Cryptography-Digest Digest #807, Volume #13 Mon, 5 Mar 01 14:13:01 EST
Contents:
Re: => FBI easily cracks encryption ...? (Fogbottom)
Re: Rabin's Unbreakable Code ([EMAIL PROTECTED])
Ronald Lauder, Wave Communication, RSL Communications, Jews, Finnish Government,
Lipponen from Markku (Los Angeles) ([EMAIL PROTECTED])
Re: HPRNG (Mike Rosing)
Re: OverWrite freeware completely removes unwanted files fromharddrive ("Dan Beale")
Re: => FBI easily cracks encryption ...? (Fogbottom)
Re: beyond "group signatures": how to prove sibling relationships?
([EMAIL PROTECTED])
Re: super strong crypto, phase 3 (David Wagner)
A question to John Savard ("Roman E. Serov")
Re: => FBI easily cracks encryption ...? (Fogbottom)
Re: passphrase question ([EMAIL PROTECTED])
Re: Monty Hall problem (was Re: philosophical question?) (Fred Galvin)
Re: Monty Hall problem (was Re: philosophical question?) (Arturo Magidin)
Re: Again on key expansion. ("Cristiano")
----------------------------------------------------------------------------
Date: 5 Mar 2001 18:21:35 -0000
From: [EMAIL PROTECTED] (Fogbottom)
Subject: Re: => FBI easily cracks encryption ...?
Crossposted-To: alt.security.pgp,talk.politics.crypto
In article <1aIo6.71775$[EMAIL PROTECTED]>
"Mxsmanic" <[EMAIL PROTECTED]> wrote:
> In defense of the FBI, I think that FBI agents are better
trained by
> orders of magnitude than the average municipal or state cop.
There is a
> gulf of difference between the two, from what I've understood.
You've been watching "The FBI Story" a bit too often.
The one (and probably only) thing J. Edgar Hoover accomplished
in his career was to set up an FBI propaganda machine that
Joseph Goebbels would have envied. Now that J. Edgar is
roasting in Hell, many of the FBI's foibles are coming to light.
It's true that there are some local cops who are very poorly
trained, especially in rural areas that can't afford to send
them to police academies or which appoint the mayor's brother in
law as police chief.
But in general, local cops are just as well trained as FBI
special agents and actually have far more street experience.
> Nevertheless, it is true that law-enforcement agencies of all
types tend
> to attrack control freaks and people with violent tendencies.
It is
> difficult to screen for such people, and additionally they are
such a
> large part of the pool of available labor for these
occupations that
> screening them out completely would leave most agencies crying
for
> recruits.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Rabin's Unbreakable Code
Date: 05 Mar 2001 10:22:37 -0800
[EMAIL PROTECTED] (Ben Cantrick) writes:
> The sender and receiver have to agree on a time to start recording
> the random bits that are being continually broadcasted, and also how
> many bits to record. And then they have to store the bits so they
> can use them to encrypt the message later.
Plus they agree on a pseudo random number generator to tell which
subset of the bits to keep, they don't just grab a bunch of
consecutive bits.
> At this point, you start to get an idea as to why most crypto
> people aren't that excited about Rabin's idea. If you can securely
> tell someone a piece of info, like a time and a number of bits, why
> didn't you just give them a one-time encryption pad while you were
> at it? That also has the advantage that nobody can record your
> one-time pad because it's not being broadcast to the public.
And by the same reasoning, AES is useless, "because if you can
securely tell someone a piece of info, like the AES key, why didn't
you just give them a one-time encryption pad while you were at it?"
Obviously, the point is that the size of the shared secret needed to
agree on how to index into the broadcast is much smaller than the size
of a full one-time pad. You combine a small-sized shared secret with
large-sized broadcast data to get the effect of a large-size OTP.
> About all Rabin's scheme buys you is that you don't have to know how
> to build a decent random number generator. In all other respects it's
> just a standard one-time pad.
Nonsense, building a decent RNG is crucial for Rabin's scheme, because
it depends on the randomness of the shared bit string. And it is not
at all like a standard OTP because the whole point is that the size of
the shared secret is small.
Alpha
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.security,comp.security,alt.2600
Subject: Ronald Lauder, Wave Communication, RSL Communications, Jews, Finnish
Government, Lipponen from Markku (Los Angeles)
Date: 5 Mar 2001 18:25:09 GMT
During my information search yesterday I discovered some additional truths.
Basically, Ronald Lauder
(the Chaiman of Presidents of all major American Jewish Organizations) is also
the owner of RSL Communications.
http://www.rslcom.com/network/
This corporation is actively operating in telecommunications operator business
and providing its services to many customers. One of these customers is
the government of Finland, the Prime Minister's Office (Paavo Lipponen) of
Finland and all other ministries of Finland except the Justice. Paavo
Lipponen has been
instrumental in further integrating Finland to the EU and so losing the
independency of Finland. He is also the member of the Bilderberg Group
(attended the meeting in June, 2000).
So it is more than likely that the government of Finland was fully aware of
the U.S. NSA's microwave / electromagnetic attack against me. I have
described details of my experiences in the past. Basically, I started
writing things such as the fact that Estee Lauder was the head of all Jews
etc., although I had not known any of these issues before. This beaming
started when I purposefully left the message to my own private
voicemail box in BellSouth saying "Your grandparents may remember this German
song, Eerika." And that "There is no historical precedent to put the words to
the mouth of the President: There are too many Jews in the White House." I
also started receiving
perceptions that I had to go to Estee Lauder at Rich's to relieve my headache
caused by this beaming (which I thought was a kind of crazy at the time - but
now I and you know the truth). They were using military intelligence beaming
technologies to communicate perceptions
and messages to my mind (which indeed sounds carzy, but unfortunately true)
and so in the process they stole my spouse, destroyed my business and
attacked against me, a businessman.
This was on 9/21/1999. I knew that somebody (the U.S. government) was spying
on me for long time before these events started in 1999
as I have written earlier on the USENET.
Markku from Los Angeles
Markku J. Saarelainen, Independent Consultant
P.S. No wonder they tried to do everything to prevent me from writing my
message on the USENET as it was already learned in 2000.
----- Posted via NewsOne.Net: Free (anonymous) Usenet News via the Web -----
http://newsone.net/ -- Free reading and anonymous posting to 60,000+ groups
NewsOne.Net prohibits users from posting spam. If this or other posts
made through NewsOne.Net violate posting guidelines, email [EMAIL PROTECTED]
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: HPRNG
Date: Mon, 05 Mar 2001 12:34:57 -0600
Darren New wrote:
> What you mean is that scientists also participate in politics and religion.
> Not that science is political or religious. To the extent that scientists do
> bad science to advance their politics or religion, they're not scientific.
Science is just as political and religious as any other human endevour. It
changes faster, that's all ;-)
>
> > We're way OT for this forum, so I'll stop with this.
>
> At least it has some "sci." in it, which is more than many of the threads
> here. ;-)
Anthropology, sociology and biology are all (or can be) self referential
science. The crypto comes from decoding sense from nonsense. So maybe
it's off topic, and maybe it's just a fun problem to work on :-)
Patience, persistence, truth,
Dr. mike
------------------------------
Reply-To: "Dan Beale" <[EMAIL PROTECTED]>
From: "Dan Beale" <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker
Subject: Re: OverWrite freeware completely removes unwanted files fromharddrive
Date: Mon, 5 Mar 2001 18:35:23 -0000
"Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Dan Beale wrote:
> >
> > "Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
>
> How about using the numbers from the public lotteries? No, guess
> not. That would be flawed as well. Some of those balls are not
> perfect spheres. Some are heavier than others. Some have more
> paint and the surface area that the paint covers on each ball
> varies and the friction on each ball varies and and and...
in the uk there are two machines, and two sets of balls. With on set of
balls, and one machine, it would be reasonably easy to crunch the numbers
and pick more probable numbers.
the big flaw in your system is reliance on the user, who have been shown
many times to be fallible.
------------------------------
Date: 5 Mar 2001 18:40:32 -0000
From: [EMAIL PROTECTED] (Fogbottom)
Subject: Re: => FBI easily cracks encryption ...?
Crossposted-To: alt.security.pgp,talk.politics.crypto
In article <97vqkv$2pgkv$[EMAIL PROTECTED]>
"kroesjnov" <[EMAIL PROTECTED]> wrote:
> I just think that safety from terrorists and foreign army`s
weights more me
> me, then absolute privacy.
That's just *exactly* what the residents of Germany said in 1933.
Look at the outcome.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: beyond "group signatures": how to prove sibling relationships?
Date: 05 Mar 2001 10:40:31 -0800
Fen Labalme <[EMAIL PROTECTED]> writes:
> crypto problem to solve:
Very interesting problem (quoted in full below)!
I have a solution but it requires an additional assumption: that there
is some kind of certificate authority or public registry which binds
people to their keys. That is, it must be impossible for anyone to
disavow the key which is assigned to them.
With this assumption, the crucial step is that each person's key actually
has two components: a regular public/private key K, and a "hidden"
public/private key H which they don't know the private part of.
The parent knows the private part of H, but the child only knows the
private part of K. Nevertheless both K and H are bound to the child
and publicly known as part of that child's identity.
For general use, only K is used to make signatures. However signatures
by H play a role as well.
When the parent creates the children, he issues a signature using the
child's H key on his own key T.
Now he can solve the problems:
> 1) Ci, Cj, Ck cannot prove who its parent (T) is
They do not have the signature with their H keys on T, only T has
them, hence they cannot prove it.
> 2) Ci, Cj, Ck cannot prove they are siblings
Likewise as for number (1).
> 3) T can prove parenthood of children (e.g. Ci, Cj, and/or Ck)
He can show a signature with H on T.
> 4) T is able to prove Ci and Cj are siblings
By showing that both are children.
> 4a) (4), but T can do so anonymously
This is harder: he has to prove there exists a key which is signed
by the H keys of both children. Some of the group signature schemes
allow this.
> 4b) (4) or (4a) without leaking proof that Ck is also a sibling
The (4a) solution also solves this.
One problem with this solution is that if person T actually has two
different keys, he can show either one as part of the other's
children, since he knows all the required data. This might be
addressed by also requiring that T be signed by the child's K key,
which would require the child to acknowledge his parent.
Alpha
===
> crypto problem to solve:
>
> the players (sorry if the notation is non-standard):
>
> T a "parent" public key pair
>
> use of T's secret key may be involved in the generation of its "child" nyms:
>
> Ci a "child" of T (public key pair) named "i"
> Cj a "child" of T (public key pair) named "j"
> Ck a "child" of T (public key pair) named "k"
>
> desired properties:
>
> 1) Ci, Cj, Ck cannot prove who its parent (T) is
>
> 2) Ci, Cj, Ck cannot prove they are siblings
>
> 3) T can prove parenthood of children (e.g. Ci, Cj, and/or Ck)
>
> 4) T is able to prove Ci and Cj are siblings
>
> 4a) (4), but T can do so anonymously
>
> 4b) (4) or (4a) without leaking proof that Ck is also a sibling
>
> discussion:
>
> the closest thing I have found to this problem is "Group Signatures" in
> section 4.6 of _Applied Cryptography_.
>
> since T creates Ci, Cj and Ck, it can keep copies of their secret keys and
> act as a trusted third party ("Trent"). so far, so good.
>
> 1) Trent's children cannot prove who their parent is - this is easy, too.
>
> 2) Trent's children cannot connect themselves to each other as siblings,
> unless trustworthy Trent publishes a "master list" of connected keys
>
> 3) Trent can prove parenthood by signing a message signed by Ci (which is
> can forge since he know's Ci's secret key), but this has a bug:
>
> Trent could claim ownership of any child
> (including children it did not parent)
> simply by signing a message that that child has signed
>
> 4) In the same vein, Trent can prove Ci and Cj are siblings only so far as
> you trust Trent.
>
> There ought to be a way for Trent to undeniably prove parenthood.
> Further, anonymous proof of connection should be possible.
>
> Any ideas or pointers will be most gratefully accepted.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: super strong crypto, phase 3
Date: 5 Mar 2001 18:44:50 GMT
Reply-To: [EMAIL PROTECTED] (David Wagner)
Douglas A. Gwyn wrote:
>So far it is clear that a known-plaintext attack is infeasible.
How do you know? It is not clear to me. Do you have a proof?
------------------------------
From: "Roman E. Serov" <[EMAIL PROTECTED]>
Subject: A question to John Savard
Date: Mon, 5 Mar 2001 21:38:54 +0300
Dear Sir,
Can you post here the url of your home page?
Thank you
------------------------------
Date: 5 Mar 2001 18:45:46 -0000
From: [EMAIL PROTECTED] (Fogbottom)
Subject: Re: => FBI easily cracks encryption ...?
Crossposted-To: alt.security.pgp,talk.politics.crypto
In article <97vs2f$2pchu$[EMAIL PROTECTED]>
"kroesjnov" <[EMAIL PROTECTED]> wrote:
>
> > > I am willing to trade some privacy for safety.
> >
> > I'm not.
> > Unfortunately, all of them are also more likely than a
terrorist bombing
> > your school or a nut invading your country.
>
> How many razi`s have taken place in your country in the last
couple off
> years? When was the last time they purged your country from
all the black
> people? When was the last time they threw everybody in prison
who was
> against Clinton? When was the last time they purged the
schools, from those
> who performed less then a C ?
>
> And when is the last time they bombed a building in your
country? When is
> the last time, some luney started blasting away at a school?
When is the
> last time, your country was at war?
You're right - my country has been a asfe place to live for the
past few years.
And strong encryption, probably unbreakable by the FBI and NSA,
has been available to the citizens of my (and nearly every
other) country druing that time.
So banning encryption is obviously unnecessary for "national
security".
> I think this illustrates what is most likely to happen, don`t
you think?
Obviously not.
> > > Afcourse they keep a mild track on everybody. To
> > > not do that, would be making it impossible to detect
> > > "the bad guy" among the good guys, you know that,
> > > and I know that.
Europeans have always tolerated police forces that demand that
each and every citizen "register" his/her residence with the
police. Americans never have. It's a fundamental difference
between Americans and much of the rest of the world.
> > There aren't any bad guys, until they do something bad.
>
> Yes, that is indeed true.
> But there is always something like patern matching, to see who
is most
> likely to do something like bombing a building (I am just
afraid to use the
> word 'bad' by now, you know that? ;).
> And no, these systems aren`t fool proof, but you know where I
am getting
> at... I hope...
Certainly.
Americans don't tolerate that sort of behavior from their police
forces.
> Move to The Netherlands, and you won`t have to :)
But you *will* have to register your residence with the police.
In America, only convicted criminals released on parole have to
do that.
> This is indeed also true.
> But yet there are paterns wich can be recognized, and can be
linked to
> criminal behaviour. Although this person may not be entirely
bad, he/she is
> doing something wrong, and this mather should be looked into.
The SD and KGB and Gestapo would all agree with you.
Very few Americans would.
Again, that's a fundamental difference between Americans and
most of the world.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp
Subject: Re: passphrase question
Date: 05 Mar 2001 10:47:50 -0800
Gerry writes:
> I was thinking about using a decryption passphrase for software like PGP
> and the like that would consist of a very long string of characters like:
>
> ......aaaaaaaaaa$$$$$$$$$$$fffffffffffDDDDDDD5555
>
>
> I would remember the passphrase by just remembering there are 7 periods, 10
> a's, 11 $'s, 11f's, and 7 D's, and 4 5's.
If the enemy knows about your password scheme, he has to guess all
strings of this type. If we assume that you have 6 letters each
chosen from the upper and lower case letters, the digits, and half a
dozen or so punctuation marks, that is about 70 possiblities, for a
little over 6 bits per letter, times 6 letters is about 36 bits.
Then he has to guess the numbers; each is in the range, say, 1-16, for
about 4 more bits per letter, times 6 letters is 24 bits, and adding
to the above is 60 bits. That is pretty secure.
However note that you could get EXACTLY the same effect with the
passphrase ".a$fD5 7 10 11 11 7 4", which would probably be faster to
type. If you can memorize a passphrase like this, more power to you!
Alpha
------------------------------
From: Fred Galvin <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math
Subject: Re: Monty Hall problem (was Re: philosophical question?)
Date: Mon, 5 Mar 2001 12:54:06 -0600
On Mon, 5 Mar 2001, Ken Cox wrote:
> Fred Galvin wrote:
> > [...] I may as well assume that there's a goat
> > behind door #3. Now, how does the decision I make, on the assumption
> > that there's a goat behind door #3, differ from the decision I'd make
> > if Monty opened door #3 and showed me a goat?
>
> Your assumption may be wrong. There may not be a goat
> behind door #3.
Of *course* the assumption may be wrong. That's what I *said* in the
part you snipped:
: I don't know what's behind door #3, could be the car, could be a
: goat.
Let me repeat the question very slowly. The car may be behind door
#3. If the car is behind door #3, it doesn't matter which door I pick,
I get a goat either way. Therefore, in deciding between door #1 and
door #2, it makes sense to disregard the possibility that I am
choosing between two goats, and assume that I am choosing between a
goat and a car. My *question* was: should the *decision* I make, based
on the (right or wrong) *assumption* of a goat behind door #3, be any
different from the decision I would make based on the certain
knowledge of a goat behind door #3? (The answer, by the way, is no, of
course not.)
So, in my simplified (but equivalent) version of the Monty Hall
problem, the correct decision (under the standard assumptions) is to
switch to door #2. No harm if I'm choosing between two goats, but I
improve my chances from 1/3 to 2/3 if I'm choosing between a goat and
a car. (Of course, just as with the stardard Monty Hall problem, the
reasoning breaks down if Monty's strategy is to give me a chance to
switch doors *only* if my first pick was the car.)
> As often happens with the Monty problems, you need an *exact*
> statement of Monty's behavior.
Indeed. In the standard Monty Hall problem, the standard answer
requires all of these assumptions:
1. The car is more valuable than the goats.
2. The car was equally likely to be behind any of the 3 doors.
3. After I pick a door, Monty always opens another door and shows me a
goat.
4. In case I picked the door with the car, Monty is equally likely to
open either one of the other two doors.
It seems to me that people hardly ever state all the assumptions when
they tell the problem; maybe because it's more fun to give a vaguely
formulated problem which can be interpreted in various ways, and then
argue about it ad infinitum.
--
People who don't have a sense of humor shouldn't try to be funny.
------------------------------
From: [EMAIL PROTECTED] (Arturo Magidin)
Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math
Subject: Re: Monty Hall problem (was Re: philosophical question?)
Date: 5 Mar 2001 18:58:14 GMT
In article <[EMAIL PROTECTED]>,
Fred Galvin <[EMAIL PROTECTED]> wrote:
[.snip.]
>> As often happens with the Monty problems, you need an *exact*
>> statement of Monty's behavior.
>
>Indeed. In the standard Monty Hall problem, the standard answer
>requires all of these assumptions:
>
>1. The car is more valuable than the goats.
>2. The car was equally likely to be behind any of the 3 doors.
>3. After I pick a door, Monty always opens another door and shows me a
>goat.
>4. In case I picked the door with the car, Monty is equally likely to
>open either one of the other two doors.
>
>It seems to me that people hardly ever state all the assumptions when
>they tell the problem; maybe because it's more fun to give a vaguely
>formulated problem which can be interpreted in various ways, and then
>argue about it ad infinitum.
It may perhaps be worth noting that, although it could be infered to
be true by condition 3, it is necessary to state that Monty not only
always opens another door and shows a goat, but that Monty does this
->knowing<- where the car is. Presumably this could be interpreted as
a consequence of 3, but one can always find someone who thinks Monty
is just a really (un)lucky guesser and picks a door with a goat.
If Monty opens a door without knowing where the car is, and just
->happens<- to have picked a door with a goat, then the problem
becomes a different problem. (In that variation, switching does not
improve odds).
======================================================================
"It's not denial. I'm just very selective about
what I accept as reality."
--- Calvin ("Calvin and Hobbes")
======================================================================
Arturo Magidin
[EMAIL PROTECTED]
------------------------------
From: "Cristiano" <[EMAIL PROTECTED]>
Subject: Re: Again on key expansion.
Date: Mon, 5 Mar 2001 19:37:22 +0100
> [...]
> Thus, if you're using the same implementation on the same hardware, it
can't take 1.26 seconds in one instance and 76 microseconds in another.
You are right! I had misunderstood.
> [...]
> Two methods that both take a second offer the same strength.
This point is not clear (for me). I'd like better understand what you tell
me:
to add 13 bits of entropy to my key my method takes 0.079 s, SALEK's method
takes 1.26 s (on *my* computer with *my* program).
Why the two methods offer the same strength?
In the same time my method add more entropy to the key.
I don't want to blame SALEK's method, I want only understand and learn!
Thank you
Cristiano
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
