Cryptography-Digest Digest #20, Volume #14 Tue, 27 Mar 01 04:13:00 EST
Contents:
Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged (Bill
Unruh)
Re: Malicious Javascript in Brent Kohler post (was: Re: Who is Brent K Kohler?)
(John Savard)
Re: Here's a fun Rijndael Challenge (John Savard)
Re: Please read. (John Savard)
DH/DSS (George)
Re: Valid condition for multiplicative generator? (Terry Ritter)
ECC conversion to Weierstrass form (Guy-Armand Kamendje)
Re: Pike stream cipher (Paul Crowley)
Re: Password Encryption (Paul Crowley)
Re: Malicious Javascript in Brent Kohler post (Tony L. Svanstrom)
Re: Once again U.S. law enforcement violated illegally ... yesterday in Miami -
(Turd Fredericks)
Re: Idea (Paul Schlyter)
Re: Kill-filter expression for script weenie (Juergen Nieveler)
Re: Idea - (LONG) (wtshaw)
Re: DH/DSS ("Henrick Hellstr�m")
Re: Fractal Compression (Mok-Kong Shen)
Re: Kill-file entries for TRN to nuke the weenie! (was Re: Kill-filter expression
for script weenie) (Hard)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Crossposted-To:
alt.privacy.anon-server,alt.security.pgp,comp.security.pgp.discuss,comp.security.pgp.resources,comp.security.pgp.tech
Subject: Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be Forged
Date: 27 Mar 2001 05:20:07 GMT
In <dAMv6.33$[EMAIL PROTECTED]> "Roger Schlafly"
<[EMAIL PROTECTED]> writes:
]If the attack has access to my private machine to do all that,
]wouldn't it be easier for him to patch my PGP.exe in some way
]to make it insecure?
So why do you encrypt your secret key? If someone has the ability to
read your secret key file (which has read permission only for you) they
have teh ability to alter your PGP. However I think all would feel that
encrypting your secret key file is a good idea. Similarly making sure
that someone writing to your secret key file cannot thereby discover
your secret key is just as good an idea. The protocaol for and
encrypted file should not allow the contents of that file to be
discoverable except by knowledge of the appropriate passphrase. It
should not allow that key to be discoverable simply by someone being
able to write to that file (just as they should not be discoverable by
someone being able to read that file.)
]This "attack" just looks like a cheap publicity stunt to me.
?? I guess our opinions differ. Sounds like a "shoot the messenger"
reaction to me.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: alt.drugs.pot,rec.radio.swap,rec.running,rec.sport.skating.ice.figure
Subject: Re: Malicious Javascript in Brent Kohler post (was: Re: Who is Brent K
Kohler?)
Date: Tue, 27 Mar 2001 05:08:30 GMT
On Mon, 26 Mar 2001 22:41:52 -0600, "Rick"
<[EMAIL PROTECTED]> wrote, in part:
>DO NOT OPEN THE POST FROM BRENT KOHLER. (yes, I know I am shouting)
>If you are using a newsreader that runs javascript, it may lock up your
>machine. This has been all over many newsgroups.
DO NOT USE A NEWSREADER THAT RUNS JAVASCRIPT.
Because you might not read the warning before you open the post the
next time somebody tries a stunt like this.
It is sheer madness to put that kind of 'feature' in a newsreader. As
far as that goes, HTML in postings should also be deemed as
nonstandard, and should not be supported either.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Here's a fun Rijndael Challenge
Date: Tue, 27 Mar 2001 05:03:01 GMT
On Tue, 27 Mar 2001 04:11:53 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote, in part:
>Also, it amounted to a requirement for pure ciphertext C/A of
>some variant of Rijndael. If that is possible it would be
>*big* news. I.e. it is too hard for a "puzzle".
I suppose the only way it could be solved is if the space of
transformations from "password" to _key_ is small enough for a search.
But if the plaintext is expanded eightfold, then there is the other
matter of an unusual enciphering mode as well.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Please read.
Date: Tue, 27 Mar 2001 05:05:28 GMT
On 26 Mar 2001 12:10:28 -0800, Paul Rubin <[EMAIL PROTECTED]>
wrote, in part:
>This shows a misunderstanding of how remailers work. A remailer can't
>tell who the offender is or who the offender's ISP is. Remailers
>generally get their input, in encrypted form, from other remailers,
>with origin information already removed. See
> http://www.obscura.com/~loki/remailer/remailer-essay.html
>for a description.
And, of course, that makes sense. After all, many _legitimate_ uses of
remailers are illegal, so only this kind of chain - with erasure of
messages after retransmission - would make them effective.
>In the case of this particular flood, it may be possible to implement
>some filtering at the m2n (mail to news) gateway. A more virulent
>attack (remember Hipcrime) is much harder to stop.
Yes, at least the last step in the chain could catch this sort of
thing.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: George <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: DH/DSS
Date: Mon, 26 Mar 2001 23:35:31 -0600
I've been doing some research on public key algorithms, and I can find a
mass of information for key generation of every algorithm except
Diffie-Hellman/Digital Signature Standard (DH/DSS). Where can I find
more about key generation for this algorithm? Any help is appreciated.
Thanks.
-George
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: Valid condition for multiplicative generator?
Date: Tue, 27 Mar 2001 05:42:08 GMT
On Tue, 27 Mar 2001 04:59:15 -0000, in
<[EMAIL PROTECTED]>, in sci.crypt
[EMAIL PROTECTED] (those who know me have no need of my name)
wrote:
><[EMAIL PROTECTED]> divulged:
>
>>Where would any fundamental randomness come from? How could it be
>>detected on a stock PC?
>
>how does the presence of an i810 (or later) chipset in a substantial
>number of stock pc's affect your views?
That is a completely different issue.
Clearly, if one has such hardware, and one considers the Intel RNG to
be acceptable, and the interface to it also acceptable, then one does
have a hardware source of random values.
Personally, I have problems with the Intel design. Clearly, the
intent is to have a physically-random device based on thermal resistor
noise (Johnson noise). One problem is that the generator would
produce the same sort of apparently-random result even without the
noise. Consequently, we are unable to show by experiment that the
generator really does use unknowable quantum noise, which means that
our only basis for such belief is the Intel design assertion that it
must be so. I have been an engineer for too long, and deceived by
claims too often, to take such assertions at face value.
There is a fundamental security problem with complex systems in
silicon chips, which is that ordinary people are unable to validate
precisely what circuit is present. Especially in the case of a
physically-random generator, an essentially pseudorandom design would
produce just about the same results. We can't distinguish a
physically-random generator from a pseudorandom generator by
statistical tests on the output stream. So without the ability to
validate the design in some experimental or physical way, we only have
someone's assurance that the actual circuit we have really is
performing the way we want it to. That is not enough for me.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
------------------------------
From: Guy-Armand Kamendje <[EMAIL PROTECTED]>
Crossposted-To: sci.math
Subject: ECC conversion to Weierstrass form
Date: Tue, 27 Mar 2001 07:32:18 +0200
Reply-To: [EMAIL PROTECTED]
given a curve C: y^2=ax^4+bx^3+cx^2+dx+e,
someone told me that one could just pick any point lying on this curve
as the origin and convert the quartic to an elliptic curve in
Weierstrass form. I have found a formula somewhere for the case that the
point P=(0,0) lies on the curve. Is there any general formula for any
given point let's say Q=(i,j) liying on the curve?
thanks for any hint
guy-armand
--
G.A. Kamendje || Tel +43 316 873 55 51
T-U Graz ||
I.A.I.K || www.iaik.at/aboutus/people/Kamendje
------------------------------
Subject: Re: Pike stream cipher
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Tue, 27 Mar 2001 05:32:46 GMT
[EMAIL PROTECTED] (Gregory G Rose) writes:
> Sigh, Tom. You are a very effective troll.
A troll is someone who posts disingenuously to get a rise. A kook is
someone who sincerely believes and frequently posts utter nonsense and
gets a rise anyway. Tom sometimes posts wrong stuff, but he's
neither.
Mind you, "Blow me goat boy" does have me reaching for the "killfile
author" keysequence...
--
__ Paul Crowley
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
Subject: Re: Password Encryption
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Tue, 27 Mar 2001 05:32:46 GMT
"Richard Wright" <[EMAIL PROTECTED]> writes:
> I'm looking for a good one way encryption formula (decryption not required)
> for encrypting passwords and I don't want to reinvent the wheel if there are
> well published methods out there. I require this for an app I'm writing for
> Win32 and I have noticed that there are encryption routines in Win32 system.
> As anyone used them? Are they any good? Also, is there any recommended
> readings on this topic?
This must be the most posted URL on this group:
http://www.counterpane.com/low-entropy/
--
__ Paul Crowley
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
Crossposted-To: alt.drugs.pot,rec.radio.swap,rec.running,rec.sport.skating.ice.figure
Subject: Re: Malicious Javascript in Brent Kohler post
From: [EMAIL PROTECTED] (Tony L. Svanstrom)
Date: Tue, 27 Mar 2001 06:31:57 GMT
Rick <[EMAIL PROTECTED]> wrote:
> evidence wrote in message <[EMAIL PROTECTED]>...
> [snip javascript]
>
> DO NOT OPEN THE POST FROM BRENT KOHLER. (yes, I know I am shouting)
>
> If you are using a newsreader that runs javascript,
Don't complain about trouble when you're asking for it...
> it may lock up your machine. This has been all over many newsgroups.
/Tony
--
########################################################################
I'm sorry, I'm sorry; actually, what I said was:
HOW WOULD YOU LIKE TO SUCK MY BALLS?
- South Park -
------------------------------
Crossposted-To: alt.politics.org.fbi,alt.politics.org.nsa,alt.2600
From: Turd [EMAIL PROTECTED] (Turd Fredericks)
Subject: Re: Once again U.S. law enforcement violated illegally ... yesterday in Miami
-
Reply-To: [EMAIL PROTECTED]
Date: Tue, 27 Mar 2001 06:41:48 GMT
On 26 Mar 2001 14:36:00 GMT, [EMAIL PROTECTED] wrote:
>
>
> -------
>
> For your potential news reporting:
>
> Once again I was violated by the U.S. cops who came and started asking
> questions and other activities without me doing anything wrong or illegal.
>
> Actually, I was just in a parking space in my car without doing really
> anything. At this time there were three police cars and it was in Miami. This
> is the second time within two weeks it has happened to me here in the U.S.A.
>
>
> 1.5 weeks earlier the similar violation by these U.S. cops took place in Los
> Angeles.
>
> They violate criminally and I seemed to be targeted by them. I have never even
> got a traffic ticket or done anything illegal. This Miami violation by the
> U.S. cops happened just few hours after I had attended a Jewish event (one
> similar to Rabbe Carlebach's events in Leningrad in 1989) in Miami.
>
> These abuses by the U.S. police and law enforcement forces started after the
> U.S. government stole my spouse (now ex spouse) in December, 1999 and after
> my spouse left there have been at least eight separate violations against me
> by the U.S. cops or police officers.
>
> Basically, they are doing this criminally and I have never done anything
> illegal and not even got a traffic ticket. I do not drink, smoke, I have
> never even tried any illegal drugs and I practice my religion (the religion
> of AGOD) every day praying at least three times a day. I have no associations
> with any illegal groups or activities. So all their violations are illegal.
>
> But this is the way it has been for 1.5 years now and I do not foresee me
> staying in the U.S.A. for very much longer due to all these criminal abuses
> by the U.S. law enforcement. It is ironic, I have never done anything wrong
> or illegal.
>
Judging by your previous posts, you seem to be insane. Could this
somehow be what makes you a cop magnet? I suggest you simply
leave the USA if you don't like the way you are being treated.
--
_________________________________
Idiot wind, blowing every time you move your mouth
Blowing down the backroads heading south
--Bob Dylan
------------------------------
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: Idea
Date: 27 Mar 2001 08:31:27 +0200
In article <[EMAIL PROTECTED]>,
Graywane <[EMAIL PROTECTED]> wrote:
> If you have a "secure channel" to transmit the key then you have a
> "secure channel" to transmit the entire message. No encryption needed.
Net necessarily - that "secure channel" may exist for a limited
period of time only, prior to the need to send messages securely. In
such a case, OTP encryption makes very much sense.
In most real life situations, OTP is a hassle though and is therefore
rarely used. OTP encryption was, and probably still is, most often
used by spies.
--
================================================================
Paul Schlyter, Swedish Amateur Astronomer's Society (SAAF)
Grev Turegatan 40, S-114 38 Stockholm, SWEDEN
e-mail: pausch at saaf dot se or paul.schlyter at ausys dot se
WWW: http://hotel04.ausys.se/pausch http://welcome.to/pausch
------------------------------
Crossposted-To: alt.security.pgp
Subject: Re: Kill-filter expression for script weenie
From: [EMAIL PROTECTED] (Juergen Nieveler)
Date: 27 Mar 2001 09:15:13 +0200
[EMAIL PROTECTED] (filterguy) wrote:
>This seemed to work with Hamster:
>
># specify the newsgroups
>
>[{^alt\.security\.pgp$} {^sci\.crypt$}]
>
># the following I have as all one line but will probably be wrapped
># when posted
>
>=-9999 subject "love" "need" "ask" "require" "uses" "used" "want"
>+@from:{(anonymous|melon|frog2|remailer|steeleye|nescio)}
Thanks!
--
Juergen Nieveler
Support the ban of Dihydrogen Monoxide: http://www.dhmo.org/
"The people united can never be ignited!"- Sgt. Colon, Ankh-Morpork Watch
www.bofh.mynetcologne.de / [EMAIL PROTECTED] / PGP Supported!
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Idea - (LONG)
Date: Tue, 27 Mar 2001 01:28:09 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote:
....
> The key should have at least as many possible values as
> the number of possible messages.
> In what Shannon refers to as an "ideal system" He goes on to state
> that it is possible to construct encryption system where one only
> has a finite number of keys. So that even with infinite amount of
> cipher text. There still is not enough INFORMATION in the cipher
> text to know what the solution is.
...
Ah, yes. If we exclude algorithms that miss this requirement, there are
scant few left. It is only in pursuit of perfection that real progress
can be made.
--
GWB is sure one day to have a presidential library. The big
question is on which off-shore rig should it be placed.
------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: DH/DSS
Date: Tue, 27 Mar 2001 10:12:44 +0200
You can't have done much research. This was the first hit I got from Google
when searching for "Digital Signature Standard":
http://www.itl.nist.gov/fipspubs/fip186.htm
The DSA/DSS algorithms are described and explained in detail in the Handbook
of Applied Cryptography http://www.cacr.math.uwaterloo.ca/hac.
--
Henrick Hellstr�m [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
"George" <[EMAIL PROTECTED]> skrev i meddelandet
news:[EMAIL PROTECTED]...
> I've been doing some research on public key algorithms, and I can find a
> mass of information for key generation of every algorithm except
> Diffie-Hellman/Digital Signature Standard (DH/DSS). Where can I find
> more about key generation for this algorithm? Any help is appreciated.
> Thanks.
>
> -George
> [EMAIL PROTECTED]
>
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Fractal Compression
Date: Tue, 27 Mar 2001 10:29:51 +0200
Joseph Ashwood wrote:
>
> [now on encryption]
> While the various fractal attempts at encryption haven't proven useful, they
> may yet prove to be. Some of the idea is that fractal equations are just
> another set of functions that can be used. They may or may not prove useful.
I think too that that direction should not yet be given up
and further researched.
> The index into PI methodology is not likely to be of much use, I assume that
> the key is an index into Pi that forms the beginning. The reason being
> fairly simple. As an attacker I can easily compute PI (since it's a given
> that I will know your algorithm, just not your keys). With the ability to
> compute Pi, I can keep iterating down until the decryption looks like it's
> expected to, so brute force towards the key is very possible. To break a key
> more analytically, precompute small stretches of Pi at regular intervals,
> this will allow fast checks against data.
But employing a PRNG to index could render the attack
much more difficult, as I recently mentioned.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Hard)
Subject: Re: Kill-file entries for TRN to nuke the weenie! (was Re: Kill-filter
expression for script weenie)
Date: Tue, 27 Mar 2001 08:48:23 GMT
Thanks, man. That was considerate of you.
On 26 Mar 2001 13:04:34 -0700, [EMAIL PROTECTED] (Ben Cantrick)
wrote:
>In article <[EMAIL PROTECTED]>,
>filterguy <[EMAIL PROTECTED]> wrote:
>>A filter expression that kills the Script Kiddie posts:
>>
>>for (Forte) Agent:
>>
>>subject: (love*|need*|ask*|require*|uses*|want*|used) and from:
>>(anonymous|melon|frog2|remailer|steeleye|nescio)
>>
>>
>>For Xnews (and slrn?):
>>
>> Score: -9999
>> Expires: 4/25/2001
>> Subject: (love|need|ask|require|use(s|d)|want)
>> From: (anonymous|melon|frog2|remailer|steeleye|nescio)
>
> Excellent kill expressions!
>
> In killfiles, as in crypto, the key is finding exploitable patterns.
>Our ph33r-less script kiddy has been quite stupid in his choice of posting
>material; all his posts contain dead giveaways. Here are some trn killfile
>entries that I'm using to nuke him...
>
> - He always has either "X-DumbAss: Arnold Boschloo" or "X-AirHead: Arnold
>Boschloo" in his posts. These two killfile entires auto-kill posts with
>"X-AirHead" pr "X-Dumbass" header lines:
>
>/^X-DumbAss/h:j
>/^X-AirHead/h:j
>
> These two lines alone seem to nuke 99% of his crap, and are probably
>sufficient by themselves. However, there are additional patterns we can
>exploit to shut him down too...
>
> - He seems to like to cross-post his junk to three specific newsgroups,
>soc.men, alt.security.pgp and sci.crypt. I consider the chances of someone
>legitimately cross-posting to all three of these newgroups vanishingly
>small. Hence I kill any post that goes to all three of them:
>
>/^Newsgroups:.*soc.men,alt.security.pgp,sci.crypt/h:j
>
> (Note: This killfile entry is order-sensitive to the order of the
>newsgroups. So if he starts randomizing the order of the groups in this
>line, you'll have to type in all six permutations, like so:
>
>/^Newsgroups:.*alt.security.pgp,soc.men,sci.crypt/h:j
>/^Newsgroups:.*alt.security.pgp,sci.crypt,soc.men/h:j
>/^Newsgroups:.*sci.crypt,alt.security.pgp,soc.men/h:j
>/^Newsgroups:.*sci.crypt,soc.men,alt.security.pgp/h:j
>/^Newsgroups:.*soc.men,alt.security.pgp,sci.crypt/h:j
>/^Newsgroups:.*soc.men,sci.crypt,alt.security.pgp/h:j
>
> It's a little annoying, but not too bad.)
>
> - Lastly, he seems to have some kind of fanatic hard-on for Arnold
>Boschloo, as mentioned above. He likes to CC his posts to Arnold and
>Arnold's ISP. I consider the chances of anyone legitimately CC'ing
>something to Arnold small, so I kill any posts that has a CC to Arnold's
>e-mail address:
>
>/^CC:.*[EMAIL PROTECTED]/h:j
>
>
> If you use the trn newsreader, then, well, you probably don't need me
>telling you how to make kilfile entries! But if you're a newbie using trn,
>here's how to use these: First, start reading sci.crypt. Then, start reading
>an article - any article will do. Read it through to the end so you get to
>the "end of" article prompt. This is the one that says "Article #xxxxx", not
>the one that says "More".
>
> Once you get to that prompt, hit ^K to directly edit the killfile for
>the newsgroup. You should be punted into an editor (maybe vi) and allowed
>to enter killfile entries. Type in the above killfile entries and off you
>go! Now every time you start reading sci.crypt, the newsreader will use
>the above entries to auto-junk posts from our ever-so-l33t s/<ript kiddie.
>
>
> -Ben
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
