Cryptography-Digest Digest #963, Volume #13 Wed, 21 Mar 01 15:13:01 EST
Contents:
Re: unbreakable code (Benjamin Goldberg)
Re: Fast and Easy crypt send (Hard)
Re: unbreakable code ("Tom St Denis")
Re: redodancy (Fermat)
[OT] Java (Benjamin Goldberg)
New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged (Bob C.)
Re: Most secure way to add passphrase verification to "CipherSaber" (Benjamin
Goldberg)
Re: [OT] Java (Jeffrey Williams)
Re: redodancy (Benjamin Goldberg)
Re: [OT] Java ("Tom St Denis")
Re: What happens when RSA keys don't use primes? (Doug Stell)
Re: I was so so right about PGP ... so right when I started writing (Frank
Gerlach)
Re: NSA in the news on CNN (John Hairell)
Re: I was so so right about PGP ... so right when I started writing about PGP and
about one author .... so right ..... ("Mxsmanic")
Re: I was so so right about PGP ... so right when I started writing about PGP and
about one author .... so right ..... ("Mxsmanic")
Re: What happens when RSA keys don't use primes? ("Mxsmanic")
Re: What happens when RSA keys don't use primes? ("Mxsmanic")
Re: What happens when RSA keys don't use primes? ("Mxsmanic")
Re: Popular Mechanics article on NSA ("Mxsmanic")
Re: Advice on storing private keys (SCOTT19U.ZIP_GUY)
----------------------------------------------------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: unbreakable code
Date: Wed, 21 Mar 2001 18:38:07 GMT
Tom St Denis wrote:
>
> "dexMilano" <[EMAIL PROTECTED]> wrote in message
> news:99ad0o$dorm$[EMAIL PROTECTED]...
> > For the others
> > "
> > ....
> > About all Rabin's scheme buys you is that you don't have to know
> > how to build a decent random number generator. In all other respects
> > it's just a standard one-time pad.
> >
> >
> > -Ben
> >
> > ".
>
> Whoever said the above is a friggin liar. The BBS generator (or any
> other SQRT type thing) is not like an OTP at all.
>
> Tom
Umm, Tom, he's talking about Rabin's *recent* scheme, where both parties
are listening to a high speed source of truly random bits, and use a
cheap, otherwise insecure, PRNG to tell how many bits to skip/take from
this source. He's NOT talking about the rather older RSA-like scheme,
where the message is squared, mod some n=pq.
--
The difference between theory and practice is that in theory, theory and
practice are identical, but in practice, they are not.
------------------------------
From: [EMAIL PROTECTED] (Hard)
Subject: Re: Fast and Easy crypt send
Date: Wed, 21 Mar 2001 18:44:29 GMT
you can prepend "rank " to your handle.
that will clear it up.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: unbreakable code
Date: Wed, 21 Mar 2001 18:47:25 GMT
"Benjamin Goldberg" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> >
> > "dexMilano" <[EMAIL PROTECTED]> wrote in message
> > news:99ad0o$dorm$[EMAIL PROTECTED]...
> > > For the others
> > > "
> > > ....
> > > About all Rabin's scheme buys you is that you don't have to know
> > > how to build a decent random number generator. In all other respects
> > > it's just a standard one-time pad.
> > >
> > >
> > > -Ben
> > >
> > > ".
> >
> > Whoever said the above is a friggin liar. The BBS generator (or any
> > other SQRT type thing) is not like an OTP at all.
> >
> > Tom
>
> Umm, Tom, he's talking about Rabin's *recent* scheme, where both parties
> are listening to a high speed source of truly random bits, and use a
> cheap, otherwise insecure, PRNG to tell how many bits to skip/take from
> this source. He's NOT talking about the rather older RSA-like scheme,
> where the message is squared, mod some n=pq.
Whoopsy doodle... hehehe I wasn't following the thread that closely...
Sorry..
Tom
------------------------------
From: Fermat <[EMAIL PROTECTED]>
Subject: Re: redodancy
Date: Wed, 21 Mar 2001 19:52:13 +0100
Something like this?
n= function_countstrings()
i=0
Repeat
[
i=i+1
word(i) = word_to_compare
for j= 1 to i-1
( if word(j)=word_to_compare
then function_Remove redundance (word_to_compare)
)
for j=i+1 to n
(if word(j)=word_to_compare
then function_Remove redundance (word_to_compare)
)
]
until i=n
dexMilano wrote:
> Is there some simple algoritm to remove redodancy in text?
> I tried ZIP but it's too heavy.
>
> Thx
>
> dex
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: [OT] Java
Date: Wed, 21 Mar 2001 18:56:32 GMT
Tom St Denis wrote:
[snip]
> Sorry this is OT but...
>
> JAVA sucks... it's slow, non-portable and gives errors on anything a
> normal C compiler would just warn you about. It's hard to develop
> software for...
>
> Tom
Absolutely! I mean, I try to assign a pointer to int to a pointer to
float, and in C, it would give me a warning about assigning a pointer of
the wrong type, and in Java, it gives me an error saying there's no such
thing as a pointer! I mean, it's almost as if it's an entirely
different language, can you believe it?
--
The difference between theory and practice is that in theory, theory and
practice are identical, but in practice, they are not.
------------------------------
From: Bob C. <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy.anon-server,alt.security.pgp
Subject: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged
Date: Wed, 21 Mar 2001 13:05:28 -0600
>From the article at:
http://www.wired.com/news/print/0,1294,42553,00.html
Your E-Hancock Can Be Forged
by Declan McCullagh
10:20 a.m. Mar. 21, 2001 PST
WASHINGTON -- A Czech information security firm has found a flaw in
Pretty Good Privacy that permits digital signatures to be forged in
some situations.
Phil Zimmermann, the PGP inventor who's now the director of the
OpenPGP Consortium, said on Wednesday that he and a Network Associates
(NETA) engineer verified that the vulnerability exists.
ICZ, a Prague company with 450 employees, said that two of its
cryptologists unearthed a bug in the OpenPGP format that allows an
adversary who breaks into your computer to forge your e-mail
signature.
Both Zimmermann and the Czech engineers, Vlastimil Klima and Tomas
Rosa, point out that the glitch does not affect messages encrypted
with PGP. OpenPGP programs -- including GNU Privacy Guard and newer
versions of PGP -- use different algorithms for signing and
scrambling, and only the digital signature method is at risk.
PGP and its offspring are by far the most popular e-mail encryption
programs in the world. Nobody has disclosed a flaw in their
message-scrambling mechanisms, but PGP owner Network Associates
suffered an embarrassment last August when a German cryptanalyst
disclosed a flaw that allows an attacker to hoodwink PGP into not
encoding secret information properly.
In this case, someone wishing to impersonate you would need to gain
access to your secret key -- usually stored on a hard drive or a
floppy disk -- surreptitiously modify it, then obtain a message you
signed using the altered secret key. Once those steps are complete,
that person could then digitally sign messages using your name.
"PGP or any program based on the OpenPGP format that does not have any
extra integrity check will not recognize such modification and it will
allow you to sign a message with the corrupted key," says Rosa, who
works at Decros, an ICZ company. Rosa says he demonstrated the
vulnerability with PGP 7.0.3.
OpenPGP's Zimmermann downplayed the attack, saying that it requires
someone trying to impersonate you to physically or electronically
break into your computer.
"It's not an attack that is going to be available to your opponent
unless you're careless with your private key," Zimmermann said. "We
specifically warn users to protect their private keys. Users who don't
protect their private keys have always been at risk -- this is common
sense."
Even before Klima and Rosa found this glitch, an attacker who managed
to snatch someone's private key could try to break the passphrase that
protected it -- and many people appear to rely on weak passphrases
that can be guessed by a human or a machine.
"It's not a realistic attack," Zimmermann said. "Much worse attacks
are possible if (an adversary) can get that far."
The exploit works by attacking the Digital Signature Algorithm's
so-called discrete logarithm problem. DSA keys are typically stored in
a file called secring.skr, and Klima and Rosa found that they could
successfuly insert a replacement key in it.
Network Associates did not return phone calls or e-mail messages
asking if they had any plans to release a fixed version of PGP.
Klima said that on Thursday, he will publish an English-language
description of their exploit on ICZ's web site. "We promised Network
Associaties that we will not release these details until tomorrow," he
said.
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Most secure way to add passphrase verification to "CipherSaber"
Date: Wed, 21 Mar 2001 19:06:38 GMT
John L. Allen wrote:
>
> I was thinking about adding some rudimentary passphrase (Key)
> verification check capability to the CipherSaber protocol (see
> http://ciphersaber.gurus.com/). So, among the following choices, Which
> of these message streams is most secure as a means of providing a way
> for the decryptor to verify the correctness of the decryption Key
> without giving an attacker useful info:
>
> 0. IV, E(msg) # This is the current
> CipherSaber protocol
> 1. IV, E(IV), E(msg) # bad: "known plaintext"
> 2. IV, E(E(IV)), E(msg)
> 3. IV, E(E(msg{1..10})), E(msg) # bad: "known plaintext"
> 4. IV, E(E(E(msg{1..10}))), E(msg)
> 5. IV, H(msg{1..64}), E(msg)
> 6. IV, E(H(msg{1..64})), E(msg)
> 7. IV, E(Key), E(msg)
> 8. IV, H(Key), E(msg)
> 9. IV, E(H(Key)), E(msg)
>
> Where, IV is a random initialization vector.
> E() is an encryption algorithm using key Key.
> H() is a hash function.
> msg is the message
> msg{1..N} is the first N bytes of the message.
>
> Also, if a hash function is not available, what is the best way then?
>
> I lean toward #9 if a hash is available, otherwise, maybe #2 or #4.
> Encrypting the key and sending that as in #7 doesn't _look_ too good
> at first, but is it really that bad?
All of these have their strengths and weaknesses, but here's what I
would consider the best way:
IV is a random initialization vector.
k is the user passphrase
pt is the plaintext message
ct is the ciphertext message
E(x,y) is the encryption of y using key x
H(x) is a hash of x
+ is concatenation.
Normal CipherSaber encryption is either:
ct = IV + E( k + IV, pt )
or:
ct = IV + E( IV + k, pt )
I'm not sure which, and I don't believe it matters.
If we have a hash function (like sha) available, a better way might be:
ct = IV + E( H(k + IV), pt + H(pt) )
Done this way, there's no limit on the length of the user passphrase, or
on the IV. We can check that the passphrase is correct by decrypting,
and then comparing the hash of the actual plaintext with the appended
hash.
--
The difference between theory and practice is that in theory, theory and
practice are identical, but in practice, they are not.
------------------------------
From: Jeffrey Williams <[EMAIL PROTECTED]>
Subject: Re: [OT] Java
Date: Wed, 21 Mar 2001 13:08:48 -0600
Tom, I'll agree that Java takes more effort to learn than say C or C++.
But you have to realize that its underlying philosophy is vastly different
(remember that C predates Java by 25 years or so - an eternity in the field
of software). It's a strongly typed language, unlike C. That's neither
good nor bad - just a different approach. Don't give up on Java (or on
strong typing). Even if you never use it, it contains lots of good concepts
that you can apply to your code in other languages. Certainly, if I wanted
to write heavy duty numbercrunching code, I'd think twice before using
Java. But if I wanted to write an interactive application with a nice GUI,
Java would be a serious contender for the task.
"non-portable"????? If you do Java code correctly, it's highly portable.
Especially if you're doing GUIs.
Don't stop learning.
LL&P
Jeff
Benjamin Goldberg wrote:
> Tom St Denis wrote:
> [snip]
> > Sorry this is OT but...
> >
> > JAVA sucks... it's slow, non-portable and gives errors on anything a
> > normal C compiler would just warn you about. It's hard to develop
> > software for...
> >
> > Tom
>
> Absolutely! I mean, I try to assign a pointer to int to a pointer to
> float, and in C, it would give me a warning about assigning a pointer of
> the wrong type, and in Java, it gives me an error saying there's no such
> thing as a pointer! I mean, it's almost as if it's an entirely
> different language, can you believe it?
>
> --
> The difference between theory and practice is that in theory, theory and
> practice are identical, but in practice, they are not.
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: redodancy
Date: Wed, 21 Mar 2001 19:11:44 GMT
dexMilano wrote:
>
> Is there some simple algoritm to remove redodancy in text?
> I tried ZIP but it's too heavy.
>
> Thx
>
> dex
Are you impelementing yourself, or are you willing to use a library or
an external program? If you don't mind using something like popen,
perhaps gzip or bzip2 will be good for you. If you want to use a
pre-built library, zlib is one possibility. For implementing your own,
you can go with relatively simple things like RLE, huffman, or
arithmetic, or more complicated things like BWT, LZ, or PPM.
--
The difference between theory and practice is that in theory, theory and
practice are identical, but in practice, they are not.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: [OT] Java
Date: Wed, 21 Mar 2001 19:11:49 GMT
"Jeffrey Williams" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom, I'll agree that Java takes more effort to learn than say C or C++.
> But you have to realize that its underlying philosophy is vastly different
> (remember that C predates Java by 25 years or so - an eternity in the
field
> of software). It's a strongly typed language, unlike C. That's neither
> good nor bad - just a different approach. Don't give up on Java (or on
> strong typing). Even if you never use it, it contains lots of good
concepts
> that you can apply to your code in other languages. Certainly, if I
wanted
> to write heavy duty numbercrunching code, I'd think twice before using
> Java. But if I wanted to write an interactive application with a nice
GUI,
> Java would be a serious contender for the task.
>
> "non-portable"????? If you do Java code correctly, it's highly portable.
> Especially if you're doing GUIs.
I have to use Java at work, and while learning another lang is neat it's
tiresome to get stupid errors over stuff C would just warn about...
> Don't stop learning.
I try not to.
Tom
------------------------------
From: [EMAIL PROTECTED] (Doug Stell)
Subject: Re: What happens when RSA keys don't use primes?
Date: Wed, 21 Mar 2001 19:06:19 GMT
On Wed, 21 Mar 2001 18:12:23 GMT, "Kristopher Johnson"
<[EMAIL PROTECTED]> wrote:
>Does this mean that, after generating your RSA keys, you should test to make
>sure that an encrypt operation followed by a decrypt operation yields the
>original plaintext?
Yes. The most widely used commercial library product does this. In
fact, I am told that they don't do the more time-consuming primality
tests, but do only the tests that weed out the majority of composites.
Then they cut to the chase and do an RSA encrypt/decrypt test.
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: Re: I was so so right about PGP ... so right when I started writing
Date: Wed, 21 Mar 2001 21:29:31 +0100
Tom St Denis wrote:
>
>
> Hmm a good C compiler will warn you about almost everything. Have you ever
> used one?
I was plagued by visual c++, HPUX aCC, SUN CC, AIX alCr (or whatever its exact
name is) when contributing to a CORBA application server for multiple
platforms. Interestingly Visual C++ was the best in terms of warnings and
correctness.
With C++ you can throw as an exception, including the kitchen sink, but you
might not be able to catch it and the compiler does not care whether you
declare the exception or not. You can even throw something allocated on the
stack and then bother about the implications...
Also, Purify (a runtime checking tool) is indispensable when debugging and
finding memory leaks.
With java, the exception concept is well-thought and the compiler checks it.
Another thing is variable initializations: javac won't allow you to compile
code which has uninitialized variables. *Some* c compilers will give a lame
warning...
>
>
> Try this in Java...
>
> static int myfunction(int a)
> {
> if (a == 0) a = 4;
> /* testing something */
> return a * 3;
> /* more code */
> a = a << 1;
> return a;
> }
WHAT is the point of coding unreachable code ?? Javac will tell you that you
made a mistake and stop working. BTW, if you want to emulate that , use
if(true)return a*3;
java:
static int myfunction(int a)
{
if (a == 0) a = 4;
if(true)return a * 3;
//here comes unreachable crap
a = a << 1;
return a;
}
>
>
> Compile that...
>
> Yes it's bad coding but if you wanted to return early just to try something
> you can't in Java... in C you get a warning and that's it.
>
> Tom
More important than compile-time checks are run-time checks of array access.
The fact that everything, including integers, can be casted to pointers mens
that C runtime systems will never be able to efficiently perform runtime
checks on arrays. This is *exactly* what causes the worst security flaws:
buffer overflows, which allow the direct insertion of malicious code.
Also, the c standard library and the POSIX function calls do not check buffer
lengths, which is a very bad design.
Basically, C/C++ grew out of a quick hack of AT&T researchers, who needed a
CPU-independent assembler language. It was never meant to be used productively
- it is in fact an experiment many people confuse with solid engineering.
Some day we well wake up and find out somebody as "turned off" the internet by
exploiting a flaw in CISCO's C-based IOS or in the C-based BIND daemon. Robert
Morris did something like that (using a buffer overflow in fingerd, due to a
POSIX function) when the internet was still small.
If you do not like java, there are plenty of engineering-quality programming
languages like Pascal, Modula or Ada. They are all not meant to be a "portable
assember", but solid imperative languages.
For example, HP's MPE server operating system is written in Pascal. It runs on
the same hardware as their HP-UX.
Cryptographic devices and critical infrastructures (routers, name servers,
telephone switches, emergency communications systems) should *not* be
implemented in a language, which defies runtime bounds checking. Otherwise the
"asymmetric information warfare" scenarios of General Hayden (director of the
NSA) might become a frightening reality. And yes, using a good programming
language is not sufficient, but a NECESSARY PRECONDITION.
Full java code:
public class x{
static int myfunction(int a)
{
if (a == 0) a = 4;
if(true)return a * 3;
//here comes unreachable crap
a = a << 1;
return a;
}
public static void main(String[] args){
System.out.println(""+myfunction(3));
}
}
run with java x
------------------------------
From: [EMAIL PROTECTED] (John Hairell)
Subject: Re: NSA in the news on CNN
Date: Wed, 21 Mar 2001 19:31:46 GMT
Interestingly, the NSA coffee cups are made in the PRC. Also, one of
the US Government's security posters shows a sweatshirt with an NSA
logo (sold in the NSA's crypto museum giftshop) and talks about not
advertising who you work for.
FBI HQ downtown also has a gift shop.
John Hairell ([EMAIL PROTECTED])
On 21 Mar 2001 05:25:13 GMT, [EMAIL PROTECTED] (JPeschel)
wrote:
>[EMAIL PROTECTED] writes, in part:
>
>>Those people at Fort Meade
>>must be getting desperate for funding, or something!
>
>You mean all that bread raised from selling those cool little coffee cups,
>groovy t-shirts, and those far-out tie-dyed sweat shirts sold in
>the gift shop isn't enough funding?
>
>Joe
>__________________________________________
>
>Joe Peschel
>D.O.E. SysWorks
>http://members.aol.com/jpeschel/index.htm
>__________________________________________
>
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Subject: Re: I was so so right about PGP ... so right when I started writing about
PGP and about one author .... so right .....
Date: Wed, 21 Mar 2001 19:39:49 GMT
"Frank Gerlach" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Cryptographic devices and critical infrastructures
> (routers, name servers, telephone switches, emergency
> communications systems) should *not* be implemented
> in a language, which defies runtime bounds checking.
The choice of programming language used to develop cryptographic systems
is irrelevant from a security standpoint. All that really matters is
the skill of the people designing and coding the system. Good engineers
can code airtight systems in Word macros; bad engineers will make a
Swiss cheese out of any cryptosystem written in any of your favorite
languages.
> And yes, using a good programming language is not
> sufficient, but a NECESSARY PRECONDITION.
You're half right: it's not sufficient. But it's hardly necessary,
either.
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Subject: Re: I was so so right about PGP ... so right when I started writing about PGP
and about one author .... so right .....
Date: Wed, 21 Mar 2001 19:41:10 GMT
All their bug shows is that it's not a good idea to post one's private
key one a Web site or community bulletin board.
<[EMAIL PROTECTED]> wrote in message
news:99ai7o$gdk$[EMAIL PROTECTED]...
> Cryptologists from Czech company ICZ detected serious security
vulnerability
> of an international magnitude
> A bug has been found in worldwide used security format OpenPGP.
>
>
> http://cryptome.org/pgp-email-flaw.htm
>
>
> ----- Posted via NewsOne.Net: Free (anonymous) Usenet News via the
Web -----
> http://newsone.net/ -- Free reading and anonymous posting to 60,000+
groups
> NewsOne.Net prohibits users from posting spam. If this or other
posts
> made through NewsOne.Net violate posting guidelines, email
[EMAIL PROTECTED]
>
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Subject: Re: What happens when RSA keys don't use primes?
Date: Wed, 21 Mar 2001 19:41:58 GMT
"Paul Thomas" <[EMAIL PROTECTED]> wrote in message
news:99a8nc$51e$[EMAIL PROTECTED]...
> the encryption / decryption will break, for example
Will it break for _every_ encryption and decryption, or only for certain
plaintexts or ciphertexts? That is, can one safely assume that a key
pair derived from non-prime numbers will immediately and unconditionally
make itself obvious by breaking any encryption or decryption, or will
some encryptions and decryptions work, even with the bad numbers? The
former isn't much of a problem; the latter is much more serious.
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Subject: Re: What happens when RSA keys don't use primes?
Date: Wed, 21 Mar 2001 19:42:29 GMT
"Paul Thomas" <[EMAIL PROTECTED]> wrote in message
news:99a8u6$51k$[EMAIL PROTECTED]...
> dooh, my first post to sci.crypt and i fecked it up ;-)
>
> last line should read
>
> 8 != 16
Not to worry; last time I checked 32 != 16, too.
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Subject: Re: What happens when RSA keys don't use primes?
Date: Wed, 21 Mar 2001 19:43:04 GMT
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:3u6u6.98761$[EMAIL PROTECTED]...
> No it means you should use a mathematically sound
> probable prime generator such that the probability
> of failure is astronomically small. (i.e Rabin-Miller)
And if it fails, how will you know?
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Subject: Re: Popular Mechanics article on NSA
Date: Wed, 21 Mar 2001 19:45:18 GMT
"John Savard" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> They refer to TEMPEST as an eavesdropping program.
TEMPEST is actually an eavesdropping methodology, if I recall correctly,
but it is often used in other ways to qualify equipment generated to
protect against such eavesdropping, and so on.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Advice on storing private keys
Date: 21 Mar 2001 19:40:48 GMT
[EMAIL PROTECTED] (those who know me have no need of my name)
wrote in <[EMAIL PROTECTED]>:
><[EMAIL PROTECTED]> divulged:
>>Darryl Wagoner <[EMAIL PROTECTED]> writes:
>>> I am working on a open source digital signature system using openssl
>>> DSA functions. I have create my own cert format because of special
>>> needs of ham radio users. I would like to encrypt the private keys
>>> for safe keeping, but the passwords/key needs to be kept short.
>
>be very careful how you design it, failure to protect it properly could
>cause them to be useless. (e.g., a flaw that would allow anyone to pose
>as anyone.)
>
>>I don't understand what you're asking. What needs to be special about
>>the certificates? And OpenSSL already lets you encrypt keys by a
>>password.
>
I have not kept up wiht all the rules but for hams isn't
encryption still illegal in the US.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website **now all allowed**
http://members.xoom.com/ecil/index.htm
Scott LATEST UPDATED source for scott*u.zip
http://radiusnet.net/crypto/ then look for
sub directory scott after pressing CRYPTO
Scott famous Compression Page
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
I leave you with this final thought from President Bill Clinton:
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
