Cryptography-Digest Digest #262, Volume #14 Sun, 29 Apr 01 08:13:01 EDT
Contents:
Re: Secure Digital Music Initiative cracked? (David A Molnar)
Re: OTP WAS BROKEN!!! ("John Luebs")
Re: Secure Digital Music Initiative cracked? ("Roger Schlafly")
Re: Quantum Crypto ("Roger Schlafly")
Re: MS OSs "swap" file: total breach of computer security. (Anthony Stephen Szopa)
Re: "I do not feel secure using your program any more." (Anthony Stephen Szopa)
Re: Secure Digital Music Initiative cracked? (Mok-Kong Shen)
Re: Censorship Threat at Information Hiding Workshop (Leonard R. Budney)
Re: "I do not feel secure using your program any more." ("Tom St Denis")
A keen symmetric cipher idea ("Tom St Denis")
----------------------------------------------------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: Secure Digital Music Initiative cracked?
Date: 29 Apr 2001 06:24:08 GMT
Roger Schlafly <[EMAIL PROTECTED]> wrote:
> And for what? At least the NSA had a national security argument.
> The RIAA is only trying to protect hypothetical commercial
> interests. And RIAA's legal position regarding those interests is
> one that most music lovers don't agree with, if Napster use is any
> indication.
I'm still shocked. Unfortunately I don't think that trying to figure
out the RIAA's motives or the morality of its actions will help very much.
A few things come to mind as the next questions to ask...
* is the RIAA's position legally tenable? if so, why?
* How much of a factor is this "SDMI Agreement" in answering
the first question?
* Does this mean researchers should refrain from participating
in future cracking contests for *any* copy protection technology?
* Is it possible for a contest to be run and agreements to be
drawn up such that the SDMI Foundation-style creative
reinterpretation is impossible? or are cracking contests now
just too damn dangerous to touch, no matter how pure the
original motives seem to be?
* If it is too dangerous to take information from the
manufacturers and illegal to take information from reverse
engineering devices, then *how* is research on these technologies
to be conducted? (I am taking it as a given that such research
should be undertaken).
Do we know how broad the DMCA's exemption for security research is?
* How is the situation different for cryptographers doing work
in the U.S. and outside (DMCA vs. no DMCA)? what about
researchers who do the work outside the U.S. and present
in the U.S.? Does this mean that all future Info Hiding
Workshops, for instance, need to be held outside the U.S.?
* How do we get the DMCA repealed or at least amended?
I think these are the sorts of practical questions we need to ask right now.
_David
------------------------------
From: "John Luebs" <[EMAIL PROTECTED]>
Subject: Re: OTP WAS BROKEN!!!
Date: Sun, 29 Apr 2001 03:14:07 -0400
In article <[EMAIL PROTECTED]>, "newbie"
<[EMAIL PROTECTED]> wrote:
> I'm not talking about random or non random. You have just to read.
> Nothing more than that.You are inventing what I said.
>
> I NEVER SAID THAT!!!!!!!!!!!!
> You say "well it looks non-random so it must be the solution".
>> You fail to recognize that the number of non-random plaintexts is
>> astronomical....
> THE NUMBER OF MESSAGES WHICH HAVE A SENSE IS INFINITESIMAL COMPARING TO
> THOSE WHICH DOES NOT HAVE A SENSE!!!!!!!!!!!!!!!!!!!
And the number of counting numbers is infinitesimal to the number of
reals??
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: Secure Digital Music Initiative cracked?
Date: Sun, 29 Apr 2001 06:52:39 GMT
"David A Molnar" <[EMAIL PROTECTED]> wrote
> ...
> * How do we get the DMCA repealed or at least amended?
> I think these are the sorts of practical questions we need to ask right
now.
I don't have answers. Crypto people lobbied against the DMCA, but
were overwhelmed by the commercial interests. The DMCA does
make the law in this area a whole new game, and prior common sense
reasoning may not apply.
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: Quantum Crypto
Date: Sun, 29 Apr 2001 07:09:23 GMT
"Bill Unruh" <[EMAIL PROTECTED]> wrote
> ]I don't believe either of the above statements is true. Usually QC
systems
> ]are some sort of combination of QC with conventional crypto, and
> ]offering less security than is commonly offered by conventional crypto.
> On what basis? QC uses conventional crypto. QC is used to generate a
> random shared key between the two parties. A key which is known with
> high probability not to have been eavesdropped. HOw is this less
> security than is commonly offered by conventional crypto?
Typically QC systems offer no promise at all that an individual bit
might have been eavesdropped. Many conventional crypto systems
are designed with an attitude that the loss of one secret bit could
be catastrophic.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.hacker
Subject: Re: MS OSs "swap" file: total breach of computer security.
Date: Sun, 29 Apr 2001 01:39:57 -0700
David Hopwood wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Tom St Denis wrote:
> > <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> > > And, recognizing this, your reason for continuing to use Win98
> > > would be ......??????
> >
> > What's your point? It's possible to secure memory in Win98, ASS is
> > just too stupid to figure out how.
>
> It is possible, just about, but what is far from obvious from the
> Microsoft documentation is that it can *only* be done via a ring 0
> device driver, not directly from an application. In fact even with
> the co-operation of a device driver, it's decidedly non-trivial to
> access locked memory from a Windows application.
>
> Note that the Win32 API function VirtualLock, which is documented to
> "lock" virtual memory, does not do what you would think. For example,
> Knowledge Base article Q108449 says:
>
> # VirtualLock()
> # To lock a particular page into memory so that it cannot be swapped
> # out to disk, use VirtualLock().
>
> However, that is not what VirtualLock actually does. Read this MSDN
> article (* is my emphasis):
>
> Managing Virtual Memory in Win32
> Randy Kath
> Microsoft Developer Network Technology Group
> January 20, 1993
>
> # Processes in Windows NT are granted subtle influence into [virtual
> # memory paging] behavior with the VirtualLock and VirtualUnlock
> # functions. Essentially, a process can establish specific pages to
> # lock into its working set. However, this does not give the process
> # free reign over its working set. It cannot affect the number of pages
> # that make up its working set (the system adjusts the working set for
> # each process routinely), and *it cannot control when the working set
> # is in memory and when it is not*. The maximum number of pages that
> # can be locked into a process's working set at one time is limited to
> # 32. An application could do more harm than good by locking pages of
> # committed memory into the working set because doing so may force other
> # critical pages in the process to become replaced. In that case, the
> # pages could become paged to disk, causing page faults to occur whenever
> # they were accessed. Then the process would spend much of its CPU
> # allotment just paging critical pages in and out of memory.
> #
> # *Bear in mind that locking a page of memory in Win32 does not mean
> # that the page will not be paged to disk.* On the contrary, it means
> # that, while the process is running, the locked page of memory will be
> # present in physical memory. *It is not only possible, but likely,
> # that the entire working set of pages for a process will be paged to
> # disk when the process is idle.* When the process wakes up, its working
> # set of pages is immediately paged back into memory, including the
> # VirtualLocked pages.
>
> This article was written about Windows NT 3.51, but it also applies
> to NT 4.0, and I believe also to Windows 2000. For Windows 95, "the
> VirtualLock function is implemented as a stub that has no effect and
> always returns a nonzero value" (i.e. it fails silently: nonzero
> means success). I don't know whether this is also the case for Win98,
> but I suspect it is. In any case, VirtualLock is clearly not sufficient
> to lock memory for cryptographic security purposes.
>
> Another possibility that you might think would help, is the MEM_RESET
> flag to VirtualAlloc[Ex], which is documented as follows:
>
> # MEM_RESET Windows NT: Specifies that memory pages within the
> # range specified by lpAddress and dwSize will not be
> # written to or read from the paging file.
>
> Don't be misled: this is just yet more badly written documentation.
> MEM_RESET actually indicates that an app has finished with a range of
> pages (but doesn't want to decommit them immediately for efficiency
> reasons).
>
> To allocate locked memory from a device driver, you have to use the
> _ProcessAlloc function with the PAGEFIXED flag, and it will return the
> ring 0 linear address of the block in EAX (yes, it really is that low
> level). However, note that this is memory allocated for use directly
> by the device driver; making it accessible to an application requires
> (considerable) extra work.
>
> If you only need to lock memory used by keys, then it would be possible
> to have the application reference each key using an abstract handle,
> so that they are never mapped directly to the application's address
> space, and then provide an API for encryption, decryption, etc. To make
> this secure in Windows NT, you would have to segregate keys owned by
> different processes (in Win9x it doesn't matter, because processes
> can read each other's memory, and system memory, anyway). It would be
> an interesting project to implement this, but it is certainly much more
> effort than just locking a range of application memory. Also, it isn't
> clear (to me, at least), how you would protect data other than keys,
> short of running significant portions of the application in ring 0 -
> which obviously introduces its own security problems.
>
> - --
> David Hopwood <[EMAIL PROTECTED]>
>
> Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
> RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
> Nothing in this message is intended to be legally binding. If I revoke a
> public key but refuse to specify why, it is because the private key has been
> seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3i
> Charset: noconv
>
> iQEVAwUBOuubGDkCAxeYt5gVAQHrSAf+OhMs5oPTatYRoKd4XW5oztx2ZLP3orWr
> 1UOgivKMxeLEvRA6O61w8IgEHH+tZ1LZu6B9+Pr3WG4QqpaSNGKfI50AbQYsOTT1
> frSSrn4TCY9V/3CM3fqsdq5KyV1D385EpfsyUzrMymi9b1fl/tVQkritvwHc4RMl
> tMn6W9g2ZqpHPT/rly0RZqCv0Myjwy7QCwI8HCg1a3vtS2mY1OJwGT/dv+GVchbK
> 12KydnWoL049rBbYa+0gLedqpzg75OV6bO343+zyyHaHlSS1drM9rRgfN0wks4Cs
> Rxm02sQ9iolCkHBFHleX3e6iotrq3EjV8uVWbWXUufaUSuAvSeDE3w==
> =OZUp
> -----END PGP SIGNATURE-----
But doesn't he always make it sound so easy and clear cut if only
you just had his command of the subject matter?
Once again, someone has stepped forward and put his sh-- in the
street.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.hacker
Subject: Re: "I do not feel secure using your program any more."
Date: Sun, 29 Apr 2001 02:26:47 -0700
Tom St Denis wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> "Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > anon wrote:
> > >
> > > Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote in message
> > > news:[EMAIL PROTECTED]...
> > > > "I do not feel secure using your program any more."
> > > >
> > > > You sure jumped to a hasty conclusion.
> > > >
> > > > Again, using the methods of OAP-L3 to generate your random
> > > > digit sequences is just the first step of creating your OTPs.
> > > > And since I believe you would agree that even if you started
> > > > with a known file containing the sequences of 0123456789 of
> > > > length 18,144,000 bytes and this becoming very quickly
> > > > practicably impossible to guess using the methods from OAP-L3,
> > > > then by actually generating the random digit files using OAP-L3
> > > > makes this impossibility that much more impossible.
> > >
> > > What will you use to reorder those data?
> > > Surely the process can easily be recreated, thus your data is ont
> > > safe?
> > >
> > > - Dan
> > >
> > > "clearly you are an inDUHvidual, just like everyone else" -
> > > unattributed.
> >
> > Please, admit you do not know what you are talking about, do you.
> >
> > What do you know about OAP-L3?
>
> Well saying it's not safe may be a bit much, but it "can" be
> recreated.
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
> Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
>
> iQA/AwUBOupEJAULrT+pXe8cEQIo3gCgyR/L0O4xuzPBwS43nAqQ5kI633AAn0XG
> MaSkLemsnS7E4dW1+FXhz2m7
> =i0yN
> -----END PGP SIGNATURE-----
Give us a break.
Can't you speak with any precision?
What does "it 'can' be recreated" mean?
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Secure Digital Music Initiative cracked?
Date: Sun, 29 Apr 2001 12:09:29 +0200
David A Molnar wrote:
>
> * Does this mean researchers should refrain from participating
> in future cracking contests for *any* copy protection technology?
>
> * Is it possible for a contest to be run and agreements to be
> drawn up such that the SDMI Foundation-style creative
> reinterpretation is impossible? or are cracking contests now
> just too damn dangerous to touch, no matter how pure the
> original motives seem to be?
>
> * If it is too dangerous to take information from the
> manufacturers and illegal to take information from reverse
> engineering devices, then *how* is research on these technologies
> to be conducted? (I am taking it as a given that such research
> should be undertaken).
> Do we know how broad the DMCA's exemption for security research is?
>
> * How is the situation different for cryptographers doing work
> in the U.S. and outside (DMCA vs. no DMCA)? what about
> researchers who do the work outside the U.S. and present
> in the U.S.? Does this mean that all future Info Hiding
> Workshops, for instance, need to be held outside the U.S.?
>
> * How do we get the DMCA repealed or at least amended?
>
> I think these are the sorts of practical questions we need to ask right now.
I have the fuzzy feeling that the issues have some
parallels to export regulations both in respect of sanity,
chance of long term upholding, etc. I conjecture that it
could well happen that at sometime later time point the
industry find DMCA is actually having a rather negative
impact on their revenues due to developments entirely
outside their spheres of influence, resulting in less
customers than otherwise would have been the case, and
the matter would then get revised/relaxed, not un-similiar
to the export regulations.
M. K. Shen
------------------------------
Subject: Re: Censorship Threat at Information Hiding Workshop
From: [EMAIL PROTECTED] (Leonard R. Budney)
Date: 29 Apr 2001 07:25:56 -0400
[EMAIL PROTECTED] (Bill Unruh) writes:
> ...copyright law, sets in...This monopoly is as artificial as any other
> monopoly granted by the state. In this case the reason for this grant
> of monopoly is to encourage production. There is no natural right to
> a monopoly.
However, copyright expresses the basic belief that an idea's originator
is entitled to profit from his ideas. I think that's a good and fair
principle--but when the cost of production (AND theft) falls to zero,
all sorts of interesting complications arise.
> A creative work is not a thing. An embodiement can be, but it is not
> embodyments copyight law controls, it is the act of copying.
To you "emobodiment" means a "physical artifact". Your language is not
consistent with copyright law. It's correct that *ideas* are not things;
that's why copyright law protects a *specific form* given to an idea.
> That act deprives noone of anything. He has as much of the item
> afterwards as he did befor.
It deprives him of the livelihood derivable from charging for use of his
creative effort.
> It is a public good to allow copying, just as it is believed
> that the free market is also a public good.
``Just as''? Copying may be a public good, but (supposing the existence
of intellectual property) it is the opposite of a free market. You are
taking away one man's means of livelihood, on the argument that somebody
else needs it. That's socialism. (Just as extreme Stallmanism is really
just software socialism.)
> The DMCA is similar to the types of law passed in the soviet union
> preventing anyone but the state sanctioned companies from creating
> tractors, TV sets, or coffee.
With a vital difference. Soviet laws protected government monopoly. In
the US, a temporary monopoly is up for anyone's grab: just be the first
to think of something.
Len.
--
When you actually try this out, let me know how many users yell at
you.
-- Dan Bernstein, author of qmail
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Crossposted-To: talk.politics.crypto,alt.hacker
Subject: Re: "I do not feel secure using your program any more."
Date: Sun, 29 Apr 2001 11:26:04 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > "Anthony Stephen Szopa" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > anon wrote:
> > > >
> > > > Anthony Stephen Szopa <[EMAIL PROTECTED]> wrote in message
> > > > news:[EMAIL PROTECTED]...
> > > > > "I do not feel secure using your program any more."
> > > > >
> > > > > You sure jumped to a hasty conclusion.
> > > > >
> > > > > Again, using the methods of OAP-L3 to generate your random
> > > > > digit sequences is just the first step of creating your
> > > > > OTPs. And since I believe you would agree that even if you
> > > > > started with a known file containing the sequences of
> > > > > 0123456789 of length 18,144,000 bytes and this becoming
> > > > > very quickly practicably impossible to guess using the
> > > > > methods from OAP-L3, then by actually generating the random
> > > > > digit files using OAP-L3 makes this impossibility that much
> > > > > more impossible.
> > > >
> > > > What will you use to reorder those data?
> > > > Surely the process can easily be recreated, thus your data is
> > > > ont safe?
> > > >
> > > > - Dan
> > > >
> > > > "clearly you are an inDUHvidual, just like everyone else" -
> > > > unattributed.
> > >
> > > Please, admit you do not know what you are talking about, do
> > > you.
> > >
> > > What do you know about OAP-L3?
> >
> > Well saying it's not safe may be a bit much, but it "can" be
> > recreated.
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGPfreeware 7.0.3 for non-commercial use
> > <http://www.pgp.com> Comment: Key at:
> > http://tomstdenis.home.dhs.org/key.asc
> >
> > iQA/AwUBOupEJAULrT+pXe8cEQIo3gCgyR/L0O4xuzPBwS43nAqQ5kI633AAn0XG
> > MaSkLemsnS7E4dW1+FXhz2m7
> > =i0yN
> > -----END PGP SIGNATURE-----
>
>
> Give us a break.
> Can't you speak with any precision?
> What does "it 'can' be recreated" mean?
Well sure I can encrypt stuff using OAP? Can I decrypt too?
Tom
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOuv6QQULrT+pXe8cEQLOuQCfYdTBnCSKhAayE4GC28zReuE/2BoAoKIh
9cOD/5OC7lwDzh3kn0NGQcBP
=H61L
=====END PGP SIGNATURE=====
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: A keen symmetric cipher idea
Date: Sun, 29 Apr 2001 11:59:52 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
This is a symmetric private key system (not PK) so keep that in mind.
1. Both users pick two large primes p and q, then form N = pq
2. To encode a message you take 0 < M < N and do, c1 = M mod p, c2 =
M mod q
3. To decode use crt to recover the message from c1/c2.
Off the top of my head I can't see how c1 or c2 will reveal p or q or
M.
Neater thing is if you use a 64-bit irreducible polynomials for p and
q shouldn't this trick still work? Resulting in a 128-bit block
cipher...
- --
Tom St Denis
- ---
http://tomstdenis.home.dhs.org
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Key at: http://tomstdenis.home.dhs.org/key.asc
iQA/AwUBOuwCKwULrT+pXe8cEQKvfACeO+w3ojky0Kde8E2B46wzB7z+/WwAnjUy
wtK0PEN5vOD5SNMoYMZ+uyEw
=MSRW
=====END PGP SIGNATURE=====
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
