Cryptography-Digest Digest #101, Volume #14 Sat, 7 Apr 01 14:13:00 EDT
Contents:
[NEW] I found a new TLA on Usenet (Fight Boschloo)
Re: New PGP2.6.3(i)n (Harald Laabs)
[NEW] I found a new TLA on Usenet (Fight Boschloo)
Re: patent issue ("Tom St Denis")
[NEW] I found a new TLA on Usenet (Fight Boschloo)
Re: Comment on SafeBoot's RC5 algorithm (Lawrence Kirby)
DES & IDEA libs (Sebo)
Re: Comment on SafeBoot's RC5 algorithm ("Tom St Denis")
Re: Dynamic Substitution Question (John Savard)
bit commitment ("Tom St Denis")
Re: DES & IDEA libs (Mok-Kong Shen)
Re: Dynamic Substitution Question (Mok-Kong Shen)
Re: bit commitment (Ichinin)
Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be (David
Hopwood)
Re: bit commitment ("Tom St Denis")
Re: DES & IDEA libs (Frank Gerlach)
Re: bit commitment (David A Molnar)
Re: New PGP2.6.3(i)n (Lutz Donnerhacke)
----------------------------------------------------------------------------
Date: 7 Apr 2001 11:11:05 -0000
From: [EMAIL PROTECTED] (Fight Boschloo)
Subject: [NEW] I found a new TLA on Usenet
Crossposted-To: alt.privacy.anon-server,alt.security-pgp
I found a new Three-Letter-Abbreviation on Usenet
WAB !
It stands for "What a Boschloo" !
And it is not exactly a nice thing to say
===============================================
HISTORY:
That Boschloo bozo is a clown and a troll who has been looming around for nearly a
year.
Don't mistake a "regular" (troll) with a knowledgeable person: that self-proclaimed
"security expert" is not even a remailer user. In the past, he proved himself unable
to check a PGP signature, and got ridicule from every single technical topic he wante
d to talk about.
Besides false or inaccurate or misleading technical misinformation, his posts are
about his avowed mental illness, or for bashing remops or real freedom fighters: he
likes to quarrel with every one, and stir shit. Sometimes, it is even pure delirium
(whe
n he misses his pills?)
One of his last actions was to stage a hoax about his own suicide, just to try to grab
some sympathy, after he had been exposed as a troll and technically incompetent.
The worst being his teasing of Script-Kiddie until it triggered a new flood on apas.
Of course, he refuses to apologize.
Actually, the level of contempt he shows for remailer users:
they don't give their names, while he does
that can't do anything against him, without giving their names
is in no way different from what is displayed by Pangborn, Burnore and the like
Ignore him completely, killfile him, respect others' killfiles
KILLFILE:
To put him in your killfile, put "Author: Boschloo"
That will make disappear both him and people who warn about him
If you want to tell him to buzz off, or warn about him,
use a nickname containing "Boschloo" (Boschloo Hater, Boschloo Sucks,...)
to accomodate such killfile for "regulars", and still warn newbies
COURAGE:
Boschloo is getting _no_ answer from apas any more.
He has to crosspost to various newsgroups to try to grab some attention.
In a few months, it will be gone.
------------------------------
From: [EMAIL PROTECTED] (Harald Laabs)
Crossposted-To: de.comp.security.misc
Subject: Re: New PGP2.6.3(i)n
Date: Sat, 7 Apr 2001 11:33:50 +0000 (UTC)
Reply-To: [EMAIL PROTECTED]
David Hopwood <[EMAIL PROTECTED]> wrote:
>Lutz Donnerhacke wrote:
>> ftp://ftp.iks-jena.de/mitarb/lutz/crypt/software/pgp/pgp263in/
>>
>> 20010322:
>> - Protect against the Czech attack of modified secret key files. (Cool!)
>
>How exactly did you do this? The most obviously secure approach would be
>to add authentication of the ciphertext (e.g. using a MAC), but that would
>be an incompatible format change for keyring files. Other validity checks
>are possible, but which ones did you use?
>From the diff:
|+ mp_mult (temp, P, Q);
|+ if (mp_compare (temp, N)) {
|+ fprintf(pgpout, LANG("\n\007Mathematical inconsitent key.\
| Private key files modified?\n"));
>> - Protect against MPI computing errors. (more programm errors than
>> Bellcore)
Here the check should be obvious: decrypt the signature.
>Has anyone gone through the MPI library with a fine tooth comb trying to
>find bugs?
Would not help. Even if there where no errors in the library there
could be errors in overclocked CPUs as Lutz pointed out earlier.
Harald
--
"The PROPER way to handle HTML postings is to cancel the article, then
hire a hitman to kill the poster, his wife and kids, and fuck his dog
and smash his computer into little bits. Anything more is just
extremism." -- Paul Tomblin
------------------------------
Subject: [NEW] I found a new TLA on Usenet
Crossposted-To: alt.privacy.anon-server,alt.security-pgp
From: Fight Boschloo <[EMAIL PROTECTED]>
Date: Sat, 07 Apr 2001 11:47:29 GMT
NOTICE: This message may not have been sent by the Sender Name
above. Always use cryptographic digital signatures to verify
the identity of the sender of any usenet post or e-mail.
I found a new Three-Letter-Abbreviation on Usenet
WAB !
It stands for "What a Boschloo" !
And it is not exactly a nice thing to say
===============================================
HISTORY:
That Boschloo bozo is a clown and a troll who has been looming around for nearly a
year.
Don't mistake a "regular" (troll) with a knowledgeable person: that self-proclaimed
"security expert" is not even a remailer user. In the past, he proved himself unable
to check a PGP signature, and got ridicule from every single technical topic he wanted
to talk about.
Besides false or inaccurate or misleading technical misinformation, his posts are
about his avowed mental illness, or for bashing remops or real freedom fighters: he
likes to quarrel with every one, and stir shit. Sometimes, it is even pure delirium
(when he misses his pills?)
One of his last actions was to stage a hoax about his own suicide, just to try to grab
some sympathy, after he had been exposed as a troll and technically incompetent.
The worst being his teasing of Script-Kiddie until it triggered a new flood on apas.
Of course, he refuses to apologize.
Actually, the level of contempt he shows for remailer users:
they don't give their names, while he does
that can't do anything against him, without giving their names
is in no way different from what is displayed by Pangborn, Burnore and the like
Ignore him completely, killfile him, respect others' killfiles
KILLFILE:
To put him in your killfile, put "Author: Boschloo"
That will make disappear both him and people who warn about him
If you want to tell him to buzz off, or warn about him,
use a nickname containing "Boschloo" (Boschloo Hater, Boschloo Sucks,...)
to accomodate such killfile for "regulars", and still warn newbies
COURAGE:
Boschloo is getting _no_ answer from apas any more.
He has to crosspost to various newsgroups to try to grab some attention.
In a few months, it will be gone.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: patent issue
Date: Sat, 07 Apr 2001 12:28:08 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> > "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote ...
> > > Tom St Denis wrote:
> > > > Patents are just a way to hold someone liable for being creative.
> > > No, they're an incentive for inventors to publish their work
> > > instead of keeping it secret while they (possibly) exploit it.
> > Ahh, but if money wasn't an issue why hold it secret?
>
> ? Did I mention money? And anyway, what do you have against
> someone *earning* his keep by inventing useful stuf?
So you need money to be fulfilled?
Tom
PS this is vastly OT this should stop
------------------------------
Date: 7 Apr 2001 13:51:15 -0000
From: [EMAIL PROTECTED] (Fight Boschloo)
Subject: [NEW] I found a new TLA on Usenet
Crossposted-To: alt.privacy.anon-server,alt.security-pgp
I found a new Three-Letter-Abbreviation on Usenet
WAB !
It stands for "What a Boschloo" !
And it is not exactly a nice thing to say
===============================================
HISTORY:
That Boschloo bozo is a clown and a troll who has been looming around for nearly a
year.
Don't mistake a "regular" (troll) with a knowledgeable person: that self-proclaimed
"security expert" is not even a remailer user. In the past, he proved himself unable
to check a PGP signature, and got ridicule from every single technical topic he wanted
to talk about.
Besides false or inaccurate or misleading technical misinformation, his posts are
about his avowed mental illness, or for bashing remops or real freedom fighters: he
likes to quarrel with every one, and stir shit. Sometimes, it is even pure delirium
(when he misses his pills?)
One of his last actions was to stage a hoax about his own suicide, just to try to grab
some sympathy, after he had been exposed as a troll and technically incompetent.
The worst being his teasing of Script-Kiddie until it triggered a new flood on apas.
Of course, he refuses to apologize.
Actually, the level of contempt he shows for remailer users:
they don't give their names, while he does
that can't do anything against him, without giving their names
is in no way different from what is displayed by Pangborn, Burnore and the like
Ignore him completely, killfile him, respect others' killfiles
KILLFILE:
To put him in your killfile, put "Author: Boschloo"
That will make disappear both him and people who warn about him
If you want to tell him to buzz off, or warn about him,
use a nickname containing "Boschloo" (Boschloo Hater, Boschloo Sucks,...)
to accomodate such killfile for "regulars", and still warn newbies
COURAGE:
Boschloo is getting _no_ answer from apas any more.
He has to crosspost to various newsgroups to try to grab some attention.
In a few months, it will be gone.
------------------------------
From: [EMAIL PROTECTED] (Lawrence Kirby)
Subject: Re: Comment on SafeBoot's RC5 algorithm
Date: Sat, 07 Apr 2001 12:17:07 GMT
Reply-To: [EMAIL PROTECTED]
In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] "Marc" writes:
>>cipher-block-chaining based on the sectors. The raw alg works at about
>>400MB/s (yes, 400 megabytes of data per second) on a 1ghz athelon in
>>W32.
>
>The interesting thing is that my P3-800 FSB133 does hardly even read
>more than 110 MB/s from RAM.
My old 200Mhz Ppro with EDO memory can manage up to about 250MB/sec
reading from memory so there is something very wrong there. :-) 133Mhz
SDRAM can manage about 1GB/sec and you should be able to realise at
least 700-800MB/sec reading, sometimes more.
--
=========================================
Lawrence Kirby | [EMAIL PROTECTED]
Wilts, England | [EMAIL PROTECTED]
=========================================
------------------------------
From: Sebo <[EMAIL PROTECTED]>
Subject: DES & IDEA libs
Date: Sat, 7 Apr 2001 17:13:31 +0200
Does anyone knows where to find libraries (Matlab, C) or description of
DES/IDEA algorithms ?
Thanks.
--
| Student at Technical University of Gdansk
| ICQ 51979800 IRC: on @#elblag, @#pg
| http://irc.elblag.eu.org
| Time not important, only life important...
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Comment on SafeBoot's RC5 algorithm
Date: Sat, 07 Apr 2001 15:30:50 GMT
"Lawrence Kirby" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] "Marc"
writes:
>
> >>cipher-block-chaining based on the sectors. The raw alg works at about
> >>400MB/s (yes, 400 megabytes of data per second) on a 1ghz athelon in
> >>W32.
> >
> >The interesting thing is that my P3-800 FSB133 does hardly even read
> >more than 110 MB/s from RAM.
>
> My old 200Mhz Ppro with EDO memory can manage up to about 250MB/sec
> reading from memory so there is something very wrong there. :-) 133Mhz
> SDRAM can manage about 1GB/sec and you should be able to realise at
> least 700-800MB/sec reading, sometimes more.
If you can read real data at 800mb/sec then you're a god. Contrived
bandwidth tests are of theoretical interest only.
My IDE hd is supposed to read >40MB sec too but I only really get about
10MB/sec max during a read/seek test.
Tom
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Dynamic Substitution Question
Date: Sat, 07 Apr 2001 15:18:09 GMT
On Sat, 07 Apr 2001 07:30:03 GMT, [EMAIL PROTECTED] (Terry Ritter) wrote,
in part:
>On Sat, 07 Apr 2001 06:32:53 GMT, in
><[EMAIL PROTECTED]>, in sci.crypt
>[EMAIL PROTECTED] (David Formosa (aka ? the Platypus)) wrote:
>>On Sat, 07 Apr 2001 05:20:34 GMT, Terry Ritter <[EMAIL PROTECTED]> wrote:
>>> I will just note again that Dynamic Substitution was examined -- and
>>> allowed
>>By an underfunded patent office whos history of making poor desions
>>with readerd to what is patanable in the computer field is legionary.
>Well, I suppose you can believe what you want. In this particular
>case I don't see that particular problem.
>Nevertheless, a decision has been made. Unless and until it is
>reversed, it stands.
Although I think that there _may_ possibly be slight problems with the
broader aspects of the Dynamic Substitution patent, the "preferred
embodiment" at least is very clearly original. Nothing remotely like
it seems to have predated it that I've ever heard of.
John Savard
http://home.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: bit commitment
Date: Sat, 07 Apr 2001 15:45:31 GMT
I was browsing thru LASEC and Rivest's website reading some stuff (ok I'm
bored...) Anyways I came across Rivest's paper on bit commiment. I was
wondering wouldn't an easier protocol just use a hash?
i.e Alice wants to commit to X so she sents Bob HASH(X || RANDOM). Alice
keeps X || RANDOM so she can reveal that it's truthful.
Assuming she didn't reuse RANDOM in further commitments wouldn't this be as
hard as reversing the hash function?
--
Tom St Denis
---
http://tomstdenis.home.dhs.org
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: DES & IDEA libs
Date: Sat, 07 Apr 2001 17:50:19 +0200
Sebo wrote:
>
> Does anyone knows where to find libraries (Matlab, C) or description of
> DES/IDEA algorithms ?
For crypto matters it has proved to be always profitable
to first take a look into commonly recommended books like
Schneier's AC or Menezes' HAC.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Dynamic Substitution Question
Date: Sat, 07 Apr 2001 17:57:21 +0200
John Savard wrote:
>
[snip]
> Although I think that there _may_ possibly be slight problems with the
> broader aspects of the Dynamic Substitution patent, the "preferred
> embodiment" at least is very clearly original. Nothing remotely like
> it seems to have predated it that I've ever heard of.
Since you seem to have better studied DS than many, may
I ask your favour to explain a little bit the term
'preferred embodiment' above (which isn't a commonly
encountered one in posts of our group)? Thanks.
M. K. Shen
------------------------------
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: bit commitment
Date: Sat, 07 Apr 2001 05:46:48 +0200
Tom St Denis wrote:
<SNIP>
It would prove as difficult as SizeOf(RANDOM)
if SizeOf(X) is known.
(Do you have an url to those papers?)
Regards,
Ichinin
------------------------------
Date: Sat, 07 Apr 2001 04:50:01 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy.anon-server,alt.security.pgp,comp.security.pgp.discuss
Subject: Re: New PGP Flaw Verified By Phil Zimmerman, Allows Signatures to be
=====BEGIN PGP SIGNED MESSAGE=====
Sam Simpson wrote:
> Less not be overprotective of OpenPGP here: if Netscape of Microsoft had
> such a stupid hole, we'd jump all over them.
What makes you think they don't? Both Netscape and Microsoft have software
that uses passhprase-based encryption to protect private keys, without an
integrity mechanism. I would be surprised if they were not also vulnerable
to chosen ciphertext attacks (although the management of private keys
in CryptoAPI, at least, is so poorly designed that another vulnerability
would not make much difference).
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOs6OBDkCAxeYt5gVAQGxdwgAjqFHNLC4rNpH6kRT6EXrKIIhKT2i5tm3
/K/y7oAt8lH3YB11A6IhP8tbdXSxkqyt9G1gU5cegL6Qhk/UbQ2FTINqIHANNbF7
oybg8D3QC6EmEVhpIuY5ziQCVWra2aNa8SY9IrEe4Q9Yg7r7iwCmaSGZwZs4hPMC
MjLeOuaL/Nvq53F57xtzoi/gDC3GHkO1REEimNevGHpLf57Jqh4gVGspWzipg+Xc
jYgnGWXmV6ubgBMwLjA9BUbnH5PpNlVVHX28jHGg8QFoQNyiwFmtEtsgLr8lJsBS
NrMnmdMN3OOqq8kCK5PF+SQuT+ycuYU1jI8XcnG6FcWHs2O3dOGJKw==
=9Upv
=====END PGP SIGNATURE=====
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: bit commitment
Date: Sat, 07 Apr 2001 16:36:06 GMT
"Ichinin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> <SNIP>
>
> It would prove as difficult as SizeOf(RANDOM)
> if SizeOf(X) is known.
>
> (Do you have an url to those papers?)
Sure LASEC is at http://lasecwww.epfl.ch/
And Rivest's page is at http://theory.lcs.mit.edu/~rivest/publications.html
Tom
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: Re: DES & IDEA libs
Date: Sat, 07 Apr 2001 18:44:59 +0200
google.com
altavista.com
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: bit commitment
Date: 7 Apr 2001 17:12:16 GMT
Tom St Denis <[EMAIL PROTECTED]> wrote:
> I was browsing thru LASEC and Rivest's website reading some stuff (ok I'm
> bored...) Anyways I came across Rivest's paper on bit commiment. I was
> wondering wouldn't an easier protocol just use a hash?
> i.e Alice wants to commit to X so she sents Bob HASH(X || RANDOM). Alice
> keeps X || RANDOM so she can reveal that it's truthful.
Is this Rivest's paper on commitments with a trusted initializer? If so, then
note that in the paper, Alice and Bob are potentially unbounded. So they
could invert hashes if they wanted to.
-David
------------------------------
From: [EMAIL PROTECTED] (Lutz Donnerhacke)
Crossposted-To: de.comp.security.misc
Subject: Re: New PGP2.6.3(i)n
Date: Sat, 7 Apr 2001 17:43:45 +0000 (UTC)
* Harald Laabs wrote:
>David Hopwood <[EMAIL PROTECTED]> wrote:
>>Lutz Donnerhacke wrote:
>>> 20010322:
>>> - Protect against the Czech attack of modified secret key files. (Cool!)
>>
>>How exactly did you do this? The most obviously secure approach would be
>>to add authentication of the ciphertext (e.g. using a MAC), but that would
>>be an incompatible format change for keyring files. Other validity checks
>>are possible, but which ones did you use?
>
>From the diff:
>|+ mp_mult (temp, P, Q);
>|+ if (mp_compare (temp, N)) {
>|+ fprintf(pgpout, LANG("\n\007Mathematical inconsitent key.\
>| Private key files modified?\n"));
Wrong quote. I added a dectyption after encryption test.
The part you quoted contains fix against a possible buffer overflow.
>>> - Protect against MPI computing errors. (more programm errors than
>>> Bellcore)
>
>Here the check should be obvious: decrypt the signature.
Ack.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
