Cryptography-Digest Digest #820, Volume #13 Tue, 6 Mar 01 13:13:01 EST
Contents:
Re: => FBI easily cracks encryption ...? (SCOTT19U.ZIP_GUY)
Re: PKI and Non-repudiation practicalities (Anne & Lynn Wheeler)
Re: The Foolish Dozen or so in This News Group (Eric Lee Green)
Re: OT: Legitimacy of Governmental Power (Was: Re: => FBI easily crack ...?) (Ron
B.)
Re: The Foolish Dozen or so in This News Group (Eric Lee Green)
Re: Just getting interested... (Neil COuture)
Re: One-time Pad really unbreakable? ("Simon Johnson")
Re: One-time Pad really unbreakable? (Sundial Services)
Re: Thank You Everyone! (Paul Crowley)
Re: One-time Pad really unbreakable? (Frank Gerlach)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: 6 Mar 2001 15:07:09 GMT
[EMAIL PROTECTED] (Matthew Montchalin) wrote in
<[EMAIL PROTECTED]>:
>On Mon, 5 Mar 2001, Mxsmanic wrote:
>|And even that isn't necessary. The spooks can just park a van across
>|the street from your house and watch what you type on your screen.
>|That would be a million times cheaper than trying to break your
>|encryption the hard way.
>
>As a matter of fact, that happened to me recently. I walked over to
>the car (a van) across the street and asked them what they were doing,
>and they showed me the screen that they were using. Rather brazen
>of them, I guess. Of course, that doesn't prove to me it was *my*
>computer they were scoping out. Could have been anybody's in the
>area. And it still puzzles me what they think they are achieving
>by going around telling people that happen to walk up and ask them;
>it sure isn't very surreptitious. Isn't surveillance supposed to
>be more effective if it is surreptitious?
>
>
I think it may have been a scare tatic if it occured at all.
I don't think we will ever know the truth about what happened
and what damage was done by the FBI spy. Just like we never
will be told the truth about the butchery at WACO. The FBI and
the government has little use for honest people. As a manager
who went far in government once told me. If your not smart enough
to lie and play the game you never will go far. I was smart enough
to lie. I could have joined the Catholic or LDS church and beome a
top manager and a spy. I choose not too. But my choices always lead
people to belive I was a spy. Wake up spies blend in unless they
are stupid.
The sad truth is the FBI will never know the damage the spy did
because managers are to stupid to really look. They will have a few
meetings and then some asshole with a tie will say oh he could not do
that and it will make managenent happy and it will end.
I just hope he never was in a position to affect how nuclear codes
are loaded in missles. Since a likely target that few get to look
at could affect the next war. He would love to be a russian hero that
said look becasue of the US stupidity none of the nuclear missles
fused correctly at the proper time. So few indiviuals realy get to
see the whole picture. I fear he could have dome something like this.
If not him then a chinese spy will someday. But I would bet no asshole
in the government will even do a proper check of this possiblity.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
Subject: Re: PKI and Non-repudiation practicalities
Reply-To: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
From: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
Date: Tue, 06 Mar 2001 15:30:19 GMT
"Lyalc" <[EMAIL PROTECTED]> writes:
>
> Not sure I, or the GAO agrees with that in all cases. The recent GAO report
> (Advances and Remaining Challenges to Adoption of Public Key Infrastructure
> Technology, GAO-01-277) outlines some enormous cost and complexity
> challenges. $170m merely to make a few legacy applications operate with PKI
> seems a lot, when the PKI itself stills needs to be built.
I would expect many are legacy systems that lack authentication
... claim was for legacy applications that currently have some form of
authentication process. The estimate is that the cost of replacing
current shared-secret authentication is well under 5% of the cost of
the legacy system i.e. a $500m legacy system would possibly cost $25m
to modify for public key authentication ... the majority of that tends
to be because of various Q&A and integration issues, if the
modification can be merged into some ongoing modification cycle, that
could further be reduced.
the issue tends to be that a front-end PKI for pilots and test
... involving a small number of accounts can be shown to be less
costly than modifying the production system and business processes
... especially if there are various kinds of risk acceptance having
the PKI information out of synch with the production account
information.
There tends to be a trade-off attempting to scale to full production
where the costs of a duplicate PKI account-based infrastructure has to
be evolved to the same level as the production account-based
infrastructure ... along with the additional business processes
maintaining consistency between the PKI accounts and the production
accounts. Full scale-up might represent three times the cost of the
base legacy infrastructure, rather than <5% of the legacy
infrastructure.
That is independent of the costs of a hardware token ... which could
be the same in either an account-base deployment or a PKI-based
deployment (and i'm working hard at making the costs of producing such
a token as low as possible while keeping the highest possible
assurance standard). There is a pending $20b dollar upgrade issue for
the existing ATM infrastructure that is going to be spent anyway
(because of the DES issue). When that is spent, the difference between
whether or not public-key support is also included in the new swap-in
is lost in the noise of the cost of the overall swap. Existing ATM
problem is further confounded that there are master DES keys in
addition to the individual DES-key infrastructure (representing
significant systemic risks, similar to CA root keys) ... the back-end
cost savings with elimination of systemic risk and shared-secrets more
than offset the incremental front-end costs of adding public key
technology in a swap-out that is going to have to occur anyway.
A trivial example would be RADIUS ... which possibly represents
99.999999% of existing client authentication events around the world
on the internet. A public-key upgrade to RADIUS is well under a couple
hundred thousand ... resulting in a RADIUS that supports multiple
concurrent methods of authentication with the connecting authority be
able to specify authentication protocol on an account by account
basis.
--
Anne & Lynn Wheeler | [EMAIL PROTECTED] - http://www.garlic.com/~lynn/
------------------------------
From: [EMAIL PROTECTED] (Eric Lee Green)
Crossposted-To: alt.hacker
Subject: Re: The Foolish Dozen or so in This News Group
Reply-To: [EMAIL PROTECTED]
Date: 6 Mar 2001 09:25:42 -0600
On Tue, 06 Mar 2001 05:09:50 -0800, Anthony Stephen Szopa <[EMAIL PROTECTED]
> wrote:
>It clearly shows that all of you are completely wrong when if comes to
>floppies.
This is a control panel setting. Go into your Windows control panel on
a Windows 98 or later system, and click on the "System" icon. Click on
the "Performance" tab. Click on the "Filesystem" button in that
area. You'll get a filesystem performance tab. Click on "Removable
Drives". You will note that by default, write-behind caching is
disabled for removable drives (of which floppies are one).
I'm not sure about whether you can enable it for floppies using that
button. You *CAN* enable it for ZIP disks and such, though. That is
not recommended for floppies, because floppies can be ejected at any
time without warning, which is why Microsoft disables it by default
for floppies.
Note that your test also works properly with hard drives, IF:
1) You are writing a file larger than the hard drive's internal cache, and
2) IF you are not using Windows 2000 or Windows NT (which has a buffer
cache similar to the one that Maurice Bach describes for Unix V7), and
3) IF you are not using a later version of Windows 98.
On later versions of Windows 98, you *MAY* get the effect you desire
*IF* you go into your Control Panels menu, click on the "System
Properties" button, go into the "Performance" tab, click on the
"Filesystem" button, go into the "Troubleshooting" tab, and click on
the "Disable Write-Behind Caching for All Drives" -- this is on
Windows 98 SE (Second Edition), as installed by eMachines on a Celeron
433 system (i.e., it's stock Windows 98 SE as shipped by Microsoft).
If you do NOT disable write-behind caching, you get the behavior for
hard drives that Maurice Bach describes -- all changes are made to the
buffer cache, which is flushed out to the hard drive from time to time.
This is easily verifiable using at least Windows 98SE, and can be turned
on and off using that control panel setting.
Again, this is not brain surgery. This is OS Design 101, as taught to
college sophomores. I suggest that you go to your local bookstore and buy
a copy of Tannenbaum's book on OS design, which is aimed at college
sophomores but which you obviously need to read because you do not seem
to be understanding simple terms such as "write-behind caching". It is
sad that you do not have the humility and self-awareness to know when you've
reached the limits of your knowledge. Well, I'm telling you that this is
where you've reached the limits of your knowledge, and you need to go educate
yourself before you further make a fool of yourself. (Heck, even clicking
around in the control panel looking for caching settings would have
prevented you from looking like an idiot, but I guess that Microsoft *DID*
hide the write-behind caching settings rather deep down in the control
panel....).
--
Eric Lee Green [EMAIL PROTECTED] http://www.badtux.org
AVOID EVIDENCE ELIMINATOR -- for details, see
http://badtux.org/eric/editorial/scumbags.html
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: Ron B. <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: OT: Legitimacy of Governmental Power (Was: Re: => FBI easily crack ...?)
Date: Tue, 06 Mar 2001 10:33:32 -0500
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
On Tue, 06 Mar 2001 10:20:35 +0000, Mitch <[EMAIL PROTECTED]>
wrote:
>On Mon, 05 Mar 2001 07:06:34 GMT, Vince Adams enlightened us all
>with:
>
>>How do you say it in the UK? Go bugger yourself wanker <g>.
>
>o will the gentleman banker please sample his wares
>o Genesis 9:7
>
>HTH
- - From the _Revised English Bible_ , to the best of my limited
knowledge, the most up to date British English translation:
'Be fruitful, then, and increase in numbers; people the earth and
rule over it.'
Is that too radical a translation? How about the Authorized (King
James) Version?
And you, be ye fruitful, and multiply; Bring forth abundantly in the
earth, and multiply therein.
Why is this an insult? _Way_ too subfile an insult for this Yankee!
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOqUDFwzUoy7OvTSOEQJWGwCgj2Vohzd4GbGSyRw13rOCkljEboEAoOAp
Sv7CjK0vT3JSHY9b8IBi3n8K
=oFQG
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Eric Lee Green)
Crossposted-To: alt.hacker
Subject: Re: The Foolish Dozen or so in This News Group
Reply-To: [EMAIL PROTECTED]
Date: 6 Mar 2001 09:39:50 -0600
On Tue, 06 Mar 2001 05:20:22 -0800, Anthony Stephen Szopa <[EMAIL PROTECTED]
> wrote:
>Are you qualifying this to be restricted to hard drives only?
>
>Or do you mean all this applies to floippy disks, too?
On Windows 98 SE, at least, the default for removable drives is that the
OS does NOT do write-behind caching. This is a control panel setting.
Floppies are a removable drive.
You can disable write-behind caching for hard drives on Windows 98 SE
via the control panel, as described in an earlier post. This does not,
however, address the problem of the buffer inside SCSI disk drives, or
the problem of NTFS not operating the way you think it should on
Windows 2000/Windows NT, or Windows 2000/NT in general.
Note that you can detirmine the effects of write-behind buffer caching
quite well by mounting a MS-DOS floppy disk on a Linux system and writing
some data to it. Where it'll go "gronk-gronk-gronk" on a Windows box, it
will go "click-click-click" from first modified sector to last as Linux
optimizes the disk access (and will write much faster as a result).
The 'sync' option in the 'mount' command will turn off the write-behind
buffer caching on Linux and then you get the same 'gronk-gronk-gronk' that
you get with Windows. An application, however, has no way of knowing
whether the write-behind buffer caching is turned on or not.
--
Eric Lee Green [EMAIL PROTECTED] http://www.badtux.org
AVOID EVIDENCE ELIMINATOR -- for details, see
http://badtux.org/eric/editorial/scumbags.html
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: Neil COuture <[EMAIL PROTECTED]>
Subject: Re: Just getting interested...
Date: Tue, 06 Mar 2001 15:55:06 GMT
I think Doug Stinson book is the best to start:
http://cacr.math.uwaterloo.ca/~dstinson/CTAP.html
after that you might try this ( or in parallel... ) this book is more
depth and so is more a reference and you get get it free there:
Alfred Menezes "Applied Cryptography"
http://cacr.math.uwaterloo.ca/hac/
Matt Broughton wrote:
> I'm just getting interested in cryptology and cryptanalysis, are there any
> books that you all would recommend on the topic? I havent gotten very
> techincal yet, but im trying to get a well rounded view on the subjects.
> Currently im reading "The Code Book" by Simon Singh and I'm enjoying it
> immensly. After that, Im wanting to move more towards the computer aspect
> of it all...any recommended reading? Please reply directly...
>
> Matt Broughton
------------------------------
From: "Simon Johnson" <[EMAIL PROTECTED]>
Subject: Re: One-time Pad really unbreakable?
Date: Tue, 6 Mar 2001 16:10:05 -0800
Steven Smolinski <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> > Steven Smolinski wrote:
> > > If you can break a one-time pad if you get two ciphertexts made with
> > > the same key, why can't you divide one ciphertext in half and apply
> > > the same analysis?
> >
> > I think you're confusing "the same key" used twice with "two parts of
> > the same key, each used once".
>
> I was; thanks (to all) for replies.
>
> I had forgotten that the keylength in a one-time pad must be greater
> than the plaintext length to be secure, and just assumed that it would
> repeat in a single message.
No, the length of the pad must be equal in length to that of the plain-text.
A one-time pad is unbreakable only in the sense that if I transmit a
cipher-text down an insecure channel there is no way to prove that the
transmitted bits contained a message, because every plain-text decryption is
equally as likely.
This, however, doesn't mean that the plain-text cannot be recovered,
presumably the cipher-text must be decrypted at some point and when it is,
the cryptograph has done the best it can. From here on the message is on its
own.
Simon.
------------------------------
Date: Tue, 06 Mar 2001 09:47:59 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: One-time Pad really unbreakable?
What everyone should also remember about the one-time pad is that it's
basically a mathematical-argument that the system is unbreakable, which
it is ... not an affirmation that this is the Holy Grail of all
cryptosystems, which it is not.
In order to use a one-time pad you must (a) have a secure way to get two
copies of the keystream to the user and to no one else; (b) have a
reliable way to ensure that the same key-data can never be used twice;
and (c) a bulletproof way of recovering from the inevitable
transmission-errors. {"Murphy's law" still holds!}
In the real world, you and I will never meet on a park-bench somewhere
and exchange coded passphrases and two rolled-up newspapers. Yet we can
send e-mail traffic between ourselves, using off-the-shelf crypto, and
be reasonably assured that this traffic will not be recovered by a third
party -- at least not before you and I are enjoying the spoils of our
crime on some island which does not have an extradition treaty.
Etcetera...
>Simon Johnson wrote:
>[...] the length of the pad must be equal in length to that of the plain-text.
> A one-time pad is unbreakable only in the sense that if I transmit a
> cipher-text down an insecure channel there is no way to prove that the
> transmitted bits contained a message, because every plain-text decryption is
> equally as likely.
>
> This, however, doesn't mean that the plain-text cannot be recovered,
> presumably the cipher-text must be decrypted at some point and when it is,
> the cryptograph has done the best it can. From here on the message is on its
> own.
>
==================================================================
Sundial Services :: Scottsdale, AZ (USA) :: (480) 946-8259
mailto:[EMAIL PROTECTED] (PGP public key available.)
> Fast(!), automatic table-repair with two clicks of the mouse!
> ChimneySweep(R): "Click click, it's fixed!" {tm}
> http://www.sundialservices.com/products/chimneysweep
------------------------------
Subject: Re: Thank You Everyone!
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Tue, 06 Mar 2001 17:17:00 GMT
[EMAIL PROTECTED] writes:
> I just wanted to thank everyone who posts here. Being a complete
> newby to this type of work, I'm learning something daily from all your
> posts. I was injured at work (I was an Emergency Medical Technician)
> and because of it, have had to realign my work type. I'd rather use
> brains instead of brawn anyday! But, once again I thank everyone for
> their support for us newbys out here and those of us just learning the
> basics.
Cool! I got interested in crypto through reading this newsgroup and
now I'm a full-time cryptographer - so keep reading!
If you want to do a bit more in-depth study, I have a few
suggestions:
* Read Bruce Schneier's Cryptogram. More about computer security in
general than crypto specifically, but good background.
* Have a go at implementing your own CipherSaber
(http://ciphersaber.gurus.com/). If you know how to program, it's not
too hard, and gives you a close look at the world's simplest strong
crypto algorithm.
* Download and read a few chapters from the Handbook of Applied
Cryptography: http://www.cacr.math.uwaterloo.ca/hac/ . Consider
buying it and/or "Applied Cryptography" (a different book)
* Read about Rijndael (http://www.rijndael.com/). If you can grok the
math, you can appreciate a cipher breathtaking in its elegance and
simplicity, and the very opposite of what you expect a National
Standard to be like :-)
--
__
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: Re: One-time Pad really unbreakable?
Date: Tue, 06 Mar 2001 18:28:07 +0100
Steven Smolinski wrote:
>
> Literature pointers welcome; I'm trying to figure out something. I
> apologize in advance for the lack of clue.
Check for VENONA at www.nsa.gov and on amazon.com
VENONA is a good example of the strengths and weaknesses of one-time
pads.
The russians had sloppy operational procedures in place and used some
one-time pads *twice*.
I would consider one-time pads still an extremely useful method for
most-Secret communications. This would include encoding/decoding on
paper, by hand.
Solves a lot of security nightmares (from eavesdropping to viruses).
I bet that the brits still use paper for most secret stuff, although
they
will lull everybody into thinking that stuff like the KILGETTY laptop is
good for
highest secrecy.
During WW2 and after the brits and the yanks developed a one-time pad
based teleconference
system called SIGSALY. In this case the one-time pad are music records
filled.
I am curious what they use today. Maybe a one-time pad on CDs.
Check this:
http://www.nsa.gov/wwii/papers/sigsaly.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
