Cryptography-Digest Digest #134, Volume #14 Fri, 13 Apr 01 09:13:01 EDT
Contents:
XOR TextBox Freeware: Very Smooth. (Anthony Stephen Szopa)
Re: _"Good" school in Cryptography ("was" I got accepted) ("Joseph Ashwood")
Re: XOR TextBox Freeware: Very Smooth. ("Tom St Denis")
Re: NSA-Endorsed Schools have a Mediocre Internet Presence (Mok-Kong Shen)
Re: Ethernet & Encryption ("Latyr Jean-Luc FAYE")
Re: Ethernet & Encryption (Mok-Kong Shen)
Re: RSA modulus size and bits (Michael J. Fromberger)
Re: I got accepted ("Jack Lindso")
Re: I got accepted ("Tom St Denis")
Re: NSA-Endorsed Schools have a Mediocre Internet Presence ("Tom St Denis")
Re: Ethernet & Encryption ("Tom St Denis")
Re: RSA modulus size and bits ("Tom St Denis")
Re: Graphical representation of a public key (or fingerprint)? ("Michael Schmidt")
----------------------------------------------------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.hacker
Subject: XOR TextBox Freeware: Very Smooth.
Date: Fri, 13 Apr 2001 04:22:54 -0700
XOR TextBox is similar to its predecessor, XOR Utility Version 1.1,
that simply performs the universally available logical XOR process
on two files chosen by the user and outputs the resulting file.
The difference is that XOR TextBox provides a textbox control for
input and output. This textbox control can be used in two ways.
First, a user can type text directly into the textbox and run the XOR
process on this text and another file, outputting the resulting file.
Or secondly, a file that has previously been through the XOR process
using XOR TextBox can be reprocessed again with XOR TextBox and the
result displayed directly into the textbox for viewing.
Either way, at no time is the original text ever written to disk. In
both cases the original text is merely stored in RAM.
http://www.ciphile.com
Downloads Currently Available web page
VB6 Downloads web page
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: _"Good" school in Cryptography ("was" I got accepted)
Date: Thu, 12 Apr 2001 15:03:41 -0700
"newbie" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> No good universities in other parts of the world?
> Russia, China, India, Pakistan, etc...?
>
> The big mistake is to underrate other people.
> You will be very surprised if you take look to those countries.
I think you're demonstrating the applicability of your nym. It's not that
those universities don't have appropriate offerings, it's that if you
actually read the post you replied to you will see "In North America, there
are at
the very least (In no particular order): "
We also have strong evidence that mainland Europe is gaining significant
momentum in cryptography (cryptonessie, and Rijndael), and I can personally
vouch for the fact that I have spent the last two days being brow-beaten
with "our research is done in Israel" and it's variations.
It's not that we don't recognise the contributions of other continents, it's
that we only have significant experience with UK/USA/Isral as major sources,
with occassional contributions from mainland Europe.
As to your other post "What is published is NOT the real knowledge" is
simply false. The real knowledge is the actions and motivations that drive
privacy and security. In recent years the focus of that has slowly shifted
from being Military centric to being finance-centric. This has facilitated a
move from all cryptographic knowledge being housed in a few stray buildings
to the knowledge being openly presented in the Metreon in San Francisco.
This means that while there is still quite a bit of knowledge that has not
been acquired by the public, the quantity of that knowledge is diminishing
very quickly. If you look at the state of the world 10 years ago you will
see that for the most part anyone who was decent at cryptography had a job
working for a government, there were few exceptions. Now the govenerment
employees are becoming the exception. I'm not sure what balance will be
struck in the next ten years, but I do know that the percentage of knowledge
that is being published, or at least known outside of government work is
growing very fast. I personally suspect that the NSA (probably the most
recognised crypto facility, and certainly one of the foremost) is at most 3
years ahead of the public, and in some areas are not further ahead. As
evidence of this I point to SKIPJACK which was published by the NSA and
claimed to offer 80-bits of protection, within a relatively short time (less
time than the NSA had to analyze it) an attack was found that, while it
didn't make much difference, proved that progress could be made against it.
This indicates that the state of the art publicly and the state of the art
governmently is approximately the same.
If you wish to continue making statements such as that I encourage you to
actually research them ahead of time, and of course to actually read what
you are replying to.
Joe
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.hacker
Subject: Re: XOR TextBox Freeware: Very Smooth.
Date: Fri, 13 Apr 2001 11:47:10 GMT
"Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> XOR TextBox is similar to its predecessor, XOR Utility Version 1.1,
> that simply performs the universally available logical XOR process
> on two files chosen by the user and outputs the resulting file.
>
> The difference is that XOR TextBox provides a textbox control for
> input and output. This textbox control can be used in two ways.
>
> First, a user can type text directly into the textbox and run the XOR
> process on this text and another file, outputting the resulting file.
>
> Or secondly, a file that has previously been through the XOR process
> using XOR TextBox can be reprocessed again with XOR TextBox and the
> result displayed directly into the textbox for viewing.
>
> Either way, at no time is the original text ever written to disk. In
> both cases the original text is merely stored in RAM.
You're kidding right? Do you include source? Nope I checked ... you also
wrote
"XOR_TextBox Software Utility Version 1.0 (freeware) - More secure than XOR
Software Utility Version 1.1 above."
On your website. How is a plain xor more secure than anything else? The
non-xor cipher? hehehehe
btw
#include <stdio.h>
int main(int argc, char **argv)
{
FILE *src, *key, *dst;
int src_byte, key_byte;
src = fopen(argv[1], "rb");
key = fopen(argv[2], "rb");
dst = foepn(argv[3], "wb");
while ((src_byte = fgetc(src) != EOF) {
while ((key_byte = fgetc(key)) == EOF)
fseek(key, 0, SEEK_SET);
fputc(src_byte ^ key_byte, dst);
}
fclose(src);
fclose(key);
fclose(dst);
return 0;
}
Wow that's hard..... and I even gave source code.... so there!
Tom
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: NSA-Endorsed Schools have a Mediocre Internet Presence
Date: Fri, 13 Apr 2001 14:06:09 +0200
Frank Gerlach wrote:
>
[snip]
> So if one does not want to become a spook, stay away from the
> spook-funded universities - they are mediocre by design.
A spook is not a good spook, if it openly says that it
funds certain higher educational institutions. In many
countries there are researches supported by defense
departments. But I believe that most really good
scienticists manage to get their work essentially free
from influence. Normally one knows the reputations of
different universities in a country. For undergraduates,
it rarely matters whether one searches a better foreign
university or not. For research work, finding who and
where are the leading scientists in a field is not very
difficult: Just look after the authors of publications
(books, proceedings, journals) in that field.
M. K. Shen
------------------------------
From: "Latyr Jean-Luc FAYE" <[EMAIL PROTECTED]>
Subject: Re: Ethernet & Encryption
Date: Fri, 13 Apr 2001 13:10:54 +0100
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> wrote :
> Two brief comments:
>
> First, you have not addressed the possibility of replay or
denial-of-service
> attacks. The combination of the two are especially pernicious given the
> assumption that the secret keys are erased "when transmission is
complete". An
> attacker can kill off any session by replaying an end-of-session message.
How can I secure this aspect ?
> Second, it appears the nodes need to posses the central authority's public
key
> prior to the start of communication. It cannot be authenticated over the
> network. IMHO this assumption should be explicit.
I am sorry for my english but what the meanning of IMHO ?
The nodes do not have a central authority public key should they ? If yes
can I imagine the same public key at the start is never use then all nodes
broadcast their own public key ?
Thanks
Jean-Luc
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Ethernet & Encryption
Date: Fri, 13 Apr 2001 14:25:24 +0200
Latyr Jean-Luc FAYE wrote:
>
> I am sorry for my english but what the meanning of IMHO ?
In My Humble Opinion. It takes some effort for foreigners
to understand these enigmatic acronyms. I haven't yet
'cracked' them all.
M. K. Shen
------------------------------
From: Michael J. Fromberger <[EMAIL PROTECTED]>
Subject: Re: RSA modulus size and bits
Date: 13 Apr 2001 12:27:07 GMT
In <[EMAIL PROTECTED]> Chenghuai Lu <[EMAIL PROTECTED]> writes:
>"Michael J. Fromberger" wrote:
>> The term "a 1024-bit RSA modulus" means "an integer with 1024
>> significant bits which is the product of two large prime integers."
>> Typically, one might pick two 512-bit primes.
>I think, the 1024th bit of modulus must be 1 because the modulus is
>the multiplication of two prime numbers( they are odd ).
The oddness of the primes has nothing to do with the high-order bit of
their product. If you multiply two arbitrary nonzero _even_ numbers,
whose bit-lengths sum to 1024, you'll still get the 1024th bit set.
(This would not be an RSA modulus, of course)
Cheers,
-M
--
Michael J. Fromberger Software Engineer, Thayer School of Engineering
sting <at> linguist.dartmouth.edu http://www.dartmouth.edu/~sting/
"Oh, Bother." said the Borg. "We've assimilated Pooh."
------------------------------
From: "Jack Lindso" <[EMAIL PROTECTED]>
Subject: Re: I got accepted
Date: Fri, 13 Apr 2001 15:45:15 +0200
Hey Tom no need to take it so personally, a sarcastic phrase once in a while
won't hurt anyone.
Designing the future is all about envisioning the Infinity.
http://www.atstep.com
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:hynB6.87491$[EMAIL PROTECTED]...
>
> "Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> >
> >
> > Tom St Denis wrote:
> > >
> > > "Mok-Kong Shen" <[EMAIL PROTECTED]> wrote:
> > > >
> > > > Tom St Denis wrote:
> > > > >
> > > > > "Mok-Kong Shen" <[EMAIL PROTECTED]> wrote:
> > > > > >
> > > > > > Tom St Denis wrote:
> > > > > > >
> > > > > > > "Serge Vaudenay" <[EMAIL PROTECTED]> wrote:
> > > > > > [snip]
> > > > > > > > Did I do my job well?
> > > > > > >
> > > > > > > Since I am not an undergrad I need not apply. Hehehehehe
> > > > > >
> > > > > > He was evidently addressing the general public (viable
> > > > > > candidates in the group), not you in particular at all!!
> > > > >
> > > > > It's my thread though....
> > > >
> > > > You intiated a thread. But others may talk with one
> > > > another. If you invite guests, they may be talking
> > > > to one another and barely every sentence is destined
> > > > to you. BTW, it is astonshing to see how many % of
> > > > the materials in this thread is really pertinent to
> > > > the science of crypto. I would certainly be among the
> > > > last people to be against having discussions on general
> > > > stuffs, eventually also matters rather unrelated. But
> > > > it seems that it has been a bit too much in this thread.
> > >
> > > You mean I'm not the most important thing in this group? Ha who would
> have
> > > known!
> > >
> > > Muhahahahaha... well if they want to offer scholarships... hehheheheh
> > >
> > > Or just spam about their schools...
> >
> > It does sometimes well to take a mirror and see one's
> > counterfeit. Note such stuffs as your hehehe etc.
> > Coundn't one write a bit more seriously? What does your
> > acceptance by a university concern anybody in the group?
> > Why did you start the thread in the first place?
> > Would you next time announce your having birthday
> > and want others to congratulate you? This group is
> > not for such private matters. There may be some news
> > groups for that. I don't know.
>
> Not this again. Bite my hairy butt. Everytime I post something serious I
> get ignored and sometimes people are generous to help in private. Why?
Cuz
> this group blows goats. You can't maintain a serious tone without
bringing
> in the good ol' spookes.
>
> If this group goes to hell in a hand basket, I want to leave my mark .
>
> Tom
> >
> >
> > M. K. Shen
>
>
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: I got accepted
Date: Fri, 13 Apr 2001 13:02:19 GMT
"Jack Lindso" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Hey Tom no need to take it so personally, a sarcastic phrase once in a
while
> won't hurt anyone.
You think I take this group personally ... nope. I just kid around once and
a while. I'm disapointed that some questions go unaswered here that should
be answered though...
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: NSA-Endorsed Schools have a Mediocre Internet Presence
Date: Fri, 13 Apr 2001 13:02:39 GMT
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Frank Gerlach wrote:
> >
> [snip]
> > So if one does not want to become a spook, stay away from the
> > spook-funded universities - they are mediocre by design.
>
> A spook is not a good spook, if it openly says that it
> funds certain higher educational institutions. In many
> countries there are researches supported by defense
> departments. But I believe that most really good
> scienticists manage to get their work essentially free
> from influence. Normally one knows the reputations of
> different universities in a country. For undergraduates,
> it rarely matters whether one searches a better foreign
> university or not. For research work, finding who and
> where are the leading scientists in a field is not very
> difficult: Just look after the authors of publications
> (books, proceedings, journals) in that field.]
This thread is OT.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Ethernet & Encryption
Date: Fri, 13 Apr 2001 13:03:32 GMT
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Latyr Jean-Luc FAYE wrote:
> >
>
> > I am sorry for my english but what the meanning of IMHO ?
>
> In My Humble Opinion. It takes some effort for foreigners
> to understand these enigmatic acronyms. I haven't yet
> 'cracked' them all.
Heck I don't know what some of them mean to this day.
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: RSA modulus size and bits
Date: Fri, 13 Apr 2001 13:04:08 GMT
"Michael J. Fromberger" <[EMAIL PROTECTED]> wrote in message
news:9b6rar$370$[EMAIL PROTECTED]...
> In <[EMAIL PROTECTED]> Chenghuai Lu <[EMAIL PROTECTED]>
writes:
>
> >"Michael J. Fromberger" wrote:
> >> The term "a 1024-bit RSA modulus" means "an integer with 1024
> >> significant bits which is the product of two large prime integers."
> >> Typically, one might pick two 512-bit primes.
>
> >I think, the 1024th bit of modulus must be 1 because the modulus is
> >the multiplication of two prime numbers( they are odd ).
>
> The oddness of the primes has nothing to do with the high-order bit of
> their product. If you multiply two arbitrary nonzero _even_ numbers,
> whose bit-lengths sum to 1024, you'll still get the 1024th bit set.
> (This would not be an RSA modulus, of course)
Unless someone magically finds an even prime greater than two? ehhehee
Tom
------------------------------
From: "Michael Schmidt" <[EMAIL PROTECTED]>
Subject: Re: Graphical representation of a public key (or fingerprint)?
Date: Fri, 13 Apr 2001 15:02:18 +0200
Maybe I haven't expressed myself clear enough in the first place.
I'm looking for the other way round: Finding a distinct graphical
representation of a binary value (the public key or its fingerprint).
I'm thinking about the following scenario:
Just as I compare now the PGP fingerprint of a communication parter's e-mail
with the PGP fingerprint that I had received before printed on his business
card, I would like to compare graphical representations rather than the
fingerprint hex strings. A typical PGP fingerprint today has a length of 20
byte. It appears quite unattractive and error-prone to completely compare it
for each e-mail. I think that comparing graphical representations is simply
more intuitive for humans.
But, of course, the graphical representation has to meet certain
requirements:
- If the representation acts as a fingerprint (i.e. it compresses data
like a hash), it has to be as collision-resistant as possible.
- If the representation just represents the original (uncompressed) value,
it has to show an immense value space, yet it has to be easily
distinguishable for humans.
This approach sounds less feasible, but it could be applied to the
(numerical) fingerprint rather than the original value.
Hope this makes things clearer,
Michael
"Ben Burge" <[EMAIL PROTECTED]> schrieb im Newsbeitrag
news:[EMAIL PROTECTED]...
> I take it you mean a graphical representation of the algorithm with the
key?
> I have done some work on using image files, bmp, to encode data based on
the
> cotent of the image therefore acting as a password in sorts...
>
> --
>
> [EMAIL PROTECTED]
> http://ecaravan.250x.com
> -I think therfore I am (Ergo Congito Sum)
> -- Descartes
>
> "dexMilano" <[EMAIL PROTECTED]> wrote in message
> news:9b6dut$7td31$[EMAIL PROTECTED]...
> > I made a simple try a couple of months ago.
> > On Palm there is a tool that let you compare signatures (Sign on).
> > Why not use signature's data to crypt information?
> > The problem is that signateures are not equal and also comparison ha
some
> > interval (does it make sense?)
> > As you know the key should be exaclty the same to crypt and decrypt.
> >
> > The try so was not succesful.
> >
> > dex
> >
> > "Michael Schmidt" <[EMAIL PROTECTED]> ha scritto
nel
> > messaggio news:9b6cu7$7scub$[EMAIL PROTECTED]...
> > > Hi,
> > >
> > > I know that there has been research on the topic "graphical
passwords",
> > i.e.
> > > keys being created from graphical user input.
> > >
> > > I'm wondering whether there has been any research conducted on the
topic
> > > "graphical representation of a public key" or the key's fingerprint.
My
> > goal
> > > is to authenticate a public key (or better: its fingerprint, like with
> > PGP)
> > > securely by creating and comparing its graphical representation with
an
> > > "original", which is unique enough for every key/fingerprint, yet easy
> to
> > be
> > > processed and compared by the human brain.
> > >
> > >
> > >
> > > Thanks,
> > >
> > > Michael
> > >
> > >
> > > --
> > > ===================================================
> > > Michael Schmidt
> > > ---------------------------------------------------
> > > Institute for Data Communications Systems
> > > University of Siegen, Germany
> > > www.nue.et-inf.uni-siegen.de
> > > ---------------------------------------------------
> > > http: www.nue.et-inf.uni-siegen.de/~schmidt/
> > > e-mail: [EMAIL PROTECTED]
> > > phone: +49 271 740-2332 fax: +49 271 740-2536
> > > mobile: +49 173 3789349
> > > ---------------------------------------------------
> > > ### Siegen - The Arctic Rain Forest ###
> > > ===================================================
> > >
> > >
> > >
> >
> >
>
>
>
> ______________________________________________________________________
> Posted Via Uncensored-News.Com - Still Only $9.95 -
http://www.uncensored-news.com
> With Seven Servers In California And Texas - The Worlds Uncensored News
Source
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
