Cryptography-Digest Digest #280, Volume #14 Tue, 1 May 01 19:13:00 EDT
Contents:
Eurocrypt presentation on NSS (Dan Bailey)
Re: Censorship Threat at Information Hiding Workshop ("Paul Pires")
Re: RSA BRUTE FORCE (Jack Brennen)
Re: Style of discussions (John Bailey)
Any one got a Clue on configuring freeswan? (mickey)
Re: RSA BRUTE FORCE ([EMAIL PROTECTED])
Feige-Fiat-Shamir and Guillou-Quisquater Identification Schemes ("Brice Canvel")
Re: Feige-Fiat-Shamir and Guillou-Quisquater Identification Schemes (Quisquater)
Re: RSA BRUTE FORCE (John Savard)
Re: "I do not feel secure using your program any more." (James Felling)
Re: Censorship Threat at Information Hiding Workshop (Darren New)
Re: Intacta.Code ... ("Thomas Christensen")
Re: Intacta.Code ... ("Thomas Christensen")
Re: Censorship Threat at Information Hiding Workshop ("Paul Pires")
----------------------------------------------------------------------------
From: Dan Bailey <[EMAIL PROTECTED]>
Subject: Eurocrypt presentation on NSS
Date: Tue, 1 May 2001 16:06:40 -0400
Recently, there have been postings on this group that the NSS scheme
outlined in the NSS paper to be presented at Eurocrypt May 8 has been
attacked, and that any NSS signature can be easily forged. There have
also been pointers to a web site making these claims without providing any
details. It is unfortunate that such allegations are widely disseminated
without detailed supporting material. We should stress that these attacks
do not undermine the security of NSS and would like to comment on these
recent discoveries.
First, there are indeed two attacks which have been put forth to the NSS
signature scheme as described in the Eurocrypt paper. The first pertains
to an oversight in the paper, where a signature validation condition was
oversimplified. This permitted an easy (and easily countered) forgery
attack via linear algebra. It appears Jacques Stern has found a version of
this attack as well, and a preliminary announcement has been posted to his
website. Lacking the details of Stern's methods, we cannot comment further
at this time. However, we would like to stress that the signatures posted
on his website are *not* valid signatures, as they fail to satisfy several
defining conditions sketched in the Technical Note referred to below.
The second is a very interesting strengthening of a statistical transcript
attack first described in our paper. This attack shows a manner in which
transcripts of a few tens of thousands of signatures could be sufficient
to leak significant information. This is countered by strengthening the
encoding/masking methods already mentioned in the NSS paper as a defense
against averaging attacks.
Further details will be provided during our Eurocrypt presentation. NTRU's
current software toolkits already include the strengthened defenses.
Again, we would like to emphasize that these attacks do not undermine the
security of NSS. They were directed at certain encoding/validation
aspects of the Eurocrypt paper and do not impact the underlying NSS
algorithm.
You can learn more about the NSS algorithm by reviewing detailed Technical
Note #017: Enhanced Encoding and Verification Methods for the NTRU
Signature Scheme on our web site located at
http://www.ntru.com/technology/tech.technical.htm.
Posted on behalf of Jeffrey Hoffstein, co-Vice President Research and
Founder, NTRU
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Tue, 1 May 2001 13:17:58 -0700
Roger Schlafly <[EMAIL PROTECTED]> wrote in message
news:ahDH6.125$[EMAIL PROTECTED]...
> "Paul Pires" <[EMAIL PROTECTED]>
> > is to establish a tangible asset which can be protected and valued. 14 to
> > 20 years sounds about right to me. I have never understood why the term
> > and the renewal provisions are so different for copyright versus patent.
> > I suspect there were some vested interest in the the publishing industry
> > that had to be appeased. 56 years? that's absurd.
>
> Neither patents nor copyrights can be renewed. Patents expire 20 years
> after the application date. Copyrights last for the life of the author, plus
> 70 years.
Bad wording on my part. Extensions are not renewals. The point remains that
congress doesn't feel the need to constantly muck with patent terms.
>
> Every 20 years or so, when the Mickey Mouse copyright is about to
> run out, Congress extends the copyright term for another 20 years.
> The last extension was challenged in the courts (Eldred v. Reno), but
> the courts have upheld the extension (so far). For more info, see:
Nice reference. I have to agree with the dissenting opinion that retroactively
extending a term is in conflict with the limits on the congress.
"By securing for limited times to authors and inventors the exclusive right to
their respective writings and discoveries."
If a term can be extended retroactively then it cannot be seen as very "limited".
Consideration went into changing a patent term from 17 years from issue to
20 years from application. There is even an understandable argument for
why it was done. This retroactive copyright term extention seems arbitrary
and capricious. I wonder how much it cost Isner (sp?)?
Paul
> http://eon.law.harvard.edu/openlaw/eldredvreno/
> http://www.eagleforum.org/misc/briefs/index.html#disney
>
>
>
>
------------------------------
From: Jack Brennen <[EMAIL PROTECTED]>
Subject: Re: RSA BRUTE FORCE
Date: Tue, 01 May 2001 16:55:46 -0400
Erictim wrote:
>
> thanks for the replys. i don't understand enough about programming languages
> to code a program and test this. if you see this in a newsgroup you may need
> to set your preferences to accept larger messages.
> this is an example of the greater than,less than brute force attack i was
> referring to. this would result in probably not more than 40000 test cases and
> i have heard that computers are fast when doing multiplication. sorry about
> caps
>
> (0,0) (0,1) (0,2) (0,3) (0,4) (0,5) (0,6) (0,7) (0,8) (0,9)
> (1,1) (1,2) (1,3) (1,4) (1,5) (1,6) (1,7) (1,8) (1,9)
> (2,2) (2,3) (2,4) (2,5) (2,6) (2,7) (2,8) (2,9)
> (3,3) (3,4) (3,5) (3,6) (3,7) (3,8) (3,9)
> (4,4) (4,5) (4,6) (4,7) (4,8) (4,9)
> (5,5) (5,6) (5,7) (5,8) (5,9) chart 1
> (6,6) (6,7) (6,8) (6,9)
> (7,7) (7,8) (7,9)
> (8,8) (8,9)
> (9,9)
>
>
> (0,0)
> (1,0)
> (1,1)
> (2,0) (2,1)
> (2,2)
> chart 2 (3,0) (3,1) (3,2) (3,3)
> (4,0) (4,1) (4,2) (4,3) (4,4)
> (5,0) (5,1) (5,2) (5,3) (5,4) (5,5)
> (6,0) (6,1) (6,2) (6,3) (6,4) (6,5) (6,6)
> (7,0) (7,1) (7,2) (7,3) (7,4) (7,5) (7,6) (7,7)
> (8,0) (8,1) (8,2) (8,3) (8,4) (8,5) (8,6) (8,7) (8,8)
> (9,0) (9,1) (9,2) (9,3) (9,4) (9,5) (9,6) (9,7) (9,8) (9,9)
>
> a junction is considered to be the pair of numbers resulting in a value that
> is immediately greater than and less than the number being compared to.
>
> pairs are represented as (X, Y)
>
> chart 1
> find upper junction pair and do(X+1, Y-1)
> if the lower pair of the junction is in the far left
> column then take the upper junction pair and do(X+1, Y)
>
> chart 2
> find lower junction pair and do(X+1, Y+1)
> if upper junction pair is in the far right column
> then take the lower junction pair and do(X, Y+1)
>
>
> example
>
> X * Y = Z
> X * Y = 39772916239307209103
>
> 5999999999 * 5999999999 = too small
> 5999999999 * 6999999999 = too large
> (upper junction pair is (5,6))
> (lower junction pair is (5,5))
> by chart 1 take (5+1, 6) = (6,6)
>
> 6199999999 * 6399999999 = too small
> 6199999999 * 6499999999 = too large
> (1+1, 4-1) = (2, 3)
>
> 6249999999 * 6359999999 = too small
> 6249999999 * 6269999999 = too large
> (4+1, 6-1) = (5, 5)
>
> 6256999999 * 6355999999 = too small
> 6256999999 * 6356999999 = too large
> (6+1, 5+1) = (7, 6)
>
> 6257399999 * 6356099999 = too small
> 6257399999 * 6356199999 = too large
> (3+1, 1-1) = (4, 0)
>
> 6257489999 * 6356039999 = too small
> 6257489999 * 6356049999 = too large
> (8+1, 3+1) = (9, 4)
>
> 6257492999 * 6356046999 = too small
> 6257492999 * 6356047999 = too large
> (2+1, 7-1) = (3, 6)
>
> 6257493299 * 6356046099 = too small
> 6257493299 * 6356046199 = too large
> (2+1, 0+1) = (3, 1)
>
> 6257493329 * 6356046109 = too small
> 6257493329 * 6356046119 = too large
> (2+1, 0+1) = (3, 1)
>
> last digit must be 1, 3, 7 or 9, test them all and
> X = 6257493337
> Y= 6356046119
> 6257493337 * 6356046119 = 39772916239307209103
Please show how your method would work on this
number:
X * Y = 39772916239307209181
It seems to me that it doesn't work at all except
in very exceptional circumstances -- clearly your
target number was not chosen randomly, but was most
likely chosen in order to make the method "work" ...
------------------------------
From: [EMAIL PROTECTED] (John Bailey)
Subject: Re: Style of discussions
Date: Tue, 01 May 2001 20:57:53 GMT
On Tue, 01 May 2001 14:24:29 +0200, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
>
>Time and again I read articles that contain, in my opinion,
>more or less heavy personal attacks of some writers on the
>others.
This is a very useful and constuctive post. All post respondents
should be cautious about their response unless it presents
[supporting or contrary facts or references] or [alternative
interpretations or theories.] Responses should never include
inferences as to the personal attributes, knowledge base, or
intentions of the author.
As a suggestion: a few standardized responses to trivial newbie posts
miight be helpful. These would include responses such as
1) off topic
2) see the FAQ
3) should be in the FAQ but unfortunately isn't. This is getting
tiresome
This code, of course does not help the situation which every newsgroup
of which I am a subscriber faces. They all seem to have respondents
who are pains in the ass. My view is that any means to suppress them
as necessary can be used in that situation.
John
------------------------------
From: mickey <[EMAIL PROTECTED]>
Subject: Any one got a Clue on configuring freeswan?
Date: Tue, 01 May 2001 21:29:46 GMT
I've got trouble understanding the configuration of freeswan.
Can anyone help me please.
Groet,
Michael
--
You're being silly.
Don't be silly.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: RSA BRUTE FORCE
Date: Tue, 01 May 2001 21:31:31 GMT
Erictim <[EMAIL PROTECTED]> wrote:
: thanks for the replys. i don't understand enough about programming languages
: to code a program and test this. if you see this in a newsgroup you may need
: to set your preferences to accept larger messages.
: this is an example of the greater than,less than brute force attack i was
: referring to. this would result in probably not more than 40000 test cases and
: i have heard that computers are fast when doing multiplication. sorry about
: caps
When you do these tests, you'll end up with several possible pair of numbers.
For example, you may find that 5999999 and 7999999 are one pair, and maybe
2999999 and 9999999 are another pair. The problem is, you don't know which
pair is the right one until you get down to the very end and discover that
there are no two right-most digits that can make the number come out right.
It feels to me like there should always be 5 possible pairs, but let's say
for the moment that there are only 2. Now, for a 100-digit number, that
means you're doing 2^100 tests. That's roughly 16 billion * 8 billion *
8 billion. If you figure that a fast PC can do 2 billion instructions per
second, even if you could perform a test in one instruction, that's still
way out of the realm of possibility.
Even though you're factoring a number that has only two factors (presumably),
that doesn't mean that you'll only see one pair of digits that will work.
Mark
--
Mark Wutka
------------------------------
From: "Brice Canvel" <[EMAIL PROTECTED]>
Subject: Feige-Fiat-Shamir and Guillou-Quisquater Identification Schemes
Date: Tue, 1 May 2001 22:27:34 +0100
Hi,
I came across those two identification schemes while reading Applied
Cryptography:
a.. Feige-Fiat-Shamir
a.. Guillou-Quisquater.
I have never heard of those before. Are they use in practice ? If so, what
kind of systems use these two schemes ? And are there any known
weakneses/attacks for these shemes ?
Any links to further information on the subject would be appreciated.
Thank you.
Brice.
------------------------------
From: Quisquater <[EMAIL PROTECTED]>
Subject: Re: Feige-Fiat-Shamir and Guillou-Quisquater Identification Schemes
Date: Wed, 02 May 2001 00:01:53 +0200
Brice Canvel wrote:
>
> Hi,
>
> I came across those two identification schemes while reading Applied
> Cryptography:
> a.. Feige-Fiat-Shamir
> a.. Guillou-Quisquater.
>
> I have never heard of those before. Are they use in practice ? If so, what
> kind of systems use these two schemes ? And are there any known
> weakneses/attacks for these shemes ?
>
> Any links to further information on the subject would be appreciated.
>
> Thank you.
>
> Brice.
Read the FAQ from RSA labs:
http://www.rsa.com/rsalabs/faq/6-3-5.html
(What are the important patents in cryptography?)
you'll also find the 2 schemes (including the derived signature schemes)
in the HAC (Handbook of Applied Cryptography)
http://cacr.math.uwaterloo.ca/hac/index.html
(from p. 412 to p. 451).
An application: identification inside NDS-netware from Novell:
see http://www.nwconnection.com/may.96/eleco56/anwcs56.html
http://www.prenticehall.ca/allbooks/ptr_0130614661.html
http://www.novell.com/news/press/archive/1996/07/pr96131.html
aso.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: RSA BRUTE FORCE
Date: Tue, 01 May 2001 22:07:39 GMT
On Mon, 30 Apr 2001 20:23:33 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote, in part:
>I don't think the algorithm was really (supposed to) be "brute force".
>It seems to be a radix search, logarithmic in the input size.
If that were true, and it actually worked, it would be an amazing
discovery. It would be a factoring algorithm that would demolish RSA.
At least if I understand you correctly.
John Savard
http://plaza.powersurfr.com/jsavard/
------------------------------
From: James Felling <[EMAIL PROTECTED]>
Subject: Re: "I do not feel secure using your program any more."
Date: Tue, 01 May 2001 17:20:08 -0500
Anthony Stephen Szopa wrote:
> "I do not feel secure using your program any more."
>
> You sure jumped to a hasty conclusion.
>
> I certainly appreciate your effort in arriving at this noteworthy
> observation.
>
> But if you think about it this approach to generating random digits
> is essentially a finite step function on a row to row basis. Thus
> for a set of 3 permutations you give me I can give you another that
> will produce the same random digit output. But it is finite. This
> is obvious from direct observation.
>
> Have you thought about this: You could have guessed forever if you
> did not already know the random digit sequence.
>
> So you are somewhat correct in that there are many other possible
> permutations sequences that will generate the same output. But
> there are practicably an infinite number of others that won't.
>
> But let us not stop there.
>
> As you are aware, the random digit sequences are not the OPTs. The
> random digit sequences are only the starting point for generating the
> OTPs.
>
> For instance, one could suggest: "Why even generate these random
> digit sequences using the OAP-L3 methods. I will just generate a
> file containing nothing but the digit sequence 0123456789 repeated
> until I have created a file of 18,144,000 bytes in length then I
> will use the other methods from OAP-L3 to scramble these up to create
> a random digit sequence."
I could generate equivalently secure data in mere seconds with less than
60 lines of C code, and a shorter passphrase.
Put windowdressing on it and it would still be smaller, faster, and less
of a risk to use than your program.
>
>
> You surely know that it won't take very many of these processes to
> scramble up THIS file before the odds of guessing the final sequence
> becomes practicably impossible to guess or analyze because there will
> simply not be enough computing power available or time or energy to
> accomplish this.
Yes. But it does not change the fact that your program has the potential
for weak keying, is huge, slow and not key agile at all, and in fact
offers no discernable benefit vs a short RC5 program save perhaps to your
pocketbook.
>
>
> Again, using the methods of OAP-L3 to generate your random digit
> sequences is just the first step of creating your OTPs. And since I
> believe you would agree that even if you started with a known file
> containing the sequences of 0123456789 of length 18,144,000 bytes
> and this becoming very quickly practicably impossible to guess
> using the methods from OAP-L3, then by actually generating the random
> digit files using OAP-L3 makes this impossibility that much more
> impossible.
>
> This is because if you have gone to ciphile.com and looked up the
> Sterling Approximation web page you would know that there are about
> 1E66,000,000 possible sequences to arrange three permutation files.
> Of course there may be trillions and trillions of useable sequences.
> How lucky are you at guessing one in 1E24 or 1E48 or 1E96, etc.
> sequences from 1E66,000,000. Not even incredible Chinese gamblers
> think they are this lucky.
Sure and how many possible streams can a good stream cypher generate --
2^(number of bits of state). Gee, I'll bet you that number can get
pretty huge too. And well since your method does NOT evenly distribute
its output across that space -- some output streams are more likely than
others, your performance is less awesome than claimed.
>
>
> Now you may feel that the problem is greatly simplified (as if
> anything could simplify a problem with 1E66,000,000 possible
> outcomes) if you just had some plaintext and encrypted text. How
> so?
>
> The random number sequence you determine from having these two data
> sources has so little relationship with the random digit file(s)
> generated from using the OAP-L3 methods as to be worthless for
> attacking subsequent numbers from the OTPs because this original
> random digit file has been further processed using all the methods
> available with OAP-L3, where above I hope you agreed, even
> if you knew this file and its sequences, it would make no
> difference.
>
> OAP-L3 is not meant to provide security for the random digit files
> its methods can generate. OAP-L3 looks through this sequence of
> steps to arrive at the security level obtained from using its methods
> in the creation of the OTP files.
Well, yes if you use it you CAN achieve security, but WILL YOU? A good
N-bit PRNG will be faster, and just as hard to break. So why should I use
yourt methods?
>
>
> Practicably, the process leading to the final OTP files is a one way
> process.
It is also hard to work backwards from the output of a good stream
cypher.
>
>
> Look back from the vantage point of the OTP files, all the way back
> back to the three files of permutations sequences and consider
> recreating these from just some cyphertext and corresponding
> plaintext.
>
> Still a little shaky, then simply assume that someone knows (which
> they cannot possibly know from figuring it out as I just pointed
> out but let's just assume) that the cracker actually knows the random
> digits you have generated from the methods from OAP-L3.
>
> Continuing to process this file(s) as I am sure you realize will soon
> make it impossible for this cracker to gain any headway. The
> computations may be simple but their probabilities soon become
> unmanageable.
>
> 14! = about 87,000,000,000. So a cracker guessing will have to guess
> this many possible outcomes for just this one process assuming the
> cracker even knows this was the process run. Set's assume the
> cracker does.
You generate data after running just one process, and I guarantee you
that your message will be insecure in very short order.
>
>
> Just running this process 10 times makes the possible outcomes
> (87E9)^10 = 87E90.
Asuming that your operation is not a group like any of several of your
chosen ops.( Your method give substantially lower performance)
> How can a hacker increasingly keep track of all
> this? This is why OAP-L3 is so powerful. It allows the user to
> effectively determine the security level by how many processes run.
>
> Here is a real problem for the cracker. Let's say a cracker does
> guess a short length of the random number sequence or OTP used to
> encrypt a message or messages. Is this any different than guessing
> the sequence of any other encryption software or any other encryption
> method? Your premise is "by guessing."
No by stream analisys, by thinking about it. No one just guesses and
thinks that they are sane.
> If a guess is made and is
> good then does this necessarily imply subsequent guesses are correct
> as well.
No, but if he is analyzing the data it will improve his guesses at other
locations.
>
>
> You suggest that if a cracker guesses the three permutation sequences
> that they will be able to break the encryption. How? Or more
> specifically how will the cracker even know that the original or
> useable three permutation sequences are valid?
>
> The cracker has nothing to verify this with. ABSOLUTELY NOTHING.
>
> The nature of OAP-L3 and many other encryption schemes is that even
> if you guess and obtain a readable plaintext message you need to ask
> yourself if this is the correct plaintext message.
>
> You can essentially see this entire argument by reading the Help
> Files at ciphile.com.
>
> Thanks for allowing me to refresh my memory.
>
> I hope this helps in your considered deliberations.
>
> AS
>
> PS I assume you were using OAP-L3 according to instructions and
> recommendations.
You could do much better using a reliable method, why use OAP-L3?
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Tue, 01 May 2001 22:29:57 GMT
Paul Pires wrote:
> If a term can be extended retroactively then it cannot be seen as very "limited".
It would also seem to conflict with an earlier post here by Mr Gwyn stating
> It's really very simple. The original creative work belongs
> to the person who creates it. He agrees to let use use it for
> certain purposes under certain conditions, which may or may
> not involve payment. If you agree to those terms, you are
> given access to the work.
Here, the author has given you access to the work that you can reasonably
expect to be public domain in X years. Then congress comes along and with no
further agreement from you makes you wait X+20 before the work is in the
public domain.
Imagine if this happened with patents. "Well, it expires in 6 months, so
we'll just wait." Five months later: "Whoops! Now we have to wait anouther
10 years."
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
Invasion in chinese restaurant:
ALL YOUR RICE ARE BELONG TO US!
------------------------------
Reply-To: "Thomas Christensen" <[EMAIL PROTECTED]>
From: "Thomas Christensen" <[EMAIL PROTECTED]>
Subject: Re: Intacta.Code ...
Date: Wed, 2 May 2001 00:45:10 +0200
> Sadly this is nothing more then Reed-Solomon codes and a B&W bitmap.
Do you have some more information about the "Reed-Solomon codes" and how it
is converted into a "B&W bitmap" ..?
- Thomas
------------------------------
Reply-To: "Thomas Christensen" <[EMAIL PROTECTED]>
From: "Thomas Christensen" <[EMAIL PROTECTED]>
Subject: Re: Intacta.Code ...
Date: Wed, 2 May 2001 00:43:31 +0200
OK ... I will remember that ...
- Thomas
"Mok-Kong Shen" <[EMAIL PROTECTED]> skrev i en meddelelse
news:[EMAIL PROTECTED]...
>
>
> Thomas Christensen wrote:
> >
> > Does anybody have information about the "Intacta.Code" system ...?
>
> I suppose that for such questions you should provide some
> context, i.e. where you have seen the term mentioned, etc.,
> in order to help people to eventually help you. Otherwise,
> your chance of getting an answer would be slim, I am afraid.
>
> M. K. Shen
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Censorship Threat at Information Hiding Workshop
Date: Tue, 1 May 2001 15:44:40 -0700
Darren New <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Paul Pires wrote:
> > If a term can be extended retroactively then it cannot be seen as very "limited".
>
> It would also seem to conflict with an earlier post here by Mr Gwyn stating
That's a stretch. You could interpret what Douglas Gwyn said in that
way but why not just call it your own spin? One of the terms could
well be "for the life of the copyright as determined by the laws of the U.S.
and caprice of the Congress". Read it this way there is no conflict
in his post.
> > It's really very simple. The original creative work belongs
> > to the person who creates it. He agrees to let use use it for
> > certain purposes under certain conditions, which may or may
> > not involve payment. If you agree to those terms, you are
> > given access to the work.
>
> Here, the author has given you access to the work that you can reasonably
> expect to be public domain in X years. Then congress comes along and with no
> further agreement from you makes you wait X+20 before the work is in the
> public domain.
>
> Imagine if this happened with patents. "Well, it expires in 6 months, so
> we'll just wait." Five months later: "Whoops! Now we have to wait anouther
> 10 years."
Actually, I'd cry all the way to the bank.
Agreed, it is a bad way do do business but don't lay it at Doug's door.
I don't like the evils cited against IP anymore than you do. I think these
abuses are beside the issue and are an inflamitory smokescreen when cited
against the value of the protections that they undermine.
Paul
>
> --
> Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
> San Diego, CA, USA (PST). Cryptokeys on demand.
> Invasion in chinese restaurant:
> ALL YOUR RICE ARE BELONG TO US!
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
