Cryptography-Digest Digest #850, Volume #13 Sat, 10 Mar 01 00:13:00 EST
Contents:
Re: => FBI easily cracks encryption ...? ("Douglas A. Gwyn")
Re: Bell Systems Technical Journal ("madcow")
Re: How to find a huge prime(1024 bit?) ("Joseph Ashwood")
Re: => FBI easily cracks encryption ...? (Damian Kneale)
Re: Dayton's Code Breakers (Jim Haynes)
Re: Sad news, Dr. Claude Shannon died over the weekend. (Jim Haynes)
Re: Sad news, Dr. Claude Shannon died over the weekend. (Jim Haynes)
Re: what is the use for MAC(Message Authentication Code ), as there can be digital
signature? ("Joseph Ashwood")
Re: Encryption software ("Henrick Hellstr�m")
Re: => FBI easily cracks encryption ...? (Paul Rubin)
Re: Encryption software (Paul Rubin)
Re: => FBI easily cracks encryption ...? (Steve Portly)
Re: I encourage people to boycott and ban all Russian goods and services, if the
Russian Federation is banning Jehovah's Witnesses ....... ("Lorne")
Re: I encourage people to boycott and ban all Russian goods and services, if the
Russian Federation is banning Jehovah's Witnesses ....... (ThePsyko)
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: => FBI easily cracks encryption ...?
Date: Sat, 10 Mar 2001 01:16:14 GMT
Paul Rubin wrote:
> I know this is hardly ironclad evidence, but at a panel discussion on
> cryptography exports at the RSA conference a few years ago, all
> present seemed to agree that the sigint cryptanalysis is basically
> over.
If anyone present actually knew to the contrary, they certainly
would not be announcing it.
> ... For example, the new edition of Kahn's "The Codebreakers" has a
> chapter at the end, which claims that the battle between
> cryptographers and cryptanalysts (that the book chronicles) is now
> over--because of computers, the cryptographers have won.
We've discussed that before. Cryptanalysts benefit from computers,
too. In fact a *lot* of present-day systems can be cryptanalyzed,
just to judge from numerous published academic papers, which
don't benefit from the accumulated expertise of the government
cryptologic organizations.
The safe assumption, as opposed to the warm cozy one, is that
whatever algorithm you choose has vulnerabilities you don't
know about. That is certainly what history teaches.
------------------------------
From: "madcow" <[EMAIL PROTECTED]>
Subject: Re: Bell Systems Technical Journal
Date: Fri, 9 Mar 2001 21:18:07 -0500
That's excellent news, Joe.
Yeah, you're right, those images are dreadful.
They were scanned from photocopies of the original, but at the time I
figured that even a bad copy was better than nothing.
The files actually got worse when I tried converting them to pdf.
Anyway, now I can use the space for something else . . .
JPeschel <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I just heard from the editor, Fran Grimes, of
> the Bell Systems Technical Journal today. She
> writes: "We will post Shannon's "Communications
> Theory of Secrecy Systems. It should be up
> sometime next week."
>
> Right now the only version of this paper on the
> web that I know of is in a horrible
> image format.
>
> Joe
> __________________________________________
>
> Joe Peschel
> D.O.E. SysWorks
> http://members.aol.com/jpeschel/index.htm
> __________________________________________
>
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: How to find a huge prime(1024 bit?)
Date: Wed, 28 Feb 2001 11:18:52 -0800
Crossposted-To: alt.security.pgp,sci.math
"Free-man" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> >But let's analize it more completely:
> >Def: a prime is an integer number > 1 that is not divisible by any
smaller
> > number, except 1.
> >Theorem: a non-prime > 1 is divisible by a prime.
> >Proof: it is divisible by a smaller number which is either prime or non-
> > prime, so by infinite descent the result holds.
> >Theorem: there is an infinitude of primes.
> >Proof:
> > Suppose there is only a finite number of primes. Multiply them all
> > together and add 1. Suppose the result is non-prime, but according
> > to the theorem above it should be divisible by a prime, but none of
> > the primes fit, so it is prime. A contradiction, we have found a
> > new prime.
>
> No, because you have two "suppose"
The use of suppose is to express that it is one of two possibilities, the
other possibility being the rather self evident it is a prime in which case
the theorem proves by existance that there is a prime larger than the set we
had. Would you prefer a restatement of it as:
Def: a prime is an integer number > 1 that is not divisible by any smaller
number, except 1.
Theorem: a non-prime > 1 is divisible by a prime.
Proof: it is divisible by a smaller number which is either prime or non-
prime, so by infinite descent the result holds.
Theorem: there is an infinitude of primes.
Proof:
Assume:
Every prime is known
Multiply every prime together and add 1
This number is larger than the largest prime.
This number is not divisible by any of the primes
There are 2 possibilities:
1) The number is prime.
Therefore there is prime that is not in the list
2) The number is composite
It must be divisible by a prime that is not in the list
Therefore there is a prime that is not in the list
This strictly contradicts the assumption that every prime is known
It is proven that any list of primes must be incomplete therefore the number
of primes must be infinite
Joe
------------------------------
From: [EMAIL PROTECTED] (Damian Kneale)
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Sat, 10 Mar 2001 02:26:26 GMT
Once "Mxsmanic" <[EMAIL PROTECTED]> inscribed in stone:
>"Damian Kneale" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>
>> Thus the only security you can rely on is the
>> difficulty of breaking the encryption on the links.
>
>It doesn't take much, unless you are very, very interesting to the
>spooks.
128 bit encryption doesn't take much? Interesting if true. You
obviously have a much more impressive home network than I do!
>> Probably doesn't cut it when you are designing
>> a government grade encryption system.
>
>Sure it does. Not everything is ultra top super secret.
>"Government-grade" covers a lot of ground. DES is government-grade, for
>example.
Been a while since I saw anything TS myself. *laugh* Its fairly open
knowledge however that most defence departments use hardware encrypted
links with hand delivered secret keys for their message traffic, keys
updated daily. They don't do that because they know their systems are
unbreakable.
Government is intended to distinguish from the best algorithms
available to the general public. They may or may not be better in
reality, but they are intended to keep top level information safe from
prying eyes, and we know that banking for instance does transfer
massive quantities of money.
>> Not even the US government has tried to enforce
>> laws quite that futile.
>
>The U.S. is among the more liberal of countries in this domain.
Along with Australia where I live, Scandinavia where many good
algorithms spring from, and much of Europe. And smaller countries
with no limitations at all, the technology equivalents of tax havens.
>> Personally I know I have insufficient interest
>> to attract a national defence agency to have interest
>> in me ...
>
>Probably, but then again, they wouldn't announce their interest to you
>by letter, either.
But some suggested schemes for key escrow involve companies
maintaining their own keys, and simply having to make them available
to the relevant institutions on demand.
>> I'm far more worried about things like online credit
>> card security, and refuse to use mine online.
>
>Things like SSL are more than enough to secure your credit-card
>transactions in transmission. Your credit card just isn't worth enough
>to make it cost-effective to crack SSL. Of course, the server databases
>that contain that information may still be insecure, depending on how
>careless a merchant is.
All systems on the internet are insecure, to some degree or another.
New security problems are constantly being found, so lack of care of
the part of a merchant is not necessarily you only concern.
>Nevertheless, I am much more comfortable buying things online than I am
>in person or by telephone. The former method requires no human
>intervention, but the latter methods do, and the opportunity for errors
>and fraud comes with human involvement, not with machine-processed
>information.
The transactions are equally accessible to humans whichever way you
transfer the initial information. I prefer the evidence of my
transfer to disappear after one day or so, as opposed to being stored
forever in a database somewhere.
>> Even supposedly secure systems and SSL links don't
>> convince me.
>
>Perhaps you are making billion-dollar purchases that would justify
>breaking encryption to get at your credit card, then.
No, but if a stream to a vendor is intercepted and broken, then _all_
numbers could be compromised. And there are multiple instances just
in Australia of systems being cracked and a whole database of credit
card numbers being taken. As an individual I'm not worth the effort,
as part of a system where my information is stored, I have no faith in
online security just yet. I note that even Amazon only promise to
cover losses from mis-use of your details on their site, not anywhere
else, if their security is compromised.
Damian.
------------------------------
Subject: Re: Dayton's Code Breakers
Reply-To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED] (Jim Haynes)
Date: Sat, 10 Mar 2001 02:31:13 GMT
Another source of information on this is an article in a recent issue of
IEEE Annals of the History of Computing.
------------------------------
Subject: Re: Sad news, Dr. Claude Shannon died over the weekend.
Reply-To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED] (Jim Haynes)
Date: Sat, 10 Mar 2001 02:35:39 GMT
In article <[EMAIL PROTECTED]>,
Dennis Ritchie <[EMAIL PROTECTED]> wrote:
>Yes. There is still considerable liveliness, although (just like
>with the famous MIT and Caltech hacks) the exploits worth remembering
>happen only every so often.
David Huffman said something about Shannon having built a canoe in the
form of a bicycle. It turns out that the action of a bicycle is quite
different from that of a watercraft, so the thing dumped him into the
water every time.
>
>I did notice one worrisome thing at a staff meeting today.
>My boss, exhorting us about the need to recruit, had previously
>tried to get us to find and entice a young Ken Thompson. Today he
>wanted
>a young Claude Shannon.
And one who isn't already a Silicon Valley millionaire!
------------------------------
Subject: Re: Sad news, Dr. Claude Shannon died over the weekend.
Reply-To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED] (Jim Haynes)
Date: Sat, 10 Mar 2001 02:40:27 GMT
In article <[EMAIL PROTECTED]>,
wtshaw <[EMAIL PROTECTED]> wrote:
>In article <QZvn6.5119$[EMAIL PROTECTED]>,
>[EMAIL PROTECTED] wrote:
>
>> In addition to Shannon and Newton, let's hear it for Maxwell.
>
>Don't forget his demon.
>
Ah yes, his entry into information theory. But what I had in mind in
ranking Maxwell with Newton and Shannon is that Maxwell pulled together
the entire theory of electromagnetism, just as Newton pulled together
the entire theory of masses and motions.
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: what is the use for MAC(Message Authentication Code ), as there can be
digital signature?
Date: Wed, 28 Feb 2001 11:45:42 -0800
Well the most basic reason is speed.
DSA can be run at 1 ms per signature (actually this would be record speed)
In the same amount of time a good MAC algorithm could easily produce 25+
MACs
Also there are various conditions where you don't want the public/private
key split. MAC hardware is cheaper, etc There are in fact numerous reasons,
but the most compelling reason is the speed factor.
Joe
"david Hopkins" <[EMAIL PROTECTED]> wrote in message
news:5wcn6.3934$[EMAIL PROTECTED]...
> Why use for MAC(Message Authentication Code ),
> as there can be digital signature?
>
> thanks
>
>
------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: Encryption software
Date: Sat, 10 Mar 2001 03:45:44 +0100
"those who know me have no need of my name" <[EMAIL PROTECTED]>
skrev i meddelandet news:[EMAIL PROTECTED]...
> <98br4c$c50$[EMAIL PROTECTED]> divulged:
>
> re: pgp
>
> >They find it too complicated, and don't like to mess with the security
> >issues involved in exchanging public keys with others. Someone ought to
> >be able to design an application better than PGP in these respects.
>
> microsoft did just that in outlook express (and even outlook 2000) -- or
at
> least came closer. i'm don't think their cure is worth it.
I agree. In particular, I don't think it is worth the money to pay someone
else to generate your own private key (or whatever they do in order to give
you a "certificate"). It seems like a somewhat strange idea, in particular
when you know a little about MS's track record in the field of computer
security.
--
Henrick Hellstr�m [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: => FBI easily cracks encryption ...?
Date: 09 Mar 2001 19:18:49 -0800
"Douglas A. Gwyn" <[EMAIL PROTECTED]> writes:
> > ... For example, the new edition of Kahn's "The Codebreakers" has a
> > chapter at the end, which claims that the battle between
> > cryptographers and cryptanalysts (that the book chronicles) is now
> > over--because of computers, the cryptographers have won.
>
> We've discussed that before. Cryptanalysts benefit from computers,
> too. In fact a *lot* of present-day systems can be cryptanalyzed,
> just to judge from numerous published academic papers, which
> don't benefit from the accumulated expertise of the government
> cryptologic organizations.
Cryptanalysis benefits linearly from computer speedups--cryptography
benefits exponentially. Do you know of any practical cryptanalytic
breaks (certificational ones don't count) against fielded modern
cryptography systems that were designed to be strong (rather than
intentionally weak like GSM, or trying to minimize gate count like
Bluetooth)? The worst failures are usually protocol failures, not
encryption failures.
> The safe assumption, as opposed to the warm cozy one, is that
> whatever algorithm you choose has vulnerabilities you don't know
> about. That is certainly what history teaches.
While multi-layer security is never a bad idea, the weapon of
cryptanalysis seems to have been neutralized by computerized
cryptography, just as the weapon of battleships was neutralized by
antiship missiles. Maybe both will rise again someday in different
form, but for the moment, cryptographers seem to have the upper hand.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Encryption software
Date: 09 Mar 2001 19:19:54 -0800
"Henrick Hellstr�m" <[EMAIL PROTECTED]> writes:
> I agree. In particular, I don't think it is worth the money to pay someone
> else to generate your own private key (or whatever they do in order to give
> you a "certificate"). It seems like a somewhat strange idea, in particular
> when you know a little about MS's track record in the field of computer
> security.
A certificate in the x509 world is just like in PGP--it just means
somebody signs your public key. You generate your own key pair.
------------------------------
From: Steve Portly <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto,us.misc
Subject: Re: => FBI easily cracks encryption ...?
Date: Fri, 09 Mar 2001 22:24:43 -0500
Matthew Montchalin wrote:
> On Fri, 9 Mar 2001, Jim D wrote:
> |You need to be much closer than that. A few tens of metres.
> |The inverse square law applies to the radiation, which isn't
> |particularly strong to start with.
>
> Most people think of 'shielding' as something that is stationary,
> like a window screen made of fine wire mesh. Is there any advantage
> to having a moving, swiveling, or jiggling screen, I mean, in
> addition to grounding it, or controlling its valence or charge
> in response to the approaches of a magnet at the end of a pendulum
> that has been set in motion manually? Lots of us have fans, and
> stepper motors, and power supplies that can be put to use, you
> know. :)
>
Found a good simulation of a screen tempest program on the web, just
scroll down and hit the shake button to see how the Brits do it.
http://www.bigdancelist.com/martini.htm
------------------------------
From: "Lorne" <[EMAIL PROTECTED]>
Crossposted-To: comp.security,alt.security,alt.2600
Subject: Re: I encourage people to boycott and ban all Russian goods and services, if
the Russian Federation is banning Jehovah's Witnesses .......
Date: Fri, 9 Mar 2001 20:22:11 -0800
We must always remember that just because we are paranoid, that does not
meant they are not after us.
John Savard <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Sat, 10 Feb 2001 18:11:45 GMT, Markku J. Saarelainen
> <[EMAIL PROTECTED]> wrote, in part:
>
> >I encourage all people around the world to boycott and ban all Russian
> >goods and services, if the Russian Federation is banning Jehovah's
> >Witnesses .......
>
> And we can also add:
>
> - the attacks on Chechnya comitted with disregard for civilian life
>
> - the unwillingness of Russia to waive diplomatic immunity in the case
> of a drunk driver who killed a Canadian woman
>
> John Savard
> http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (ThePsyko)
Crossposted-To: comp.security,alt.security,alt.2600
Subject: Re: I encourage people to boycott and ban all Russian goods and services, if
the Russian Federation is banning Jehovah's Witnesses .......
Date: Sat, 10 Mar 2001 04:29:32 GMT
On Fri, 9 Mar 2001 20:22:11 -0800, "Lorne" <[EMAIL PROTECTED]>
wrote:
>We must always remember that just because we are paranoid, that does not
>meant they are not after us.
>
>
I think everybody should boycot Macys cause they don't make beer
>John Savard <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> On Sat, 10 Feb 2001 18:11:45 GMT, Markku J. Saarelainen
>> <[EMAIL PROTECTED]> wrote, in part:
>>
>> >I encourage all people around the world to boycott and ban all Russian
>> >goods and services, if the Russian Federation is banning Jehovah's
>> >Witnesses .......
>>
>> And we can also add:
>>
>> - the attacks on Chechnya comitted with disregard for civilian life
>>
>> - the unwillingness of Russia to waive diplomatic immunity in the case
>> of a drunk driver who killed a Canadian woman
>>
>> John Savard
>> http://home.ecn.ab.ca/~jsavard/crypto.htm
>
ThePsyko
Public Enemy #7
"God told me to skin you alive"
http://prozac.iscool.net
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
