley wrote:
> > Can someone explain this to me? I've never written an article that
> > addressed Szopa directly, and I never plan to; he's clearly a loon
> > who will never learn anything. The only reason to post a followup
> > to something he's written is to warn off newcomers who might
> > otherwise believe some outlandish claim or other. Yet many highly
> > intelligent and knowledgable people waste a great deal of effort
> > trying to explain basic facts about computer security to a man who
> > is clearly unable to grasp them. Why?
>
> I can't speak for others, but my own interest is in an open-forum
> discussion of genuine issues that arise as side effects, such as
> what steps must be taken to genuinely overwrite disk data. The
> topic can be interesting even if its originator is a pain. This
> has also arisen with regard to D.Scott's postings, although he
> has become more civil in most of his recent postings. There have
> been some good ideas and issues worthy of discussion, if one has
> the patience to dig them out and dodge the $#!+-flinging.
I agree with you on most of these points, but I think I disagree about
which of the two is politer. If you look at those of his posts which
only went to alt.hacker, Szopa is actually willing to admit that he
might be wrong (if he hadn't admitted (to himself at least) to being
wrong, he wouldn't have modified his code). I don't think I've seen
D.Scott ever do so. Szopa is merely stubborn, not stubborn and stupid.
Also, Szopa is able to write grammatically correct English. Scott is
too stupid and lazy to even try.
--
The difference between theory and practice is that in theory, theory and
practice are identical, but in practice, they are not.
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker
Subject: Re: The Foolish Dozen or so in This News Group
Date: Mon, 05 Mar 2001 09:14:47 GMT
Crypto Neophyte wrote:
>
> On Sun, 4 Mar 2001 17:22:02 -0600, Anne & Lynn Wheeler wrote
> (in message <[EMAIL PROTECTED]>):
>
> > however, overwriting 27 times is a little harder since
> > straightforward overwrite is likely to just be updating buffer
> > records. frequently multiple overwriting passes consists of
> > different combinations of ones & zeros with the intent of exercising
> > the magnetic flux in different ways on the disk surface.
>
> Ok, please help out a neophyte. I have a program called MACWASHER. The
> box states that it overwrites files according to the DoD directive
> 5220.22-M. It looks like from what I have read on this discussion that
> the above DoD directive doesn't actually do what the DoD thinks it
> does. In other words I am not actually deleting the files and making
> them unrecoverable? When I say unrecoverable I mean to a software
> based attack and not SEM data.
I don't own a mac, nor have I programed on one, so what I say might be
completely wrong, but from discussions I've seen, mac has a rather
strange filesystem. The most obvious part of this strangeness is that
each file has a "resource fork" and a "data fork." It is entirely
possible that Mac, unlike Win* and *nix, has some way (that ordinary
programmers have access to) of forcing the OS level buffers to be
written to disk, and some way of disabling block relocation (due either
to disk compression or bad blocks), and any number of system specific
things.
Not having programmed on mac, I can't say for certain.
For that matter, there might be, on any number of systems,
system-specific ways of doing these things.
Personally, I think that the kind of functionality that Szopa wants his
OverWrite to have ought to be built into the OS.
You would pass a file descriptor, an offset, and a length, and viola, it
would be wiped.
--
The difference between theory and practice is that in theory, theory and
practice are identical, but in practice, they are not.
------------------------------
From: Matthew Montchalin <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Mon, 5 Mar 2001 01:18:06 -0800
On Mon, 5 Mar 2001, Mxsmanic wrote:
|"Mark Livingstone" <[EMAIL PROTECTED]> wrote in message
|news:[EMAIL PROTECTED]...
|> Now, as an Australian, I might not be in the country
|> being discussed but you do seem to be deprecating
|> the FBI somewhat.
|
|Considering how gravely one of their employees has compromised the
|nation's security over the past decade and a half, some deprecation
|would seem to be in order. I daresay he may have done more damage
|himself than all of the spies caught by the FBI during that time.
|
|> As such, why do you think they would NOT have data
|> with as much requirement for security as other three
|> letter agencies?
|
|They apparently have access to classified information outside the
|domains you mention, and I have to wonder why.
The question, here, is why these departments feel that "sharing"
their files so "openly" (to anybody that manages to get through
a presumably VERY leaky firewall) is good for departmental
security. I certainly wouldn't authorize that sort of thing
if >I< were in "control" (whatever that means) of these two agencies.
------------------------------
From: Arturo <[EMAIL PROTECTED]=NOSPAM>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Thu, 01 Mar 2001 09:50:37 +0100
On Wed, 28 Feb 2001 02:12:35 -0700, "Open FleshWound" <[EMAIL PROTECTED]> wrote:
>FBI: Hanssen suspected he was under surveillance
>
>
>The comment came from a letter that FBI officials said was encrypted on a computer
>diskette found in
>a package -- taped and wrapped in a black plastic trash bag -- that Hanssen dropped
>underneath a
>foot bridge in a park in Northern Virginia, immediately before his arrest.
>
Maybe he wrote it in Word ando thought it was safe?
------------------------------
From: [EMAIL PROTECTED] (Joe H. Acker)
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: OT: Legitimacy of Governmental Power (Was: Re: => FBI easily cracks
encryption ...?)
Date: Mon, 5 Mar 2001 10:57:44 +0100
nemo outis <[EMAIL PROTECTED]> wrote:
> Think or thwim, right?
>
> I'm not talking about the current political situation inGermany; I'm talking
> about how easily and quasi-legally a constitution can be subverted,
> *particularly if contains repressice mechanisms.*
No, history has shown the opposite to be true. The Weimarer Republic had
no special means to protect itself against inner threads, and that's one
of the reasons why the Nazis were able to gain power then. In Germany
today, the *suppressive mechanisms* you're talking about have no
executive power at all. For example, in the US there are secret services
that have executive power (like police forces have), in Germany this is
not allowed.
>It seems that the constitution you describe
> contains the seeds of its own destruction.
I really can't understand what makes you think that. Please don't take
this personal, it's not meant that way, but to be honest, I can only
explain your views by words like "ignorance" and "prejudices". Any of
the details about the German constitution I've given so far, has been
developed with care and with the aim to avoid the flaws of other
constitutions (like the Weimarer) in mind. Sure that doesn't mean that
it's perfect, but the governmental system and constitution of Germany is
one of the hardest to subvert. That's something the founders of the
German constitution and the Allied forces, expecially France and the US,
took a lot of care of.
Of course in the detail, there's a lot of open questions. For example,
there are many people in Germany who think that restrictions on the
freedom of speech to protect democracy don't make sense. I must confess
that I don't have any fixed opinion on that.
Regards,
Erich
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Q: Crypto security of pseudo-random sequences
Date: Mon, 05 Mar 2001 11:12:11 +0100
If one has a statistically good pseudo-random sequence, e.g.
one from the Mersenne Twister, and post-process it through
the following methods:
(1) Encryption with AES.
(2) Hashing with SHA-1.
(3) Using groups of n bits (e.g. n=24) to index the binary
digits of Pi.
(4) Further processing any of the above by taking the parity
of groups of m bits.
which of these can qualify (or not qualify) as crypto-secure
pseudo-random sequences? Why?
Thanks in advance.
M. K. Shen
=========================
http://home.t-online.de/home/mok-kong.shen
------------------------------
Subject: Re: PKI and Non-repudiation practicalities
From: [EMAIL PROTECTED] (Mark Currie)
Date: 05 Mar 2001 10:31:32 GMT
In article <7JTn6.1182$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>
>2 answers
>Not yet much literature on the practical issues. The PKI vendors are
>building CA component systems for the wrong business model.
>
What areas do you think that they should be focussing on ?
>Non-repudiation of what?
>- The existence of an unaltered message?
>- or proof that I digitally signed the message that appears to be from me
>(thus becoming an electronic signature).
I was mainly referring to the latter, but the former would also have to be
included in this this proof.
>Common PKi does the former well enough, alebit with the overheads you
>mention. Totally useless with the latter, since non-Public key technology
>is an essential component required to acheive this outcome.
>
>Lyal
I think that the asymetric nature of PK helps, but as we agree, you need much
more. What other non-Public key technology do you think is needed ?
Mark
>
>
>Mark Currie wrote in message <3a9f90cc$0$[EMAIL PROTECTED]>...
>>Hi,
>>
>>Non-repudiation is often used as a selling point for PKI but this can be
>>misleading. Non-repudiation requires additional infrastructure such as
>>databases for storing each signed message together with its corresponding
>>signature. In high-throughput applications the amount of storage needed can
>be
>>very large indeed. There are many applications of public key cryptography
>(i.e.
>>communications security) where Non-repudiation is impractical because of
>the
>>storage requirement. Non-repudiation would also require independent
>validation
>>services that are capable of verifying the message originator given a
>message,
>> signature & certificate. These services would have to demonstrate a high
>level
>>of trustworthiness since the output is likely to be a simple Yes/No. The
>full
>>implications of supporting Non-repudiation may not be that clear to PKI
>>customers and their application developers. The message that often comes
>across
>>is that PKI / PK technology gives you Non-repudiation. It does not. It
>seems to
>>me that there needs to be more information around the practical
>implementation
>>of Non-repudiation.
>>
>>It is possible that these issues are now being addressed by PKI vendors.
>Does
>>anyone know of any literature that covers the practical issues around
>>Non-repudiation ?
>>
>>Mark
>>
>
>
------------------------------
From: [EMAIL PROTECTED] (Joe H. Acker)
Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math
Subject: Re: Monty Hall problem (was Re: philosophical question?)
Date: Mon, 5 Mar 2001 11:28:52 +0100
Mxsmanic <[EMAIL PROTECTED]> wrote:
> When you first pick a door, the chances of it being a new car are 33%,
> and the chances of a car being behind one of the other two doors are
> 66%. However, after Monty shows you what's behind one of the other
> doors, the situation changes. After Monty shows you a goat behind one
> of the other doors, the chances of your door concealing a car are still
> 33%, but the chances of the door shown by Monty concealing a car drop to
> zero, whereas the chances of the remaining door concealing a car
> increase to 66% (because it all has to add up to 100%). And Monty
> always shows a door with a goat behind it, never a door with a car
> behind it, so this shift in odds always works in favor of the unchosen,
> unshown door. Therefore, if you switch choices, you double your chances
> of getting the car.
I have problems with this explanation. If Monty opens door 3 *before*
------------------------------
From: [EMAIL PROTECTED] (Joe H. Acker)
Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math
Subject: Re: Monty Hall problem (was Re: philosophical question?)
Date: Mon, 5 Mar 2001 11:28:53 +0100
> When you first pick a door, the chances of it being a new car are 33%,
> and the chances of a car being behind one of the other two doors are
> 66%. However, after Monty shows you what's behind one of the other
> doors, the situation changes. After Monty shows you a goat behind one
> of the other doors, the chances of your door concealing a car are still
> 33%, but the chances of the door shown by Monty concealing a car drop to
> zero, whereas the chances of the remaining door concealing a car
> increase to 66% (because it all has to add up to 100%). And Monty
> always shows a door with a goat behind it, never a door with a car
> behind it, so this shift in odds always works in favor of the unchosen,
> unshown door. Therefore, if you switch choices, you double your chances
> of getting the car.
Here's a problem I have with this explanation: Why can't I say that when
Monty opens door 3, there's new evidence: the car is not behind door 3.
Thus, the probability that the car is behind door 1 is 1/2, and the
probability that it's behind door 2 is also 1/2. Therefore, there should
be no better chances if I switch to door 2. The same argument applies
when Monty opens door 2.
If Monty knows where the car is, and never opens the door with the car
behind (as has been assumed), then the probability to win has to be 1/2.
>From the beginning, my chances to win were 1/2, because Monty always
opens a door that doesn't contain the car. If he didn't open a door or
he would open a door randomly, my chances would be 1/3. What's wrong
with that view?
Regards,
Erich
------------------------------
From: "kroesjnov" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Mon, 5 Mar 2001 11:43:22 +0100
> <snip>
> >
> >I am willing to trade some privacy for safety.
> <snip>
>
> So basically, you are saying that you'll trade your privacy to be a sheep?
I.e.
> you'll give up your rights so that the goverment can play the role of
> sheepherder?
I believe the keyword is 'some' as you should understand.
And no, I am not willing to do everything my government say`s, and no, I
will not let them in full control off my life.
I just think that safety from terrorists and foreign army`s weights more me
me, then absolute privacy. This does not mean I do not want any privacy...
"Wisdom lies not in obtaining knowledge, but in using it in the right way"
kroesjnov
email: [EMAIL PROTECTED] (remove nov to reply)
UIN: 67346792
pgp fingerprint: 4251 4350 4242 7764 80DA DB1C E2B2 850A DF15 4D85
------------------------------
From: "kroesjnov" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Mon, 5 Mar 2001 11:44:33 +0100
> <snip>
> >
> >I am willing to trade some privacy for safety.
> <snip>
>
> So basically, you are saying that you'll trade your privacy to be a sheep?
I.e.
> you'll give up your rights so that the government can play the role of
> sheepherder?
I believe the keyword is 'some' as you should understand.
And no, I am not willing to do everything my government say`s, and no, I
will not let them in full control off my life.
I just think that safety from terrorists and foreign army`s weights more
me, then absolute privacy. This does not mean I do not want any privacy...
"Wisdom lies not in obtaining knowledge, but in using it in the right way"
kroesjnov
email: [EMAIL PROTECTED] (remove nov to reply)
UIN: 67346792
pgp fingerprint: 4251 4350 4242 7764 80DA DB1C E2B2 850A DF15 4D85
------------------------------
From: "kroesjnov" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Mon, 5 Mar 2001 11:47:26 +0100
> > I personally want some degree of protection against
> > being possibly blown up or infected with some nasty
> > genetically engineered, long-incubation-period,
> > highly-contagious, high-fatality disease.
>
> And once you have that protection, what will you do with it?
Be happy...
"Wisdom lies not in obtaining knowledge, but in using it in the right way"
kroesjnov
email: [EMAIL PROTECTED] (remove nov to reply)
UIN: 67346792
pgp fingerprint: 4251 4350 4242 7764 80DA DB1C E2B2 850A DF15 4D85
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
