Cryptography-Digest Digest #366, Volume #14 Wed, 16 May 01 13:13:01 EDT
Contents:
Re: TC15 analysis ("Scott Fluhrer")
Re: Probablistic Algorithms For Square Roots of QRs in Z/n (Anton Stiglic)
X9.31 PRNG (flip)
Re: What Is the Quality of Randomness? (James Felling)
Re: Best, Strongest Algorithm ("Joseph Ashwood")
Re: Integrity check algorithm ("Joseph Ashwood")
Re: Are low exponents a problem with RSA? ("Joseph Ashwood")
Re: ON-topic - UK crime statistics (was Re: Best, Strongest Algorithm) (Darren New)
Re: How can I see the symmetric enncryption keysize in SSL? ("Nathan Sherman")
Re: Newbie Question: Crytography - Unlimited Inputs/Outputs? (wtshaw)
Re: FYI: Results on EM attacks on smart cards (Mike Rosing)
Re: Are low exponents a problem with RSA? (Bill Unruh)
----------------------------------------------------------------------------
From: "Scott Fluhrer" <[EMAIL PROTECTED]>
Subject: Re: TC15 analysis
Date: Tue, 15 May 2001 22:42:23 -0700
Tom St Denis <[EMAIL PROTECTED]> wrote in message
news:sOiM6.101727$[EMAIL PROTECTED]...
>
> "Scott Fluhrer" <[EMAIL PROTECTED]> wrote in message
> news:9dsd5f$97b$[EMAIL PROTECTED]...
> >
> > Tom St Denis <[EMAIL PROTECTED]> wrote in message
> > news:s8gM6.100647$[EMAIL PROTECTED]...
> > >
> > > "Scott Fluhrer" <[EMAIL PROTECTED]> wrote in message
> > > news:9drhq3$vaa$[EMAIL PROTECTED]...
> > > >
> > > > Tom St Denis <[EMAIL PROTECTED]> wrote in message
> > > > news:4zeL6.76746$[EMAIL PROTECTED]...
> > > > > I started my analysis of TC15 (more than just poking). I am
looking
> > for
> > > > low
> > > > > hamming weight differentials (i.e low active sbox count).
> > > > I just verified that there are no single round iterative
differentials
> > (at
> > > > any probability level) with hamming weight 6 or less.
> > >
> > > May I ask *how* you analyzed it. That's more meaningful then just the
> > > results.
> >
> > Ok, I considered all possible differentials into the start of a round
with
> > Hamming weight of 6 or less (well, 7 now, as my computer completed
> searching
> > over 7 since I last posted). Since the cipher is circularly symmetric
as
> > far as differentials are concerned (rotating all the variables by the
same
> > amount preserves the differential behavior), that reduced the search
> > somewhat. For each such differential, I computed how it would flow
> through
> > the linear transform, and then see if the sbox could possibly transform
> that
> > differential back to the original one (possibly circularly rotated).
>
> I dunno what you mean by "rotating all the variables by the same amount
> pre...". my LT doesn't do a simple rotate...Maybe I am looking at it
> wrong...
TC5 consists of three different operations:
- Xoring in of key material
- Fixed 32 bit rotates
- 32-bit-wide xors/and/ors
For all these three operations, if you take a differential input, and apply
a rotate of (say) 7 bits to the right, then the output differential will
also be rotated 7 bits to the right. And hence, the entire cipher has the
property that if you have a differential (a,b,c,d) to (x,y,z,w) with
probability p, then you also have a differential (a>>>7,b>>>7,c>>>7,d>>>7)
to (x>>>7,y>>>7,z>>>7,w>>>7) with probability p.
Question for the student: this property does not hold for direct inputs: if
(a,b,c,d) encrypts to (x,y,z,w), then (a>>>7,b>>>7,c>>>7,d>>>7) might not
encrypt to (x>>>7,y>>>7,z>>>7,w>>>7). Why not?
>
> I have a relatively fast PC, maybe you could send me the source and I
might
> be able to learn from it/use it.
I won't bore the rest of the newsgroup with it -- I'll email it to you.
>
> > > > My next step: two round iterative differentials...
> > >
> > > Ahh keen.
> > It'll be a lot of work. Likely, I won't be able to do anything
> > exhaustive -- some pruning will be required to keep it feasible.
> > >
> > > So you found 1R differentials with 7 active sboxes? That would be
> > 16*7=112
> > > active sboxes ... way over the 64 limit.
> > No -- at that point, my computer completed the search to that extent,
and
> > I'm not working with "active sboxes", but input Hamming weight. It
still
> > hasn't found *any* 1R differentials. I found several differentials that
> > almost work -- it feels like there might be some simple reason why such
a
> > differential can't exist, but that reason escapes me so far.
>
> Well if you OR the four words together the hamming weight over GF(2^32) is
> the number of active sboxes. So if you have a HW of 7 that means 7 sboxes
> are active does it not? Or are you assuming differences occur in parallel
> bits?
No, a Hamming Weight of 7 means that there are 7 one's in the input
differential.
In any case, it turns out there was a bug in my program -- I had the sbox in
backwards (which brings up an obvious question -- would the cipher actually
be stronger if you inverted the sbox? Probably not). When I fixed that, it
did find a one round differential at hamming weight 7 (with probability
2**-15). The differential at the beginning of a round is (in binary):
00000000000000000000010000010001
00000000000000000000001000010000
00000000000000000000000000000000
00000000000000000000001000001000
The linear transform turns it into:
00000000000000000000000000000001
00000000000000000000000000011000
00000000000000000000001000011000
00000000000000000000010000001001
And each of the 5 active sboxes has a 2**-3 probability of turning the bits
within its column back into the column settings of the original
differential.
Obviously, this particular differential is not really a concern against the
full cipher. However, given a full code book, the fact that this
differential really is 32 different differentials (by rotational symmetry)
and the fact that the cipher doesn't avalanche all that well, I suspect that
this can be used to attack 10 or 11 rounds, by having the differential go
through the first 8, and the last 2-3 rounds not quite covering up the
evidence well enough.
>
> May I ask what you think about the cipher so far? Good/bad?
Well, it is certainly elegant, and has no profoundly obvious weaknesses
(although the differential above cuts too close into the safety margin for
me to be comfortable -- a few more rounds may be warrented). A quick cycle
count implies that it has a respectable, but not outstanding, speed in
software. However, the program should be shortish (the expanded key
schedule is too large to be called really short), and assuming the key setup
isn't too obnoxious, a hardware implementation would appear to take up
hardly any transistors at all.
>
> > And, yes, I'm working with the May 12 version
>
> Goody :-)
>
> Thanks for your posts your a really nice person helping us lowly amateurs.
>
> Tom
>
>
------------------------------
From: Anton Stiglic <[EMAIL PROTECTED]>
Subject: Re: Probablistic Algorithms For Square Roots of QRs in Z/n
Date: Wed, 16 May 2001 11:02:54 -0400
Anton Stiglic wrote:
>
> Anton Stiglic wrote:
> >
> > Note that if p is prime and p = 3 mod 4, and a is a quadratic
> > residue mod p, then
> > a^{(p+1)/4} is a square root mod p of a.
> >
> > For p = 1 mod 4, only probabilistic algorithms are known.
> >
>
> And this is true because you can write
> a = a^(p-1)/2 * a (Fermat theorem)
> => a = a^(p-1)/2 * a^{1/2} * a^{1/2}
> (we can do this because a is a quadratic residue)
> => a = a^(p+1)/2
>
> => a^{1/2} = a^(p+1)/4 (again, we can do this because a \in Q_p)
Sorry, this last step is correct because p = 3 mod 4,
since p + 1 = 0 mod 4, p+1 can be divided by 4.
-- Anton
------------------------------
From: flip <[EMAIL PROTECTED]>
Subject: X9.31 PRNG
Date: Wed, 16 May 2001 15:37:29 GMT
Hi,
hopefully, this is not a repeat question.
I have been searching the web, but to no avail. Maybe someone here can help.
The PRNG described in ANSI X9.31 (RSA), has anyone here implemented it in C
code?
I would appreciate any pointers to such code if it exists.
Also, are there any thumbs up or down on said PRNG.
Thanks ... Flip
------------------------------
From: James Felling <[EMAIL PROTECTED]>
Subject: Re: What Is the Quality of Randomness?
Date: Wed, 16 May 2001 10:38:41 -0500
The unfortunate thing about Chaitin randomness on finite length strings is that
it is a useful comparator only in limited circumstances. That being:
The case where you are discussing randomness versus a specific formal descriptive
language or a specified set of descriptive languages. This is the only case
where such comparisons are useful for finite strings. Why? Because the
compactness of your description depends upon the formal language's
characteristics. I.e. if it is an open choice, Given a finite string S,and a
constant C, I can always find Languages with the property that shortest
lengthof description in L1 of S =C + Length of description in L2 of S.
Tim Tyler wrote:
> Trevor L. Jackson, III <[EMAIL PROTECTED]> wrote:
> : Tim Tyler wrote:
> :> Benjamin Goldberg <[EMAIL PROTECTED]> wrote:
>
> :> : There is no such thing as a random sequence, only a random source.
> :>
> :> Well, "random sequence" is a meaningul term - provided one uses the notion
> :> of randomness that derives from Chaitin and Kolmogorov, rather than from
> :> Shannon.
>
> : I disagree. Chaitin's usage of the term random encompasses at least three
> : otherwise distinct meanings. There is less there than meets the eye.
>
> I've not heard that before:
>
> According to the Chaitin/Kolmogorov ideas, randomness would be defined
> with respect to a formal descriptive language. Random strings would be
> those that are incompressible with respect to that language, and more
> ordered strings would be compressible.
>
> That's the idea I was referring to, anyway - such strings are sometimes
> called "algorithmically random".
>
> http://www.cs.unm.edu/~sto/files/chaitin.html puts it like this:
>
> ``the idea that I came up with - and Kolmogorov came up with at the same
> time independently - is the idea that something is random if it can't
> be compressed into a shorter description, if essentially you just have
> to write it out as it is.''
> --
> __________ http://rockz.co.uk/ http://alife.co.uk/ http://hex.org.uk/
> |im |yler http://atoms.org.uk/ http://mandala.co.uk/ [EMAIL PROTECTED]
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Best, Strongest Algorithm
Date: Thu, 10 May 2001 11:38:50 -0700
"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> [EMAIL PROTECTED] (Joseph Ashwood) wrote in <OXFxVM$1AHA.190@cpmsnbbsa07>:
>
> >
> >"SCOTT19U.ZIP_GUY" <[EMAIL PROTECTED]> wrote in message
> >news:[EMAIL PROTECTED]...
> >> Actually when it comes to crypto [in the United States] the NSA has
> >> the
> >final word.
> >
> >That is to some degree correct. They are in a position to exert undue
> >force on the decision. However the simple fact that the selection of
> >Rijndael was well-founded in the original goals of the AES selection
> >process, and that all the finalists were asked barring their own
> >submission which should win, they all (except the Rijndael team of
> >course) agreed that Rijndael was the preferred choice. So while the NSA
> >may have had the final word, that word coincided with the publicly
> >ascertained desires of the contestants themselves, some of the finest
> >cryptanalysts in the world.
>
> Give me a break. Why don't you pat them on the back again. I
> suspect the finest cryptananlysts are really in the NSA. The public
> guys are only recognized because of the closed mutual admiration
> society that they formed and want every one else to kiss there
> asses. David Wagner for example couldn't even figure out how scott19u
> works. And claimed his slide attack made mince meat of it. He was
> wrong. Is he one in this class of finest cryptanalysts in
> your view of the world he admitted he really never fully looked
> at it. He can't even understand combilible source code.
You seem to have missed the point. There were the AES selection process was
done in public view, based heavily on public opinion. Of the finalists 3
were considered good enough to be AES; Rijndael, Serpent, Twofish, Rijndael
is one of them, and it was selected. Based on the input of the involved
Rijndael was first choice. Who I personally believe and do not believe to be
among the world's best cryptanalysts has nothing to do with it, the simple
observable facts of the matter are that the generally preferred algorithm by
the public was chosen to be AES. From that view it does not matter is the
NSA wanted Rijndael chosen or not.
>
> >
> >> [EMAIL PROTECTED] (Joseph Ashwood) wrote in
> >> <envXT2m0AHA.274@cpmsnbbsa07>:
> >
> >[snip I said something about Rijndael]
> >> The ciphers the NSA uses for the government are not open for
> >> us to view. There is no reason to believe that Rijndael is any
> >> where close to the secret ciphers the NSA uses.
> >
> >You'd be surprised how open they actually are. Not blatantly so, but we
> >do have knowledge of key sizes, number of instructions, block sizes,
> >cipher type, and sometimes knowledge of ancestry. Additionally we can
> >gain more information by looking at the devices they purchase from the
> >private sector for exactly these purposes. So no I don't know exactly
> >what each cipher the government uses looks like, but I have a general
> >idea that Rijndael is decent company for them, and quite likely their
> >equal. The only concern that remains is the statement by Coppersmith
> >during the AES process, stating that MARS was designed to protect
> >against still classified forms of attack, attacks the other authors have
> >no (public) knowledge of. I believe in the next few years this situation
> >will change. We already have evidence that the public cryptanalytic
> >activities are closing on the secret, and we have evidence that the
> >attack on SKIPJACK was unknown to them, and that ECC took them by
> >surprise. These indicate to me that the public knowledge is lacking
> >mostly small portions of knowledge; bits and pieces from classified
> >books, and the design of the current ciphers.
>
> And you belive that Coppersmith has knowledge that MARS was
> designed againest all forms of attack even those that the government
> says are classied.
I never said "I believe . . . " I said "statement by Coppersmith . . ."
these have different meanings.
> I suspect SKIPJACK was designed weak. Don't forget it was for
> the clipper chip to be used by all.
Exactly why it didn't need to be designed weak, it was designed exclusively
for use in tamper-resistant hardware. Has only an 80-bit key, and to make
matters worse was to be always used with a Law Enforcement Access Field.
Placed in that situation using a weak cipher would not have been reasonable,
using a cipher of the correct strength would have been very reasonable.
> Just like vanilla RIJNDEAL has to be weak
> the NSA would be foolish to allow a strong cipher for common people
> to use.
Then by your own arguments why have they allowed you to keep peddling your
"strong" scottXu? If a strong cipher cannot be allowed to be in the hands of
general citizens why are you allowed to continue? Please note that this does
not constitute an endorsement of any cipher designed by D Scott.
> >
> >> Rijndael will
> >> only be implimented in modes the NSA can safely break.
> >
> >There is no evidence of that, and significant evidence to the contrary.
> >Strictly speaking if you believe that Timmermans BICOM is a secure
> >implementation of Rijndael then by your judgement there is an
> >implementation of Rijndael in a secure mode, which violates your initial
> >statement.
>
> You miss the point. BICOM is not and will not be recognized by
> the crypto gods as an implimation of Rijndeal for various reasons.
Mostly because of your blatant misstatements about it.
> One the people in charge don't seem to understand bijectiveity and
> have even emailed me saying Matt could not do that.
If you remember correctly I'm one of them. And I still stand by the
statement that it is impossble to dependably compress the output of a good
encryption function. At one point you specifically stated that BICOM could
output a single byte output that was Rijndael encrypted, that always has
been, and always will be the problem.
> Second only
> nobijective or weak counter mode types of chaining will be allowed.
> Yes tell me counter mode will be great. I don't belive it.
If you check, I've never said that counter mode is good. It has some good
behavior under controlled situations but in general it's just an XOR-based
stream cipher with all the problems that come along with it, as well as all
the problems that come with being a block cipher. Now about "non-bijective"
modes, you're full of something and I can smell it from here. Encryption is
by nature bijective, the chaining mode has nothing to do with whether or not
a randomly chosen stream can be decrypted. You have been told this
repeatedly, at least one other time by me.
> If the AES thing is for real they should at least have a few
> slow secure chaining modes for those paranoid about file encryption.
Slow does not imply secure. Would you feel safer if I said "oh it's just ECB
mode with a 1 decade wait between blocks"? You shouldn't, slowness of
execution does not imply strength in any way. If you honestly wanted a
different mode of operation NIST would have accepted your submission (if it
had been readable) and would have considered what you had done on equal
footing with everyone elses, if for no other reason than there are no
individuals that have a reputation for building a great chaining mode.
> >> However that said I think one can foil the NSA by at least not
> >> using weak modes and by using fully bijective versions of Rijndael
> >> such as Matts BICOM.
> >
> >Earlier you said "Rijndael will only be implimented in modes the NSA can
> >safely break" please feel free to correct whichever one you believe to
> >be in error.
>
> Let me state in a way you can understand.
You might try saying it in a way that is consistent with itself instead. It
would be far more useful.
> >
> >> Instead of versions that will help the NSA
> >> breaking system. One should never have a sytem where is possible that
> >> one key is the only one that works. In Matts system at least all of
> >> the keys point to a potinally file.
> >
> >And prove to me why use BICOM provides a situation where more than one
> >key will produce a sensible decryption. That proof will be very hard, if
> >not impossible, without breaking Rijndael in which case you'll have
> >something much better to publish.
>
> I am not sure what your driving out. Are you saying I can't find
> an example of decyrpting some encrypted file with more than one
> key and get to files that I might have actaully encrypted.
Actually that's fairly exactly what I'm saying.
> Becasue thats not to hard. Especailly if I use a different bijective
> compressor in front of BICOM assuming your talking text files.
No that's not allowed. You have said that BICOM satisfies this alone, prove
it.
>
> >
> >> The NSA wants to be able to
> >> read all encrypted messages.
> I doubt they have time to look at every thing ... Its mostly
> decrypt by machine and look for key words or phrases.
So if I say something like "President Bush is an idiot and I await the
judgement of the curses of the zeros in the hopes that someone will
assassinate him" I should expect a visit from a particularly anti-social
individual. I have severe doubts that I will be visited. Tell ya what, if I
get a visit I'll tell you.
> I supose
> depending on the political agenda being followed at the time different
> messages will make it higher up the que to where some one might want
> to look at it. For example some big contract we may lose to our
> enemy the french. If we get good info on it we can help our own
> corparation in there bids. Is not that the main use for the NSA
> at this time?
Unfortunately the entire purpose of our military and related agencies seems
to be to protect our fiscal assets (i.e. World Skirmish I, aka Desrt Strom).
Joe
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Integrity check algorithm
Date: Thu, 10 May 2001 11:49:13 -0700
"Uros Podlogar" <[EMAIL PROTECTED]> wrote in message
news:9ddmd2$sie$[EMAIL PROTECTED]...
> I read about RSA and if I understand correct there is quite opposite. You
> encode the message with public key, but you can decode this message only
> with private key. I would like to encode message with private key and then
> decode this message with public key. With this function everybody could
> check message integrity, but no one could generate new message.
That's the normal method, however RSA can be used in the other direction
also, with the same code (swapping public and private key values). This
works because of the basic nature of the public and private keys, at their
most basic they are:
public_key = {e, n}
private_key = {d,n}
and the fact that the equation used for encryption and decryption are the
same.
Additionally what Tom was suggesting was a digital signature, not to simply
encrypt the file that way. A digital signature (using RSA, in a secure
fashion) works like this:
data= input data
hash = SHA-1(data)
rand = random number of size (size(modulus)-1-size(sha-1))
hash2 = SHA-1(rand | hash)
signature = RSA_Decrypt(rand | hash2)
where | is concatenation. To verify:
data = input data
hash = SHA-1(data)
rand | hash2 = RSA_Encrypt(signature)
if(SHA-1(rand | hash) = hash2)
signature is valid
else
signature is invalid
There are several variations on this type of signature, most of which are
highly secure, and well documented.
Joe
------------------------------
From: "Joseph Ashwood" <[EMAIL PROTECTED]>
Subject: Re: Are low exponents a problem with RSA?
Date: Thu, 10 May 2001 11:52:13 -0700
Yes there is. To avoid going into any details, choose exponents of at least
65537.
To go into more detail, with an exponent of k, if the same message is sent
to k keys the message can be recovered. I personally like to use public keys
of at least half the size of the modulus, but that's rather excessive by
almost any measure.
Joe
"Matthew Kwan" <[EMAIL PROTECTED]> wrote in message
news:9ddhpj$ncj$[EMAIL PROTECTED]...
> Quick question about generating public/private keys for RSA.
>
> Given the encryption function C = (P^e) mod n where (e,n) is
> the public key, is there any security weakness in choosing a small
> value of e?
>
>
> mkwan
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Subject: Re: ON-topic - UK crime statistics (was Re: Best, Strongest Algorithm)
Date: Wed, 16 May 2001 16:31:25 GMT
"Trevor L. Jackson, III" wrote:
> And in the U.S.
Actually, it depends on the state. Murder is a state crime, not a fedral
crime.
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
This is top-quality raw fish, the Rolls-Rice of Sushi!
------------------------------
From: "Nathan Sherman" <[EMAIL PROTECTED]>
Subject: Re: How can I see the symmetric enncryption keysize in SSL?
Date: Wed, 16 May 2001 09:42:27 -0700
"no_carrier" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> When I visit a SSL secure site with InternetExplorer I can see the
security certificate and I can
> see the RSA keysize and the Hash algorythm used.
> However I haven't found a way to see the size of the symmetric key used
for the session, which is
> very important too.
>
When I go to amazon.com and log in, I can click on File... Properties and I
see "Connection: SSL 3.0, RC4 with 128 bit encryption (High); RSA with 1024
bit exchange"
If I hit Certificates... at the bottom of the tab and click on the Details
tab, I see that the thumbprint algorithm is SHA-1 and the signature
algorithm is MD5 RSA.
What else do you need to know?
X
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Newbie Question: Crytography - Unlimited Inputs/Outputs?
Date: Wed, 16 May 2001 10:44:56 -0600
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> [EMAIL PROTECTED] (news.singnet.com.sg) wrote in
> <9dt90f$jk3$[EMAIL PROTECTED]>:
> >
> >I read/heard somewhere that given an encryption system where the tester
> >is allowed an unlimited number of inputs and outputs, that the system
> >itself will always be possible to break. Is this true?
> >
Unlimited is a big quantity.
>
....
>
> Part of the game of crypto is to keep people goging down false
> trails so the NSA can keep reading your mail. ANd so far the US
> as gone a bang up job keeping people in the dard. And you will get
> many beutiful responses saying that I am lying to you.
>
What Dave is saying is true to the extent that the essence of good crypto
is deception. Use of it is the very thing that the BBW would growl is
unfair and should not be except for his purposes. Politicians want to
somehow dismiss scientific truths and preach that fighting is hopeless.
In theory, what you suggest is always true, but the real world is not
unlimited by a long shot, even those that want to think that they are in
charge.
--
George W. Bush is the weakest link...guh bye.
------------------------------
From: Mike Rosing <[EMAIL PROTECTED]>
Subject: Re: FYI: Results on EM attacks on smart cards
Date: Wed, 16 May 2001 12:01:19 -0500
After reading the paper all the way thru, I was wondering about other attacks.
I'd classify these as "passive" because you're just listening to the device.
What about active EM attacks? Not the same as the failure mode attack where
you try to get a bit stuck, but more of a resonance mode method which may
enhance the signal for each bit flip, or bypass good shielding by giving
internal signals a good path to the outside world.
Seems like a lot of research can be done on this :-)
Patience, persistence, truth,
Dr. mike
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: Are low exponents a problem with RSA?
Date: 16 May 2001 17:07:45 GMT
In <u0zrcOY2AHA.302@cpmsnbbsa07> "Joseph Ashwood" <[EMAIL PROTECTED]> writes:
]Yes there is. To avoid going into any details, choose exponents of at least
]65537.
]To go into more detail, with an exponent of k, if the same message is sent
]to k keys the message can be recovered. I personally like to use public keys
]of at least half the size of the modulus, but that's rather excessive by
]almost any measure.
But most versions of RSA are used to distribute keys for symmetric
cyphers, and since those keys are less than 1024 bits, they are padded,
with random stuff. Ie, RSA in any half way decent implimentation does
not send the same message to 2 never mind n different people.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
