Cryptography-Digest Digest #374, Volume #14 Thu, 17 May 01 18:13:00 EDT
Contents:
Re: ON-topic - UK crime statistics (was Re: Best, Strongest Algorithm) ("Douglas A.
Gwyn")
Re: OFF-topic by now - UK crime statistics (was Re: Best, Strongest ("Douglas A.
Gwyn")
Re: Not a realistic thing to do......Why? (John Savard)
Re: How to develop a 64-bit key ("Mr. Nice Guy")
Re: taking your PC in for repair? WARNING: What will they find? ("blackc1")
Re: Cryptanalysis Question: Determing The Algorithm? (Mok-Kong Shen)
Re: Kernaugh maps (try #2) ("Jeffrey Walton")
Download URL for WincryptIDEA (TMechan)
Evidence Eliminator ("Jeffrey Walton")
Re: OAP-L3: "The absurd weakness." (Anthony Stephen Szopa)
Re: mathematical definition of phi ("Dopefish")
Re: PRNG question from newbie ("Henrick Hellström")
Re: Kernaugh maps (try #2) ("Tom St Denis")
Questionable security measures (CIC and Cloakware!) ("Tom St Denis")
Re: Evidence Eliminator ("Jeffrey Walton")
Re: Questionable security measures (CIC and Cloakware!) (Mok-Kong Shen)
Re: Questionable security measures (CIC and Cloakware!) ("Tom St Denis")
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: ON-topic - UK crime statistics (was Re: Best, Strongest Algorithm)
Date: Thu, 17 May 2001 19:37:02 GMT
Richard Herring wrote:
> In article <[EMAIL PROTECTED]>, Douglas A. Gwyn ([EMAIL PROTECTED]) wrote:
> > Note: You don't have to actually shoot them; it's the fear
> > of being shot that has deterred many potential home invasions.
> If they didn't take place, how do you know?
It's the most direct explanation for the observed correlations,
and is supported by interviews with professional criminals.
> In any case, even quite stupid thieves usually have the wit to
> target empty houses.
Invasions of occupied homes sharply increased in the countries
we mentioned after more home firearms were confiscated.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: OFF-topic by now - UK crime statistics (was Re: Best, Strongest
Date: Thu, 17 May 2001 19:46:33 GMT
"Trevor L. Jackson, III" wrote:
> And in the U.S. B&E, while a violent crime, does not rise to the level
> of a threat of death or great bodily harm. The only actions that
> justify a potentially lethal response are rape, arson, a lethal threat
> and their respective attempts.
That's not quite right, and the details are jurisdiction-dependent.
In most US jurisdictions, one may lawfully use deadly force to stop
what a reasonable person would perceive to be an immediate threat
of death or grave bodily harm to self or others to whom one is
commonly considered to owe protection (family, guests). In some
US jurisdictions uninvited intruders (trespassers) in one's home
are assumed de facto to present sufficient threat to permit use of
deadly force. However, once they are fleeing the scene, the law
considers the immediate threat to have passed. For specific
information on the theoretical rules *and* their practical
implementation in your own jurisdiction, it is best to consult a
local specialist in such laws. In the basic handgun training
I underwent many years ago, this topic was an important part of
the course.
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Not a realistic thing to do......Why?
Date: Thu, 17 May 2001 20:17:06 GMT
On Thu, 17 May 2001 14:34:27 -0500, James Felling
<[EMAIL PROTECTED]> wrote, in part:
>Whoops. I forgot a smiley on my post. Sorry.
Well, actually, I realized you were kidding - you were responding to
the inventor's claim that it couldn't be decrypted, even with the key!
But I thought it was still worth mentioning that this cipher _appears_
to be probabilistic. Maybe a kind of steganographic triple Aryabharata
or something.
I have a suspicion that in practice you can use any text as your
"message", but the "key" can't be produced in advance of deciding what
you want to say, or the steganography would work poorly - so the key
is really the message, and the message is really the key. This is a
common failure mode of "clever" steganographic ideas.
John Savard
http://home.ecn.ab.ca/~jsavard/frhome.htm
------------------------------
From: "Mr. Nice Guy" <[EMAIL PROTECTED]>
Subject: Re: How to develop a 64-bit key
Date: Fri, 18 May 2001 03:21:02 +0700
What is PRNG?
"ritesh_swd" <[EMAIL PROTECTED]> wrote in message
news:000801c0de0c$7de4e2e0$[EMAIL PROTECTED]...
Hi ALL:
I am a amateur cryptographer working in DES.i want to develop a PRNG for the
DES.Can help me which algortihm to use for the generation.Provide me with
detailed algorithm.
Thanking you.
Sincere Regards
Ritesh
------------------------------
From: "blackc1" <[EMAIL PROTECTED]>
Crossposted-To:
alt.privacy,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server
Subject: Re: taking your PC in for repair? WARNING: What will they find?
Date: Thu, 17 May 2001 15:40:41 -0500
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
"EE Support" <[EMAIL PROTECTED]> wrote in
message news:qihM6.10096$[EMAIL PROTECTED]...
> By now you will have witnessed the mass hysteria about Evidence
> Eliminator.
>
> Evidence Eliminator is a really easy-to-use one click program which
> is fully proven to defeat all forensic analysis software.
>
> It can defeat even the tools used by the US Secret Service, and the
> USA Customs Service and LAPD.
Wrong. Data can be recovered after using this product.
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBOwQ3RwdsIqSi1TBNEQIZXwCguj0e57m6LvFv1J/V4i+Q1M3J8iwAoPtA
kn03znZurLzovP0dLCo1E5sk
=2mvq
=====END PGP SIGNATURE=====
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Cryptanalysis Question: Determing The Algorithm?
Date: Thu, 17 May 2001 22:52:29 +0200
"Bo Dömstedt" wrote:
>
[snip]
> First, we need a sufficiently large algorithm space (to prevent serial
> or parallel search as discussed above). We have seen (indications on)
> that this is no problem, but I feel that most readers don't think that
> this is obvious at all. This is due to that most conventional block
> ciphers are iterated substitution/transposition ciphers, and what
> else can possibly exist??
If a block cipher is parametrizable, that could help, I
suppose. It could also be profitable to combine stream
and block techniques in my humble view.
>
> Second we must prevent the cryptanalyst from learning which algorithm
> we are using. We may use physical protection means, and zero out
> the algorithm, when a physical attack is detected on a cipher machine.
> (This function is advantageous anyway, and is required in FIPS 140-2
> level 3-4 compliant implementations).
>
> We may, however, annoy the cryptanalyst by using several cipher
> algorithms. We may even select cipher algorithms on the fly, possibly
> as a function of the IV (or similar arrangement...).
>
> The size of the set of possible cipher algorithms, that we can select
> from, will be limited to maximum available entropy. How much entropy
> do we have, when encrypting? What algorithm space would that
> correspond to, for a communication network? We note that if the
> entropy level is estimated to be insufficient, we may use a hardware
> random number generator to reach any level of entropy.
> (Now the AD: http://www.protego.se/sg100_en.htm)
Making choices of the algorithms (or component algorithms
for multiple encryptions), which could also change
dynamically, is a good way of employing additional 'key'
materials, I suppose.
M. K. Shen
------------------------------
Reply-To: "Jeffrey Walton" <[EMAIL PROTECTED]>
From: "Jeffrey Walton" <[EMAIL PROTECTED]>
Subject: Re: Kernaugh maps (try #2)
Date: Thu, 17 May 2001 16:59:34 -0400
: So the Kernaugh map is just a way to
: optimize the expressions for where a 1 occurs in the table?
I find it easier and less error prone than reducing by hand. As jlcooke
stated, it can be bone with min terms (0s) also.
Also, this method only works for 4 inputs (possibly 6 if you can do this
with a cube - that would be impressive, but not impossible).
If you eventually want to reduce larger equations (for example, 8
inputs), use the Quine-McClusky method. This method has the added
benefit of being programmable. Its a little more difficult to work by
hand.
A while back, I tired building my own PCI cards. I managed to smoke out
my motherboard. So I won't be able to help you with the hardware
implementation. I don't know enough. Sorry.
Jeff
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:CoNM6.117286$[EMAIL PROTECTED]...
:
: "Jeffrey Walton" <[EMAIL PROTECTED]> wrote in message
: news:3b034702$0$[EMAIL PROTECTED]...
: > Tom,
: >
: > Here's how I would group them. I omitted the row and column headers
: > (e.g., ab 00 01 10 11)
: > ---
: > | 1 | 0 0 0
: > --- ---
: > 0 0 0 | 1 |
: > -------- |---|
: > | 1 1 | 0 | 1 |
: > | | |---|
: > | 1 1 | 0 | 1 |
: > ------- ---
: >
: > A) Taking the quad is given (the four grouped at the lower left hand
: > side). This is f = a'c.
:
: Ahh that's what blows my mind half the time is that each of the
little
: subexpressions only need to involve the bits required to make up the
: pattern. So because the bottom square only exists where a is zero and
c is
: one the expression a'c will make it.... neato.
:
: > B) The lone 1 at the upper left hand corner is combined (shared)
with
: > the lower left 1 of the previously taken quad. (Remember, k-maps can
: > loop like this). This is f = a'b'd'.
: >
: > The three on the lower right hand side is two groups lying one over
top
: > of the other:
: > ---
: > | 1 | ---
: > | 1 | AND | 1 | <== shared by both
: > --- | 1 |
: > ---
: >
: > C) So, the upper pair is f = ab'd.
: > D) And the lower pair is f = ab'c.
: >
: > Also note: My choice of grouping with C) and D) we kind of
arbitrary.
: > I had to take the upper group to get the 1 in at ab'c'd. This left
the
: > remaining 1 to be grouped with something, and I choose as shown
above.
: > You could also group it with part of the quad and get the same
result.
: >
: > So, my final equation would be f = a'c + a'b'd' + ab'c + ab'd
: >
: > BTW, Can you change the font on your news reader to a Fixed Font
such as
: > Courier? The response will look better (align properly).
:
: Yup fixed with font made it better. So the Kernaugh map is just a way
to
: optimize the expressions for where a 1 occurs in the table?
:
: Thanks,
: Tom
------------------------------
From: [EMAIL PROTECTED] (TMechan)
Date: 17 May 2001 21:17:14 GMT
Subject: Download URL for WincryptIDEA
http://members.aol.com/TMechan/WinCryptIDEA.exe
I.D.E.A. for Windows encrypts Windows
95/98 and Win NT 4.0 files and folders
By dragging and dropping files, you encrypt them using
the International Data Encryption Algorithm,
also known as 128 bit I.D.E.A -
------------------------------
Reply-To: "Jeffrey Walton" <[EMAIL PROTECTED]>
From: "Jeffrey Walton" <[EMAIL PROTECTED]>
Subject: Evidence Eliminator
Date: Thu, 17 May 2001 17:29:18 -0400
Did these people ever publish their methods for review? That is, how
many writes occur, what is written (all 0s vs. random bit strings). If
they are using PRNG, the statistical analysis of their PRNG (normal,
chi-square, x^2 distributions). I think Menenzes, et al, has 5 basic
tests for randomness in their book.
The following page (currently down) has a nice article about reclaiming
from not only magnetic media, but volatile RAM after power down. It was
written in 1996, with a scheduled update in 1999. This is the link to
the 1996 paper:
http://nondot.org/sabre/os/H3Disks/SecureDeletion.html
I saved a copy of the page a while back if someone cannot hit the link.
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker,talk.politics.crypto
Subject: Re: OAP-L3: "The absurd weakness."
Date: Thu, 17 May 2001 14:26:03 -0700
James Felling wrote:
>
> Anthony Stephen Szopa wrote:
>
> > James Felling wrote:
> > >
> > > Anthony Stephen Szopa wrote:
> > >
> > > > James Fe
><SNIP>
>weakness. ( Do you know why? Study the Enigma for a
> clue)
"Note that this particular scramble process should only be performed
once on any MixFile(X) because for any number of times it is
performed an equivalent outcome can be attained by performing the
process just once with another appropriate ten-digit sequence. The
odds against will not change. "
This is quoted right from the Help Files description for the Scramble
Process. Over the past couple of years there have been many many
people from all around the world who have downloaded the OAR-L3
software with these identical Help Files as well as many who have
the full version of OAP-L3 who only need to run the software and
read the incorporated help files to see for themselves that this
quote is in there.
You did not bring this to anyone's attention. And I had no need to
take your advice on this point or change the Help Files because of it.
Nowhere in the help files do I say or even imply that the processes
provided with OAP-L3 are exhaustive or that no other processes exist
that can be used for similar purposes. I could have sworn I said as
much in the help files but I could not find it. Maybe I missed it
when I looked for it or maybe I said as much in a news group post
some time ago. Either way, your coming up with another process is
not surprising in the least.
The processes chosen for OAP-L3 were chosen for their simplicity and
ease of use. Generating and inputting a 14 digit sequence of numbers
is far easier than inputting a sequence of 105 numbers, and running a
process that uses only a 14 number input sequence is far easier to
implement and runs faster. The object of the software and the
processes in it is to attaining a desired OTP file security level
which makes cracking the encrypted messages generated using the OTP
files from OAP-L3 practicably unbreakable by scrambling the entire
3,628,800 possible permutations of the digits 0 - 9 unpredictably.
This can be achieved using these 14 number sequences in the
particular processes concerned and other number sequences for other
processes in OAP-L3.
I am sure that your example of randomly ordering 105 permutation
groups is of some minor interest to some. Why settle for 105
permutation groups, or even 210, or 420, etc.? Isn't randomly
ordering only a 105 permutation group merely an inefficient way of
randomly ordering the 3,628,800 permutation group? Why not just go
for it and randomly order the 3,628,800 permutation group right from
the get go. Then you would have 3,628,800! possibilities.
Hope you get it. Do you get it?
Here is a clue: if you randomly shuffled the 3,628,800 permutation
file from the get go then you wouldn't need any of the processes in
OAP-L3. Furthermore if you randomly shuffled the 3,628,800 permutation
file from the get go then you wouldn't even need any random number
generator or encryption software at all. You could just use your
random process to generate random numbers that then could be used to
encrypt messages directly.
Are you simply arguing that if you do not use true random numbers in
encryption then you do not have random encryption, or that to use
random input to generate a stream cypher where you use more output
data than random input data provides less than random encryption, or
both?
So far, you seem to have sure gone out of your way to argue the most
fundamental encryption dogma. So far, you have not offered us
anything new except how to subtly obfuscate a well known principle.
Mind you, I said, "So far." I am not through reading or evaluating
your reply post.
Furthermore, the output from the random digit generator is not used
to encrypt messages. You must surely know this. And only about 70%
of the random digit output is randomly used to generate random
numbers from 0 - 255. And you should know that these random number
files are processed further before the final OTP file generation
process is used that takes more random user input. Your comparing
OAP-L3 to Enigma is the greatest enigma of you fundamental position.
I will get back to you again on your reply post with more specifics
in a day or two.
Thanks for the challenge.
------------------------------
From: "Dopefish" <[EMAIL PROTECTED]>
Subject: Re: mathematical definition of phi
Date: Thu, 17 May 2001 16:30:44 -0500
i've had the GCC thing for a few weeks but a dude at school keeps forgetting
to bring his graphlink so that i can buy it (he will sell it to me for $10)
fish
--
<sig>
begin OE-fishsig.sig
======BEGIN SIGNATURE======
A.K.A "Dopefish" or "fish" for short on Usenet.
Microsoft? Is that some kind of toilet paper?
"Rockin' the town like a moldy crouton!"
- Beck (Soul Suckin' Jerk - Reject)
"Help me, I broke apart my insides. Help me,
I've got no soul to sell. Help me, the only thing
that works for me, help me get away from
myself."
- Nine Inch Nails (Closer)
=====BEGIN GEEK CODE BLOCK=====
Version: 3.12
GO dpu s++:++ a---- C++++ U--->UL
P L+ E? W++ N+++ o+ K--- w+>w+++++
O--- M-- V? PS+++ PE Y-- PGP t 5--
X+ R tv b+ DI D+ G-- e- h! r z
======END GEEK CODE BLOCK======
(www.geekcode.com)
======END SIGNATURE======
`
end
Jim Steuert <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> There is an excellent port of the gcc compiler to the ti89 (and ti92p)
> (10Mhz 68000)
> called tigcc, and excellent ports of various libraries. The ti89 even has
> some rsa
> functions. I've actually used tigcc for a single 4000+ line c program.
> And also an excellent emulator for the pc called vti.exe. I don't know
> of any port of a bignum type library. On this version of gcc, int means
> short, so
> be sure to use "long int" for 32-bit ints. The ti89 and ti92p (I have
> both) are
> great, albeit a bit slow compared to a 150 Mhz mips or 206Mhz strongarm
> pocketpc.
> (there is a free dev kit from Microsoft for the pocketpc also, which I've
> used)
>
> Dopefish wrote:
>
> > is there some sort of mathematical expression that i could use to find
> > phi(n) on my TI-89 calculator?
> >
> > fish
> >
> > --
> > ------BEGIN SIGNATURE------
> > A.K.A "Dopefish" or "fish" for short on Usenet.
> >
> > Microsoft? Is that some kind of toilet paper?
> >
> > "Rockin' the town like a moldy crouton!"
> > - Beck (Soul Suckin' Jerk - Reject)
> >
> > "Help me, I broke apart my insides. Help me,
> > I've got no soul to sell. Help me, the only thing
> > that works for me, help me get away from
> > myself."
> > - Nine Inch Nails (Closer)
> >
> > -----BEGIN GEEK CODE BLOCK-----
> > Version: 3.12
> > GO dpu s++:++ a---- C++++ U--->UL
> > P L+ E? W++ N+++ o+ K--- w+>w+++++
> > O--- M-- V? PS+++ PE Y-- PGP t 5--
> > X+ R tv b+ DI D+ G-- e- h! r z
> > ------END GEEK CODE BLOCK------
> > (www.geekcode.com)
> >
> > ------END SIGNATURE------
>
------------------------------
From: "Henrick Hellström" <[EMAIL PROTECTED]>
Subject: Re: PRNG question from newbie
Date: Thu, 17 May 2001 23:30:44 +0200
Quoted from Phillip Rogaway
ECS 227 | Modern Cryptography | Winter 99
Lecture 2
>From Simple Primitives to Complex Ones:
The PRG ! PRF ! PRP Constructions
(Part I)
14 January 1999
Let f: A -> B be a function, with A a finite set. Let I be an adversary.
Define:
Adv^owf_f(I) = Pr[x <- A, y <- f(x): I(y) belongs to f^-1(y)]
A function f is a one way function if f is such that Adv^owf_f(I) < epsilon
for every adversary I, for some small epsilon > 0.
You might want to add that f is a secure hash function only if the keyed
function g_k: C -> B is a pseudo random function, where g_k(a) = f(k | a).
---
Henrick Hellström [EMAIL PROTECTED]
StreamSec HB http://www.streamsec.com
"Scott Fluhrer" <[EMAIL PROTECTED]> skrev i meddelandet
news:9e0r59$r65$[EMAIL PROTECTED]...
>
> Paul Crowley <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > "Roger Schlafly" <[EMAIL PROTECTED]> writes:
> > > Aarrgh. IMO, people should use different terminology if that is what
> > > they mean. The obvious meaning of "secure hash function" is that of
> > > a hash function such that usage as a hash function is secure from
known
> > > attacks. Behaving like a random oracle is a very different and
nebulous
> > > thing.
> >
> > What would you call a primitive whose goal is to behave like a random
> > oracle?
>
> A pseudorandom oracle?
>
> Actually, what's slightly more interesting would be the security
conditions
> such an object would attempt to meet. Here's a first cut:
>
> - A function PRO is a "pseudorandom oracle" if, given a test string X, a
> balanced boolean function B, and an oracle that returns the output PRO(Y)
> for any Y!=X, it is computationally infeasible for the attacker to guess
the
> value of B(PRO(X)) with probability 0.5+epsilon.
>
> I'm not happy with it -- it assumes that the attacker isn't given a
> description of PRO (otherwise he can compute PRO(X) directly). Anybody
have
> a better definition?
>
> --
> poncho
>
>
>
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Kernaugh maps (try #2)
Date: Thu, 17 May 2001 21:37:27 GMT
"Jeffrey Walton" <[EMAIL PROTECTED]> wrote in message
news:3b043aff$0$[EMAIL PROTECTED]...
> : So the Kernaugh map is just a way to
> : optimize the expressions for where a 1 occurs in the table?
>
> I find it easier and less error prone than reducing by hand. As jlcooke
> stated, it can be bone with min terms (0s) also.
>
> Also, this method only works for 4 inputs (possibly 6 if you can do this
> with a cube - that would be impressive, but not impossible).
>
> If you eventually want to reduce larger equations (for example, 8
> inputs), use the Quine-McClusky method. This method has the added
> benefit of being programmable. Its a little more difficult to work by
> hand.
I've seen a couple of sites about QM but they don't really explain what
happens... they mainly say "I start with xyz and end with abc"..
Any beginner info you can share?
Thanks,
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Questionable security measures (CIC and Cloakware!)
Date: Thu, 17 May 2001 21:40:35 GMT
Cloakware just released a product that uses CIC's signature detection
algorithms but they won't release the details (I know since I work for
Cloakware).
This is a shameful crypto-practice and both companies should be a shame of
themselves.
Reminds me of the RSA SecurID "scandal". It is secure because ... umm ...
we say so!
--
Tom St Denis
---
http://tomstdenis.home.dhs.org
------------------------------
Reply-To: "Jeffrey Walton" <[EMAIL PROTECTED]>
From: "Jeffrey Walton" <[EMAIL PROTECTED]>
Subject: Re: Evidence Eliminator
Date: Thu, 17 May 2001 17:56:28 -0400
Here's a better link:
http://www.usenix.org/publications/library/proceedings/sec96/full_papers
/gutmann/index.html
And Dr. Gutmann's conclusion:
"Data overwritten once or twice may be recovered by subtracting what is
expected to be read from a storage location from what is actually read.
Data which is overwritten an arbitrarily large number of times can still
be recovered provided that the new data isn't written to the same
location as the original data (for magnetic media), or that the recovery
attempt is carried out fairly soon after the new data was written (for
RAM). For this reason it is effectively impossible to sanitise storage
locations by simple overwriting them, no matter how many overwrite
passes are made or what data patterns are written. ..."
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Questionable security measures (CIC and Cloakware!)
Date: Thu, 17 May 2001 23:52:17 +0200
Tom St Denis wrote:
>
> Cloakware just released a product that uses CIC's signature detection
> algorithms but they won't release the details (I know since I work for
> Cloakware).
>
> This is a shameful crypto-practice and both companies should be a shame of
> themselves.
>
> Reminds me of the RSA SecurID "scandal". It is secure because ... umm ...
> we say so!
You said above that you are working for that firm? So
you are presumably under some sort of non-disclosure
agreement? (I simply wonder that you could scold your
employer publically without endangering your contract.)
M. K. Shen
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Questionable security measures (CIC and Cloakware!)
Date: Thu, 17 May 2001 22:05:22 GMT
"Mok-Kong Shen" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
>
> Tom St Denis wrote:
> >
> > Cloakware just released a product that uses CIC's signature detection
> > algorithms but they won't release the details (I know since I work for
> > Cloakware).
> >
> > This is a shameful crypto-practice and both companies should be a shame
of
> > themselves.
> >
> > Reminds me of the RSA SecurID "scandal". It is secure because ... umm
...
> > we say so!
>
> You said above that you are working for that firm? So
> you are presumably under some sort of non-disclosure
> agreement? (I simply wonder that you could scold your
> employer publically without endangering your contract.)
Technically I am like an intern at the company. I wasn't working on the
Signature stuff but when I asked if I could try analyzing it they told me
"We are under a NDA from CIC .. so no...".
I don't really blame Cloakware but I wish they would say "CIC if you want us
to use this we will go public".
My main function there is R&D so I would figure getting "info" would be part
of it... hmm..
So far what I have said to this usenet is not under my NDA... so that's no
prob...
I wish more people would speak up when their company does silly things.
Tom
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
