Cryptography-Digest Digest #257, Volume #14 Fri, 27 Apr 01 19:13:01 EDT
Contents:
Re: Censorship Threat at Information Hiding Workshop ("AY")
Re: Censorship Threat at Information Hiding Workshop ("Tom St Denis")
Re: Graphical representation of a public key (or fingerprint)? (Benjamin Goldberg)
Re: request for encryption software suggestions (Ian Goldberg)
Re: Censorship Threat at Information Hiding Workshop ("Douglas A. Gwyn")
Re: DES source-code from Applied Cryptography (John Myre)
Re: SHA PRNG ("Joseph Ashwood")
Re: Censorship Threat at Information Hiding Workshop (Darren New)
Re: Running Time of Factoring Algorithms ("Jeffrey Walton")
WHY I HATE BOSCHLOO ([EMAIL PROTECTED], [EMAIL PROTECTED])
Re: Censorship Threat at Information Hiding Workshop ([EMAIL PROTECTED])
Simple cryptography technique: sound? (Jem Berkes)
WHY I HATE BOSCHLOO (Fight Boschloo)
Re: Censorship Threat at Information Hiding Workshop (Mok-Kong Shen)
Re: Simple cryptography technique: sound? ("Joseph Ashwood")
Re: Running Time of Factoring Algorithms ("Tom St Denis")
----------------------------------------------------------------------------
From: "AY" <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Fri, 27 Apr 2001 21:21:15 +0100
Thanks for confirming my belief that library operators aren't a bunch of
criminals!
Am I right to say that it is fine to share information by lending my
"legitimate" copy of the physical media, but not actually share a _copy_ of
the information, even though the impact of the market of the work *could* be
the same? (Let's say my borrowers REALLY wouldn't never buy the book having
read it once - it could happen, they might not be able to afford it, or it
could be a fiction that one wouldn't ever want to read twice.)
In case of information on electronic format, say an "e-book", how should I
share my copy of the material? Do I have to invite my friends round and have
them sit in front of my monitor?
Oh, and what about (gasp) e-music? Suppose I have a MP3 backup of the music
CD and my dog ate my CD. How should I share the music with my friends?
AY
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Fri, 27 Apr 2001 20:21:37 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"AY" <[EMAIL PROTECTED]> wrote in message
news:9cck0g$di2$[EMAIL PROTECTED]...
> Thanks for confirming my belief that library operators aren't a
> bunch of criminals!
They are not "library operators" they are "IT specialists".
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOunU0AULrT+pXe8cEQI3HwCg4KkIR/q0LExw4qOzJ6mIU8giDrEAnit9
riOUUlKziZnTuR/04KeX4MAE
=z7dM
=====END PGP SIGNATURE=====
------------------------------
From: Benjamin Goldberg <[EMAIL PROTECTED]>
Subject: Re: Graphical representation of a public key (or fingerprint)?
Date: Fri, 27 Apr 2001 20:34:29 GMT
Paul Crowley wrote:
>
> "Michael Schmidt" <[EMAIL PROTECTED]> writes:
> > I know that there has been research on the topic "graphical
> > passwords", i.e. keys being created from graphical user input.
> >
> > I'm wondering whether there has been any research conducted on the
> > topic "graphical representation of a public key" or the key's
> > fingerprint. My goal is to authenticate a public key (or better: its
> > fingerprint, like with PGP) securely by creating and comparing its
> > graphical representation with an "original", which is unique enough
> > for every key/fingerprint, yet easy to be processed and compared by
> > the human brain.
>
> I've thought for a while that some sort of IFS-based picture generator
> would be the right way to do this. The IFS screensaver that comes
> with "xscreensaver" seems to generate a huge variety of interesting
> patterns while mostly avoiding the boring ones, which is a hell of a
> trick. That's open source, so it might be worth looking at how it's
> done.
>
> This would be a really useful project - you could print the graphic on
> business cards, and check people's public keys in the blink of an eye!
> I hope you get somewhere with it.
The visprint program (http://www.horde.net/~jwm/software/hex/) mentioned
by Ian Goldberg (no relation to me:) does exactly that -- it uses an ifs
fractal whose parameters are taken from 128 bit hash to produce an image
representation of that hash.
--
Sometimes the journey *is* its own reward--but not when you're trying to
get to the bathroom in time.
------------------------------
From: [EMAIL PROTECTED] (Ian Goldberg)
Subject: Re: request for encryption software suggestions
Date: 27 Apr 2001 20:38:28 GMT
In article <PogG6.74053$[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
>"Eric Kleinberg" <[EMAIL PROTECTED]> wrote in message
>news:CUfG6.496$[EMAIL PROTECTED]...
>> I am seeking freeware C source which can encrypt a buffer and whose
>> output is a buffer of the same size. The encryption does not have
>> to be very strong.
>>
>> Any suggestions (URLs) would be appreciated.
>
>void enc(unsigned char *x, unsigned len)
>{
> while (len--)
> *x++ ^= 0xAA;
>}
>
>The nice thing is that enc is it's own inverse :-)
On Linux, "man memfrob".
- Ian
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Fri, 27 Apr 2001 20:06:10 GMT
Tom St Denis wrote:
> If you purchase music, movies the intent is private viewing. Of
> course it doesn't say "where" the private viewing is held....
This is essentially the "fair use" issue.
The key is whether or not there is a likely loss of
revenue (or other value to the producer).
Having friends over to watch a DVD is considered fair use;
showing the same DVD in a large public theatre is not.
Loaning a DVD to a friend is probably on the unfair side
of the line.
------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: DES source-code from Applied Cryptography
Date: Fri, 27 Apr 2001 15:13:25 -0600
"Douglas A. Gwyn" wrote:
<snip>
> It appears to be an invention by the implementor(s) to
> provide a nonstandard DES variant.
No, it's standard DES. The idea is to change the representation
of the data and key so that the implementation is faster. SSLeay
did the same thing, but IIRC explained it better. If I cared,
I'd probably look at openssl to see.
JM
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: SHA PRNG
Date: Fri, 27 Apr 2001 14:22:54 -0700
I think what was meant was:
s[0] =hash(password)
s[n] = hash(s[n-1])
It's not a completely unknown method, but it works a lot better if you can
add entropy at each level leaving you with:
s[0] = hash(password)
s[n] = hash(s[n-1] | entropy)
Since a common hash to use is SHA-1 and the size is a worthless entry you
can add 352 bits from a source that is at least aprtially entropic. The
difficulty arises in proving that SHA-1 has no collision on a 160-bit input,
that it remains uninvertible, and that there are no short cycles.
That's why it is often better to use a block cipher for such things, we can
prove that there is no collision, that there are no short cycles, and we
don't have to reveal the construct for it to be examined for inversion (it
has the same invertible properties as the block cipher alone).
The problem with using a block cipher is that you have to choose a chaining
mode to be suitable for this. Obvious ECB is not suitable, CBC is probably
suitable but you may have problems is someone tinkers with your "entropy".
In general it's probably better to reverse the order and place the entropy
first, followed by the prior state with a block cipher. The other issue used
to be finding a block cipher of suitable size. That is no longer a problem,
simply bump up the size of Rijndael, or use HPC.
Joe
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:B1kG6.74887$[EMAIL PROTECTED]...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> "Tim Tyler" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > Volker Hetzer <[EMAIL PROTECTED]> wrote:
> > : Tim Tyler wrote:
> >
> > :> Regardless of how good the hash is, such RNGs have no "forward
> > secrecy" - :> compromise of the state reveals all past and future
> > outputs. This is not :> always a desirable feature in a PRNG.
> >
> > : That's true for *any* prng. [...]
> >
> > Not true. State compromise inevitably reveals future output - but
> > need not reveal past output.
> >
> > Hashing the internal state and feeding it back is one way to
> > prevent state compromises giving information about earlier states
> > of the PRNG.
>
> You mean
>
> output = Hi = HASH(R || H_i-1 || C)
>
> Where R is the initial random seed, C a binary counter and H_0 is
> HASH(R) ?
>
> Tom
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
> Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
>
> iQA/AwUBOunM4QULrT+pXe8cEQKHgwCg6OPuTRil34DAhgdIcazYcnfKsKQAn1lp
> JbPdMlEmClGMjm2Gjtr80EAc
> =KA0O
> -----END PGP SIGNATURE-----
>
>
>
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Fri, 27 Apr 2001 21:49:13 GMT
Mok-Kong Shen wrote:
> I haven't looked into SMDI. Is it really so as you said?
Well, unless you want to loan your computer, too. And it's the same sort of
legalities behind the DVD region code and such.
Copyright allows you to control copying, public performance, and a few other
things. It doesn't allow you to control loaning, reverse engineering,
reselling, or many other things like that.
And the "many other things like that" is what DMCA and SMDI are all about.
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
schedule.c:7: warning: assignment makes calendar_week
from programmer_week without a cast.
------------------------------
Reply-To: "Jeffrey Walton" <[EMAIL PROTECTED]>
From: "Jeffrey Walton" <[EMAIL PROTECTED]>
Subject: Re: Running Time of Factoring Algorithms
Date: Fri, 27 Apr 2001 18:05:56 -0400
Thanks Bill.
I don't see the exponential. Are you referring to bit operations? Forgive
my ignorance.
"Bill Unruh" <[EMAIL PROTECTED]> wrote in message
news:9cc4ok$6me$[EMAIL PROTECTED]...
In <mF4G6.70450$[EMAIL PROTECTED]> "Tom St Denis"
<[EMAIL PROTECTED]> writes:
]> If a factoring algorithm ran with the following upper bound, how would it
]> compare to the various methods that exist?
]>
]> n = p * q
]>
]> smallest of (p, q, p-q)
Terribly. Those are all exponential in the size of n. The best known is
subexponential. (of order exp(1.9 ln(n)^(1/3) ln(ln(n))^(2/3))-- Number
Field
Sieve)(The 1.9 is approximate).
------------------------------
Subject: WHY I HATE BOSCHLOO
Crossposted-To: alt.privacy.anon-server,alt.security-pgp
From: [EMAIL PROTECTED], [EMAIL PROTECTED]
Date: Sat, 28 Apr 2001 00:09:01 +0200 (CEST)
I hate Boschloo
===============================================
HISTORY:
That Boschloo bozo is a clown and a troll who has been looming around for nearly a
year.
Don't mistake a "regular" (troll) with a knowledgeable person: that self-proclaimed
"security expert" is not even a remailer user. In the past, he proved himself unable
to check a PGP signature, and got ridicule from every single technical topic he wanted
to talk about.
Besides false or inaccurate or misleading technical misinformation, his posts are
about his avowed mental illness, or for bashing remops or real freedom fighters: he
likes to quarrel with every one, and stir shit. Sometimes, it is even pure delirium
(when he misses his pills?)
One of his last actions was to stage a hoax about his own suicide, just to try to grab
some sympathy, after he had been exposed as a troll and technically incompetent.
The worst being his teasing of Script-Kiddie until it triggered a new flood on apas.
Of course, he refuses to apologize.
Actually, the level of contempt he shows for remailer users:
they don't give their names, while he does
that can't do anything against him, without giving their names
is in no way different from what is displayed by Pangborn, Burnore and the like
Ignore him completely, killfile him, respect others' killfiles
KILLFILE:
To put him in your killfile, put "Author: Boschloo"
That will make disappear both him and people who warn about him
If you want to tell him to buzz off, or warn about him,
use a nickname containing "Boschloo" (Boschloo Hater, Boschloo Sucks,...)
to accomodate such killfile for "regulars", and still warn newbies
COURAGE:
Boschloo is getting _no_ answer from apas any more.
He has to crosspost to various newsgroups to try to grab some attention.
In a few months, it will be gone.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: 27 Apr 2001 22:11:38 GMT
Terry Ritter <[EMAIL PROTECTED]> wrote:
> On Thu, 26 Apr 2001 20:04:06 -0700, in
> <[EMAIL PROTECTED]>, in sci.crypt Bryan Olson
> <[EMAIL PROTECTED]> wrote:
>>So with both the dictionary and the law indicating that such
>>acts are "infringement" and not "theft", can we switch to the
>>proper word?
> The correct word is "theft."
I disagree -- and it's not a "legalese" and odd-wording issue. I
think it's just your run-of-the-day English language issue.
> "Theft" is a wholly appropriate common language term for the taking
> without permission which constitutes copyright infringement under law.
So there you go -- that's precisely why what we're talking about is
NOT "theft"!
You acknowledge that "theft" is "the taking without permission". But
the English word "take" means something very specific. If you "take"
something from me, I no longer have it. That's theft. And that's not
what's happening here.
What's happening here is that people who do not have a right to copy
something (literally the copyright) are making copies. A *copy*
doesn't "take" anything, and isn't "theft" -- it's a violation of
established copyright law, which makes it a copyright *infringement*,
but it's not "theft" in either the legal OR the standard English sense.
--
Steve Tate --- srt[At]cs.unt.edu | Gratuitously stolen quote:
Dept. of Computer Sciences | "The box said 'Requires Windows 95, NT,
University of North Texas | or better,' so I installed Linux."
Denton, TX 76201 |
------------------------------
From: Jem Berkes <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.security,comp.os.unix.security
Subject: Simple cryptography technique: sound?
Date: Fri, 27 Apr 2001 17:12:21 -0500
I'd appreciate your feedback on this little puzzle I'm working with. It
seems quite simple, and I'm wondering if I've overlooked some very great
flaw :)
===
A file contains data for different "profiles". Each profile has
different parameters (profile ID, host name, user ID, password).
The goal is to protect ALL the profiles' passwords with one master
password while making it impossible to "successfully" tamper with the
file.
The idea I have is this. For each profile:
1. Generate string from ID+host name+user ID+master password
2. MD5 hash the string to get a "secret" for this profile
3. XOR or add bytes from original password with this secret
Result: encoded password
Say the cracker knows the simple method in step 3. That means if they
know
the original password (from elsewhere) then they can get the secret.
But the secret is unique to this one profile, so that doesn't help
them crack any other passwords in the file.
What do you think? Have I overlooked something?
--
http://www.pc-tools.net/
DOS, Win32, Linux software
------------------------------
Date: Fri, 27 Apr 2001 18:06:16 -0400
Subject: WHY I HATE BOSCHLOO
Crossposted-To: alt.privacy.anon-server,alt.security-pgp
From: Fight Boschloo <[EMAIL PROTECTED]>
NOTICE: This message may not have been sent by the Sender Name
above. Always use cryptographic digital signatures to verify
the identity of the sender of any usenet post or e-mail.
I hate Boschloo
===============================================
HISTORY:
That Boschloo bozo is a clown and a troll who has been looming around for nearly a
year.
Don't mistake a "regular" (troll) with a knowledgeable person: that self-proclaimed
"security expert" is not even a remailer user. In the past, he proved himself unable
to check a PGP signature, and got ridicule from every single technical topic he wanted
to talk about.
Besides false or inaccurate or misleading technical misinformation, his posts are
about his avowed mental illness, or for bashing remops or real freedom fighters: he
likes to quarrel with every one, and stir shit. Sometimes, it is even pure delirium
(when he misses his pills?)
One of his last actions was to stage a hoax about his own suicide, just to try to grab
some sympathy, after he had been exposed as a troll and technically incompetent.
The worst being his teasing of Script-Kiddie until it triggered a new flood on apas.
Of course, he refuses to apologize.
Actually, the level of contempt he shows for remailer users:
they don't give their names, while he does
that can't do anything against him, without giving their names
is in no way different from what is displayed by Pangborn, Burnore and the like
Ignore him completely, killfile him, respect others' killfiles
KILLFILE:
To put him in your killfile, put "Author: Boschloo"
That will make disappear both him and people who warn about him
If you want to tell him to buzz off, or warn about him,
use a nickname containing "Boschloo" (Boschloo Hater, Boschloo Sucks,...)
to accomodate such killfile for "regulars", and still warn newbies
COURAGE:
Boschloo is getting _no_ answer from apas any more.
He has to crosspost to various newsgroups to try to grab some attention.
In a few months, it will be gone.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Sat, 28 Apr 2001 00:11:17 +0200
"Trevor L. Jackson, III" wrote:
>
> In most jurisdictions your friend _can_ sign your signature and have it
> upheld as valid in court if you direct him to do so and, of course, testify
> to that effect.
We were discussing anyway in the context of cards. How can
one 'sign my signature' and do it in a way that is
the same as mine (my signature will be verified with that
on the card by the transaction partner), unless perhaps
he is a professional 'faker' of signatures? I can sign a
special document authorizing someone to take money from
my bank account etc., but then he is employing his own
signature in such actions, isn't it?
M. K. Shen
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Simple cryptography technique: sound?
Date: Fri, 27 Apr 2001 15:22:02 -0700
Crossposted-To: comp.os.linux.security,comp.os.unix.security
"Jem Berkes" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> The idea I have is this. For each profile:
> 1. Generate string from ID+host name+user ID+master password
> 2. MD5 hash the string to get a "secret" for this profile
> 3. XOR or add bytes from original password with this secret
> Result: encoded password
Basically the attacker can alter the file at will, in a completely
predictable way, although he won't be able to guess the new value, and in an
unrecoverable way. It's actually quite simple, because there is no checksum
on the password, the attacker simply starts playing the bit-flip game on the
password. What I'd recommend instead is (to stay roughly within the same
vein):
> 1. Generate string from ID+host name+user ID+master password
> 2. MD5 hash the string to get a "secret" for this profile
2.1 Pad the user password with a known value
3. Encrypt the padded password in a diffusion mode using 128-bit Rijndael
and the "secret"
Of course any compromise of the master secret reveals all the passwords, so
it would be far better to use a hash, or a discrete log based scheme, or a
strong user authentication method, etc that will move the trust away from
that single value and place it in the algorithm/protocol used.
Joe
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Running Time of Factoring Algorithms
Date: Fri, 27 Apr 2001 22:44:09 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"Jeffrey Walton" <[EMAIL PROTECTED]> wrote in message
news:3ae9ecb4$0$[EMAIL PROTECTED]...
> Thanks Bill.
>
> I don't see the exponential. Are you referring to bit operations?
> Forgive my ignorance.
No he means as your composite gets larger (in bits) the work gets
larger. Let's say you want to factor a number that is 100 bits
longer well that's 2^100 more work.... that's exponential. In NFS
that would be sub-exponential (just say) 2^40 more work or
something...
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOun2NgULrT+pXe8cEQI2awCgp1HNq2CIPuRifE9hOUF30XJ976IAoO9o
AD18usx/BEhFPYZuyeP/wgUz
=Ib5Q
=====END PGP SIGNATURE=====
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
