Cryptography-Digest Digest #162, Volume #14 Mon, 16 Apr 01 20:13:01 EDT
Contents:
"differential steganography/encryption" ("Dopefish")
Re: NSA is funding stegano detection (Niels Provos)
Re: "differential steganography/encryption" (Mok-Kong Shen)
Re: "differential steganography/encryption" ("Dopefish")
Re: NSA is funding stegano detection (Mok-Kong Shen)
Re: LFSR Security (David Wagner)
Re: "differential steganography/encryption" (Mok-Kong Shen)
Re: There Is No Unbreakable Crypto ("Henrick Hellstr�m")
REAL OTP Systems (Frank Gerlach)
Re: NSA is funding stegano detection (Walter Roberson)
Cryptography, OTP and Human Perception of it (Frank Gerlach)
Re: AES poll (Eric Lee Green)
Re: NSA is funding stegano detection ([EMAIL PROTECTED])
Re: NSA is funding stegano detection (Bernd Eckenfels)
Long repeat (=?ISO-8859-1?Q?Jacques_Th=E9riault?=)
Re: Long repeat ("Tom St Denis")
Re: Note on combining PRNGs with the method of Wichmann and Hill ("Brian Gladman")
Re: There Is No Unbreakable Crypto (David Wagner)
Re: There Is No Unbreakable Crypto (David Wagner)
----------------------------------------------------------------------------
From: "Dopefish" <[EMAIL PROTECTED]>
Subject: "differential steganography/encryption"
Date: Mon, 16 Apr 2001 16:33:41 -0500
would it be possible to make a program that could take, say, a 20 KB picture
and a <20KB text file and generate a file that gives the difference between
the two? so, if i wanted to send somebody a private message and he already
has the same exact picture that i do, i can send him the difference file and
he could generate the message from it and the picture. thank you for your
comments (if any)
james
--
======BEGIN SIGNATURE======
A.K.A "Dopefish" or "fish" for short on Usenet.
Microsoft? Is that some kind of toilet paper?
"Rockin' the town like a moldy crouton!"
- Beck (Soul Suckin' Jerk - Reject)
"Help me, I broke apart my insides. Help me,
I've got no soul to sell. Help me, the only thing
that works for me, help me get away from
myself."
- Nine Inch Nails (Closer)
=====BEGIN GEEK CODE BLOCK=====
Version: 3.12
GO dpu s++:++ a---- C++++ U--->UL
P L+ E? W++ N+++ o+ K--- w+>w+++++
O--- M-- V? PS+++ PE Y-- PGP t 5--
X+ R tv b+ DI D+ G-- e- h! r z
======END GEEK CODE BLOCK======
(www.geekcode.com)
======END SIGNATURE======
------------------------------
From: [EMAIL PROTECTED] (Niels Provos)
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: NSA is funding stegano detection
Date: 16 Apr 2001 21:42:51 GMT
On Mon, 16 Apr 2001 21:21:51 +0200, Mok-Kong Shen wrote:
>Yes. It is currently the discussion how easy/difficult
>is that detection. I like to ask experts in image
>processing to answer one rather global question: In the
>average case, if one arbitrarily modifies the LSB
>of one tenth of the coefficients of fourier transform in
>one colour, is there anything that can be noticed by the
>naked eye when comparing the pictures? Thanks.
I thought that I had addressed this question in my previous
posting. It is not possible for the naked eye to detect
changes, it is possible for mathematical analysis. You
can read my tech report about it, and also read the referenced
papers. Techreport is at
http://www.citi.umich.edu/techreports/
--
Niels Provos <[EMAIL PROTECTED]> finger [EMAIL PROTECTED] for pgp info
"Gravity is the soul of weight." - Anonymous.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: "differential steganography/encryption"
Date: Mon, 16 Apr 2001 23:45:32 +0200
Dopefish wrote:
>
> would it be possible to make a program that could take, say, a 20 KB picture
> and a <20KB text file and generate a file that gives the difference between
> the two? so, if i wanted to send somebody a private message and he already
> has the same exact picture that i do, i can send him the difference file and
> he could generate the message from it and the picture. thank you for your
> comments (if any)
A picture file has a different format than a text file.
I suppose your are ignoring that and consider both
as bit sequences. Do an xor and you have the difference.
Maybe I misunderstood you.
M. K. Shen
------------------------------
From: "Dopefish" <[EMAIL PROTECTED]>
Subject: Re: "differential steganography/encryption"
Date: Mon, 16 Apr 2001 16:46:21 -0500
even if you did have a text file larger than your base file it would work
but the part that overlaps wouldnt be different.....for those that might
have not understood my last past i will make a model of this system...
---------BASE FILE------------- + ----DIFFERENCE FILE------
= -----MESSAGE FILE-----
or, if you had the message and the difference file then you could generate
the base file
james
--
======BEGIN SIGNATURE======
A.K.A "Dopefish" or "fish" for short on Usenet.
Microsoft? Is that some kind of toilet paper?
"Rockin' the town like a moldy crouton!"
- Beck (Soul Suckin' Jerk - Reject)
"Help me, I broke apart my insides. Help me,
I've got no soul to sell. Help me, the only thing
that works for me, help me get away from
myself."
- Nine Inch Nails (Closer)
=====BEGIN GEEK CODE BLOCK=====
Version: 3.12
GO dpu s++:++ a---- C++++ U--->UL
P L+ E? W++ N+++ o+ K--- w+>w+++++
O--- M-- V? PS+++ PE Y-- PGP t 5--
X+ R tv b+ DI D+ G-- e- h! r z
======END GEEK CODE BLOCK======
(www.geekcode.com)
======END SIGNATURE======
Dopefish <[EMAIL PROTECTED]> wrote in
message news:3adb6540$[EMAIL PROTECTED]...
> would it be possible to make a program that could take, say, a 20 KB
picture
> and a <20KB text file and generate a file that gives the difference
between
> the two? so, if i wanted to send somebody a private message and he
already
> has the same exact picture that i do, i can send him the difference file
and
> he could generate the message from it and the picture. thank you for your
> comments (if any)
>
>
> james
>
>
> --
> ------BEGIN SIGNATURE------
> A.K.A "Dopefish" or "fish" for short on Usenet.
>
> Microsoft? Is that some kind of toilet paper?
>
> "Rockin' the town like a moldy crouton!"
> - Beck (Soul Suckin' Jerk - Reject)
>
> "Help me, I broke apart my insides. Help me,
> I've got no soul to sell. Help me, the only thing
> that works for me, help me get away from
> myself."
> - Nine Inch Nails (Closer)
>
>
> -----BEGIN GEEK CODE BLOCK-----
> Version: 3.12
> GO dpu s++:++ a---- C++++ U--->UL
> P L+ E? W++ N+++ o+ K--- w+>w+++++
> O--- M-- V? PS+++ PE Y-- PGP t 5--
> X+ R tv b+ DI D+ G-- e- h! r z
> ------END GEEK CODE BLOCK------
> (www.geekcode.com)
>
> ------END SIGNATURE------
>
>
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: NSA is funding stegano detection
Date: Tue, 17 Apr 2001 00:02:09 +0200
Niels Provos wrote:
>
> I thought that I had addressed this question in my previous
> posting. It is not possible for the naked eye to detect
> changes, it is possible for mathematical analysis. You
> can read my tech report about it, and also read the referenced
> papers. Techreport is at
>
> http://www.citi.umich.edu/techreports/
I have a 'naive' logical problem. If such changes are
not perceivable by the naked eye, doesn't it mean that
one can have a class of pictures (centering around
a particular one) that are the same for the naked eye
but have differences in LSB of the Fourier coefficients?
It seems reasonable to consider that the artist who
does the actual painting, since he operates with his
eyes, has an equal probability of producing a picture
as each of the member of the class. Now these members
have different LSBs. That would mean that such
changes (fluctuations) are 'natural' ones and hence
shouldn't be belonging to something detectable
due to the opposition between 'natural' and 'artificial'.
I wonder where my fault in my reasoning lies. Thanks.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Crossposted-To: sci.crypt.random-numbers
Subject: Re: LFSR Security
Date: 16 Apr 2001 22:10:54 GMT
Trevor L. Jackson, III wrote:
>David Wagner wrote:
>> That's exponential-time.
>
>In pathological cases yes.
Proof, please. How do you know it's not exponential-time on average?
Without a proof (and considering how many plausible-sounding claims
about this approach turned out to be false -- thanks, Ian!), I hope
you'll forgive me if I'm skeptical.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: "differential steganography/encryption"
Date: Tue, 17 Apr 2001 00:25:54 +0200
Dopefish wrote:
>
> even if you did have a text file larger than your base file it would work
> but the part that overlaps wouldnt be different.....for those that might
> have not understood my last past i will make a model of this system...
>
> ---------BASE FILE------------- + ----DIFFERENCE FILE------
> = -----MESSAGE FILE-----
>
> or, if you had the message and the difference file then you could generate
> the base file
Given two equal length bit sequences X and Y, generate
Z = X xor Y, the difference file. Then recovery of
X from Y and Z is simply X = Z xor Y. BTW, I think
that the UNIX diff command may be what you want. (I
have not used UNIX for a long time, so I can't give you
the details about that command, sorry.) On the other
hand, there are version management software that
generate the differences between different versions of
a program code in the delta files, which are in general
small files. With the original version and the deltas,
one can obtain with the help of the software the updated
version.
M. K. Shen
------------------------------
From: "Henrick Hellstr�m" <[EMAIL PROTECTED]>
Subject: Re: There Is No Unbreakable Crypto
Date: Tue, 17 Apr 2001 00:55:22 +0200
But theorem 5.5.1 doesn't really apply, or have I missed something??? It
applies to length doubling pseudo random bit generators, but I don't find it
obvious that G(k) = E_k(0)|E_k(1) is such a thing. The theorems of the paper
require that k is chosen randomly from the set of keys, and it isn't really
chosen randomly in your construction (because you use iterated choices of
pseudo random permutations from the same family to choose them, and not a
random function).
I would accept that your construction is secure if E is as secure against
"chosen key attacks" as it is secure against chosen plain text attacks, but
are these security attributes really equivalent?
But please spell it out if I am completely wrong. I have overlooked things
in past. :-)
--
Henrick Hellstr�m [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
"David Wagner" <[EMAIL PROTECTED]> skrev i meddelandet
news:9bfivm$b0j$[EMAIL PROTECTED]...
> Henrick Hellstr�m wrote:
> >The only reference I found was "(e.g., Bellare and Goldwasser's course
> >notes)" and a web search turned out blank. Could you please specify where
I
> >should look?
>
> http://www-cse.ucsd.edu/users/mihir/papers/gb.html
> Once you understand the background of provable security, see Theorem
5.5.1.
>
> However, I just took a look and it seems that they don't prove the theorem
> in the lecture notes, so you may need to refer to the original paper by
> Goldreich, Goldwasser, & Micali ("How to construct random functions").
> Or, you can prove it yourself: It's not hard to prove once you understand
> the basics of PRGs, PRFs, and provable security.
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: REAL OTP Systems
Date: Tue, 17 Apr 2001 00:45:38 +0200
Check www.nsa.gov for SIGSALY. This is a *very* expensive 1940s OTP voice
communication system for UK/USA government communications. OTP has *and is* being
used in real systems. It is *not* just a theoretic concept.
------------------------------
From: [EMAIL PROTECTED] (Walter Roberson)
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: NSA is funding stegano detection
Date: 16 Apr 2001 23:01:12 GMT
In article <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]> wrote:
:On 16 Apr 2001 15:42:42 GMT, [EMAIL PROTECTED] (Walter Roberson)
:wrote:
:>One can hide data even in gross-level picture elements.
:>"If I'm wearing a tie in the picture, add one to all numbers in the
:>hidden message. If I'm holding a dog, negate everything. If
:>I'm looking at my watch, please send more beer hidden in the next
:>shipment."
:No s**t! I'm looking at my watch, OK?
Good thing for me you're holding a dog too ;-)
: But this is neither strong
:encryption, nor steganograhy. It is a simple (and possibly effective)
:pre-agreed visual code.
You are right that the watch/beer example is just a pre-agreed visual
code, but the other two examples modify the more traditional
steganographic content, and thus must themselves be considered
part of the "hidden information" to be decoded. I would claim this
makes these kind of gross visual elements themselves steganographic.
One could, more generally, create a complete algebra of picture elements,
in which shape, color, orientation, perspective location (in
front of or behind other items), and location in the image, could
all encode bits or higher-level meanings.
The order of considering the elements could vary, so same resulting
image could encode multiple different messages depending on current key
(e.g., this time ignore the dog and the tie and spiral outwards from
the hat for the other visual elements; tomorrow, read the diagonals
starting from the dog and ignore the hat. When the number
of significant elements in a given key is small relative to the number
of elements that might be significant in some key or other,
then one has more freedom to compose images that are more "natural".
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: Cryptography, OTP and Human Perception of it
Date: Tue, 17 Apr 2001 00:52:03 +0200
As there seems to be quite a lot of disinformation regarding OTPs and
non-OTP cryptosystems in the global "noosphere", I have written a paper
on crypto and perception of its strength:
"Cryptography And COTS In The 20th Century: A Lesson In Perception
Management"
http://geocities.com/fgerlach.geo/CryptoPerception.html
Catholics are advised not to look at it :-)
------------------------------
From: [EMAIL PROTECTED] (Eric Lee Green)
Subject: Re: AES poll
Reply-To: [EMAIL PROTECTED]
Date: 16 Apr 2001 18:07:38 -0500
On Mon, 16 Apr 2001 23:15:47 +0200, Jack Lindso <[EMAIL PROTECTED]> wrote:
>From reading the government document concerning the choice of AES I had the
>feeling that Rijindael was selected without evident/sufficient proof for
>being the best choice.
"Best" defined how?
The government document is pretty clear that they chose Rijndael because
it was the fastest. That's how they defined "best". If you disagree, use
Twofish. Nobody's forcing you to use Rijndael.
--
Eric Lee Green http://www.badtux.org mailto:[EMAIL PROTECTED]
Phoenix Branch -- Eric Conspiracy Secret Labs
Cruisin' the USENET since 1985
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: NSA is funding stegano detection
Date: Mon, 16 Apr 2001 23:21:41 GMT
It is not about artificial vs natural.
It is about whether there are statistical differences between LSBs
without a hidden message and those with (using the example of a JPEG).
There are, in at least some instances, in the absence of a transform
to correct the distribution of LSBs.
Read Niels' paper.
On Tue, 17 Apr 2001 00:02:09 +0200, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>
>
>Niels Provos wrote:
>>
>
>> I thought that I had addressed this question in my previous
>> posting. It is not possible for the naked eye to detect
>> changes, it is possible for mathematical analysis. You
>> can read my tech report about it, and also read the referenced
>> papers. Techreport is at
>>
>> http://www.citi.umich.edu/techreports/
>
>I have a 'naive' logical problem. If such changes are
>not perceivable by the naked eye, doesn't it mean that
>one can have a class of pictures (centering around
>a particular one) that are the same for the naked eye
>but have differences in LSB of the Fourier coefficients?
>It seems reasonable to consider that the artist who
>does the actual painting, since he operates with his
>eyes, has an equal probability of producing a picture
>as each of the member of the class. Now these members
>have different LSBs. That would mean that such
>changes (fluctuations) are 'natural' ones and hence
>shouldn't be belonging to something detectable
>due to the opposition between 'natural' and 'artificial'.
>I wonder where my fault in my reasoning lies. Thanks.
>
>M. K. Shen
------------------------------
From: Bernd Eckenfels <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,talk.politics.crypto
Subject: Re: NSA is funding stegano detection
Date: 16 Apr 2001 23:24:26 GMT
In comp.security.misc Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> I have a 'naive' logical problem. If such changes are
> not perceivable by the naked eye, doesn't it mean that
> one can have a class of pictures (centering around
> a particular one) that are the same for the naked eye
> but have differences in LSB of the Fourier coefficients?
The problem is for example if you take a GIF of a drawing which is done with a
grafixs program, this is an very bad hiding point for LSB noise, since you
will even see the pixel faults with the naked eye. If you use a jpg scanned
from paper you will have natural pixel faults which are detectable by frquency
analysis.
A simple fictiv example: using scanner panasnic and software scanxy can be
detected because the scanner ha a typical red/blue peek in the frequeunce
spectrum (just made it up). It is known hat this scanner with this software
can never ever generate the color #aabbbbff because of an micro code problem.
If you now have the color #aabbbbfe and add 1 to the lsb you *poof* made your
altering of the pic obvious. Just one possible example.
Greetings
Bernd
------------------------------
Subject: Long repeat
From: [EMAIL PROTECTED] (=?ISO-8859-1?Q?Jacques_Th=E9riault?=)
Date: Mon, 16 Apr 2001 23:35:19 GMT
I am presently testing a PRNG to see how much I can generate without it
looping.
I can do about 2^40 characters in 20 days.
My dilem is this. Should I let continue to get maybe to 2^44 in a year
or should I try another seed to maybe find a weak key?
Jacques Th�riault
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Long repeat
Date: Mon, 16 Apr 2001 23:47:58 GMT
"Jacques Th�riault" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I am presently testing a PRNG to see how much I can generate without it
> looping.
>
> I can do about 2^40 characters in 20 days.
>
> My dilem is this. Should I let continue to get maybe to 2^44 in a year
> or should I try another seed to maybe find a weak key?
>
Why not just analyze the design to try and find a weakness?
Tom
------------------------------
From: "Brian Gladman" <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers
Subject: Re: Note on combining PRNGs with the method of Wichmann and Hill
Date: Tue, 17 Apr 2001 00:55:01 +0100
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Brian Gladman wrote:
> >
> > "Mok-Kong Shen" <[EMAIL PROTECTED]> wrote:
> > >
> > >
> > > Brian Gladman wrote:
> > > >
> > >
> > > > If two different PRNGs giving unfiformly distributed random numbers
in
> > > > [0.0:1.0) are added and the result is taken 'mod 1.0', this output
will
> > then
> > > > be uniformly distributed in [0.0:1.0). A bit of maths shows that
the
> > output
> > > > in [0.0-2.0) is not uniform but that the mod function combines the
> > ranges
> > > > [0.0:1.0) and [1.0:2.0) in such a way that a uniform distribution
> > results.
> > > >
> > > > But if the outputs of the generators are multiplied by constants
close
> > to
> > > > 1.0 before combination, the output will not generally be uniformly
> > > > distributed in [0.0:1.0).
> > > >
> > > > This can be seen by considering a single PRNG giving uniformly
> > distributed
> > > > random numbers in [0.0:1.0) and considering the output after
multiplying
> > by
> > > > a number (1.0 + delta), close to 1.0, and taking the output 'mod
1.0'.
> > In
> > > > this case numbers in the range [0.0:delta) will occur twice as often
as
> > > > those in the range [delta:1.0).
> > > >
> > > > Although the maths is more complicated when several generators are
> > > > combined, the same issue turns up.
> > > >
> > > > The uneven distributions that result may not be a problem in some
> > > > applications but they will frequently be undesirable.
> > >
> > > One can consider the continuous case as the limiting
> > > case of the discrete case. In the discrete case, i.e.
> > > for integer range [0, n-1], it can be easily proved that
> > > the sum of a uniform random variable and an arbitrary
> > > random variable (more exactly one that is not degenerate
> > > in that it has non-zero frequency for at least one value
> > > relatively prime to n) mod n is a uniform variable.
> >
> > Unless I misunderstood your intentions, your original post suggested -
by
> > using the terminology '1.0 + delta' - that the multipliers involved were
> > intended to be close to 1.0. It also seemed that your starting PRNGs
had
> > outputs in the range [0.0:1.0). But maybe this was not your intention.
> >
> > In any event, this was this case I was referring to, not one where the
> > multipiers are large.
> >
> > If several PRNGs with uniformly distributed outputs in the range
[0.0:1.0)
> > are combined by adding 'mod 1.0' after multiplying each of them by
factors
> > close to 1.0, then the resulting distributions will be very non-uniform.
>
> I suppose I don't yet understand you. Do you mean that
> the case where the multipliers are close to 1.0 produces
> a worse result than the case where they differ more?
Yes, this is my guess, by considering the limiting case of a single
generator multiplied by a number close to 1.0 with the output then taken
'mod 1.0'.
If the multiplier is less than one there will be numbers close to 1.0 that
cannot be output. And if the multiplier is greater than 1.0, numbers above
1.0 will add to the numbers close to zero when the 'mod 1.0' is taken so
numbers in this range will be twice as probable as higher numbers.
My gut feeling is that when multiple generators are used with multipliers
close to 1.0 the uneven distribution will be more complex but it will still
be there unless the mutlipliers used are chosen very carefully to restore
uniformity (I am not sure what the conditions on the multipliers would be to
achieve this - e.g. if the multiplers on two combined generators add up to
2.0 is the result then uniform?)
Brian Gladman
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: There Is No Unbreakable Crypto
Date: 16 Apr 2001 23:58:48 GMT
Henrick Hellstr�m wrote:
>But theorem 5.5.1 doesn't really apply, or have I missed something??? It
>applies to length doubling pseudo random bit generators, but I don't find it
>obvious that G(k) = E_k(0)|E_k(1) is such a thing.
Theorem. If E forms a (t,2,e)-secure PRP, then G(k) := E_k(0)|E_k(1)
is a (t,e)-secure PRG.
Pf. Suppose not, so that A is an adversary that breaks G.
By definition, Pr[A(G(k))=1] - Pr[A(x)=1] > e, where x is a r.v.
with the uniform distribution. Now consider the adversary B
against E that queries its oracle on input 0 to get output y,
on input 1 to get output z, runs A on y|z, and outputs whatever
A does. Then Pr[B^E_k = 1] = Pr[A(G(k))=1], and
Pr[B^\rho = 1] = Pr[A(x)=1] where \rho is a r.v. distributed
uniformly on the set of all permutations. Consequently,
Adv B = Adv A > e, so B distinguishes E from an ideal cipher
with advantage e. Now note that since A has running time at
most t, so does B, and moreover A queries its oracle on only
two points, so if G is not (t,e)-secure, then E is not (t,2,e)-secure.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: There Is No Unbreakable Crypto
Date: 17 Apr 2001 00:04:05 GMT
Henrick Hellstr�m wrote:
>The theorems of the paper
>require that k is chosen randomly from the set of keys, [..]
No. Suppose G : {0,1}^n -> {0,1}^2n is a length-doubling PRG.
Let G_1(k) denote the first half of G(k), and G_2(k) the second
half. Define H(k) = G(G_1(k))|G(G_2(k)). The main meat of
Theorem 5.5.1 is showing that H is a secure PRG if G is. The
intuition behind this is as follows: G_1(k) and G_2(k) behave
like they were chosen uniformly and independently at random from
the set of all n-bit strings (if any adversary could prove that
this is not the case, then they'd be able to break G), and thus
they can be used as independent keys; moreover, G(k)|G(k') is a
secure PRG if k and k' are independent, so H is, too. This can
all be formalized in a very rigorous and precise way.
At this point I think I've explained enough that now I'll let
you read about the theory and do your homework before I say any
more. This really is powerful stuff, and I do encourage you to
give it a try before dismissing it.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
