Cryptography-Digest Digest #384, Volume #14 Fri, 18 May 01 16:13:01 EDT
Contents:
DES Encryption - salt? ("Andreas Born")
Re: DES Encryption - salt? ("Tom St Denis")
Re: PGP details ("Harris Georgiou")
closed door example (again with Cloakware) ("Tom St Denis")
Re: PGP details (Gregory G Rose)
Re: A simple encryption algorithm based on OTP (wtshaw)
Re: Questionable security measures (CIC and Cloakware!) (wtshaw)
Re: Questionable security measures (CIC and Cloakware!) ("Tom St Denis")
Re: People with x86 cpus (please reply) ("M.S. Bob")
Re: OT lethal force; was: ON-topic - UK crime statistics (was Re: Best, ("Trevor
L. Jackson, III")
Re: People with x86 cpus (please reply) ("Tom St Denis")
Re: Questionable security measures (CIC and Cloakware!) ("Thomas J. Milford")
Re: Questionable security measures (CIC and Cloakware!) ("Tom St Denis")
TC15a x86 FYI ("Tom St Denis")
Re: Questionable security measures (CIC and Cloakware!) ("Douglas A. Gwyn")
Re: Questionable security measures (CIC and Cloakware!) (Darren New)
Re: Questionable security measures (CIC and Cloakware!) ("Tom St Denis")
Re: Questionable security measures (CIC and Cloakware!) ("Tom St Denis")
Re: Questionable security measures (CIC and Cloakware!) (Darren New)
Re: Questionable security measures (CIC and Cloakware!) (Darren New)
----------------------------------------------------------------------------
From: "Andreas Born" <[EMAIL PROTECTED]>
Subject: DES Encryption - salt?
Date: Fri, 18 May 2001 20:10:38 +0200
Hi,
I need to write my own crypt-routine, and I know how the DES algorythm
works. But I don't know how to build up the 64bit key from the user input in
detail (use 6 bits, or 7 or 8, where is the highest bit, where the lowest,
is the input transformed in any way ?)
And because the routine is needed as "password encryption", what shall I do
with the given "salt" ? I guess this is used to build the 64bit data block,
that will be encrypted ??
I found many information about DES and so on, but NOTHING about password
encryption and handling the 12bit (or 16 bit?) salt.
And the 11 chars "output" are generated from 10 6bit blocks and 1 4bit
block, I guess. But the same question: Highbyte/Lowbyte etc...
It must exactly give the same results as in unix and php, due to
compatibility reasons...
regards,
Andreas
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: DES Encryption - salt?
Date: Fri, 18 May 2001 18:12:43 GMT
"Andreas Born" <[EMAIL PROTECTED]> wrote in message
news:9e3oia$ujni$[EMAIL PROTECTED]...
> Hi,
>
> I need to write my own crypt-routine, and I know how the DES algorythm
> works. But I don't know how to build up the 64bit key from the user input
in
> detail (use 6 bits, or 7 or 8, where is the highest bit, where the lowest,
> is the input transformed in any way ?)
>
> And because the routine is needed as "password encryption", what shall I
do
> with the given "salt" ? I guess this is used to build the 64bit data
block,
> that will be encrypted ??
>
> I found many information about DES and so on, but NOTHING about password
> encryption and handling the 12bit (or 16 bit?) salt.
>
> And the 11 chars "output" are generated from 10 6bit blocks and 1 4bit
> block, I guess. But the same question: Highbyte/Lowbyte etc...
>
> It must exactly give the same results as in unix and php, due to
> compatibility reasons...
I would look at the Linux source code for the DES login stuff. It's open
source :-)
Too bad you need to be compatible I would have suggested to use something a
bit more robust like SHA1 or Tiger/192.
Tom
------------------------------
From: "Harris Georgiou" <[EMAIL PROTECTED]>
Subject: Re: PGP details
Date: Fri, 18 May 2001 21:32:59 +0300
� jlcooke <[EMAIL PROTECTED]> ������ ��� ������ ���������:
[EMAIL PROTECTED]
>
>
> Harris Georgiou wrote:
> > In the key properties the "Cipher" field reports the algo that WAS
default
> > when the key was created. Does this mean that this particular key works
only
> > with this cipher (i.e. CAST), even if my current preference is TripleDES
or
> > AES? And if so, can I modify this key setting in PGP?
>
> Aska pgp users group. This NG is mostly for theory questions.
Already done that. I understand that the algo preferance is stored into the
key but it is not mandatory, that is if both ends agree to use for example
3DES then the same key should do the job. However there seems to be no way
to change this attribute once the key is created.
> > That's true. I was referring to RSA signatures used by PGP. As I
understand,
> > PGP uses SHA1 digest + encryption with private key for signatures, which
is
> > the real problem in the first place. I cannot understand if and how the
> > private key is protected under this type of attack. Furthermore, what's
the
> > relation/usage of subkeys with session keys used for normal message
> > encryption (totally useless for signatures right)?
>
> This is theory.
>
> I'm sure if you understand that you NEED to use your private key to sign
> and not your public key. I mean think about it for a second, if you
> signed using your public key...anyone could because it's public right?
> And let's not forget the fact that you will only be able to do a
> challange-answer test since you can only decrypt a public-key encryption
> with the private key and visa versa. That's the key.
>
> Encrypt for intended recipient.
> c = E(m, Pub)
> m = E(c, Pri)
>
> Sign for everyone to check:
> s = E(sha1(m), Pri)
> if (E(s, Pub) == sha1(m'))
> OK!
> else
> TAMPERD.
>
> Note: replace sha1(x) with anything else you want. The point here is
> Pub-Pri pair are useful because one will undo the operation of the
> other, reguardless of which one you start with.
I understand the way RSA signature work and I know that RSA permits the
usage of the key pair in reverse. The general reason is that you WANT your
signature to be verifiable by anyone, so the only way to do this is by using
the public key already known to others. My question is how can we define a
signing scheme as secure as a private (or public) signing model that uses
specific key exchange between sender/receiver (direct or via a certified
server), BUT without the need of specifying a pre-defined set of receivers.
I mean, if the receivers are specified in advance, then we can sign the
message even with a secret key and use a secure key exchange model to send
this key to the actual receiver. But how about doing this with standard RSA
without exposing the private key? Is it possible to have arbitrary receivers
(not specifically defined) AND use other than the private key for signing &
public key for verification?
--
Harris
- 'Malo e lelei ki he pongipongi!'
> There are precautions you need to take before signing, but generally the
> key and data space of public-key algorithms are MUCH larger than
> Rijndael-256/256.
>
> JLC
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: closed door example (again with Cloakware)
Date: Fri, 18 May 2001 18:34:42 GMT
To those that say closed door crypto is a matter of business send your
browser to
www.pgp.com
Nuff said,
--
Tom St Denis
---
http://tomstdenis.home.dhs.org
------------------------------
From: [EMAIL PROTECTED] (Gregory G Rose)
Subject: Re: PGP details
Date: 18 May 2001 11:35:37 -0700
In article <[EMAIL PROTECTED]<,
jlcooke <[EMAIL PROTECTED]< wrote:
<Harris Georgiou wrote:
<> In the key properties the "Cipher" field reports the algo that WAS default
<> when the key was created. Does this mean that this particular key works only
<> with this cipher (i.e. CAST), even if my current preference is TripleDES or
<> AES? And if so, can I modify this key setting in PGP?
<
<Aska pgp users group. This NG is mostly for theory questions.
That's a joke, right?
I'm a power PGP user and I'm unaware of a way to
change the default cipher through any UI. The real
question is whether that default is in the signed
part of the packet or not, and if it is, it would
effectively require getting all the signatures to
be done again. I wouldn't be surprised if it *is*
in the signed part (but I haven't checked). So, my
guess is no, you can't do it.
Greg.
--
Greg Rose INTERNET: [EMAIL PROTECTED]
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: A simple encryption algorithm based on OTP
Date: Fri, 18 May 2001 11:19:58 -0600
In article <[EMAIL PROTECTED]>, Mok-Kong Shen
<[EMAIL PROTECTED]> wrote:
> wtshaw wrote:
> >
> > An algorithm can be both obscure and innately strong.
>
> Using secret algorithms has the well-known objections.
> But there are quite a number of apparently not too bad
> public algorithms around. Using them in some key-dependent
> ways could mean real trouble for the opponent. Note the
> combinatorial explosion of choices for e.g. multiple
> encryptions, when a number of alternative algorithms
> (maybe also with parameters) are available.
>
> M. K. Shen
As in game parlance, it's dealer's choice. If there is little, limited,
or no choice as to algorithms and keys you know it's probably, sic, rigged
to favor the house.
--
George W. Bush is the weakest link...guh bye.
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Questionable security measures (CIC and Cloakware!)
Date: Fri, 18 May 2001 11:26:49 -0600
In article <VW7N6.125761$[EMAIL PROTECTED]>, "Tom St
Denis" <[EMAIL PROTECTED]> wrote:
> What goodwill? If they are not willing todo things right they are not
> acting in good faith themselves!
>
> Besides my point is just to raise awareness of this issue. Not to badmouth
> my company.
>
I suppose that you can not be considered a team player, and having the
wrong color socks can get you sacked. I hope you prove us all wrong, but
spotlights can be thought of as detrimental by those who practice goodwill
only toward themselves. Consider the MS defense against knowing what is
actually going on.
--
George W. Bush is the weakest link...guh bye.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Questionable security measures (CIC and Cloakware!)
Date: Fri, 18 May 2001 18:56:36 GMT
"wtshaw" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In article <VW7N6.125761$[EMAIL PROTECTED]>, "Tom St
> Denis" <[EMAIL PROTECTED]> wrote:
>
> > What goodwill? If they are not willing todo things right they are not
> > acting in good faith themselves!
> >
> > Besides my point is just to raise awareness of this issue. Not to
badmouth
> > my company.
> >
> I suppose that you can not be considered a team player, and having the
> wrong color socks can get you sacked. I hope you prove us all wrong, but
> spotlights can be thought of as detrimental by those who practice goodwill
> only toward themselves. Consider the MS defense against knowing what is
> actually going on.
Well I would rather not be on a team of people that only care about the
money and little on the impact they will have.
Tom
------------------------------
From: "M.S. Bob" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: People with x86 cpus (please reply)
Date: Fri, 18 May 2001 20:02:02 +0100
> - Pentium, PPro, PII, PIII
>
> http://tomstdenis.home.dhs.org/tc15a_spd.exe
Pentium II -- 200
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: OT lethal force; was: ON-topic - UK crime statistics (was Re: Best,
Date: Fri, 18 May 2001 19:20:03 GMT
Eric Lee Green wrote:
> On Fri, 18 May 2001 01:12:35 GMT, Trevor L. Jackson, III <[EMAIL PROTECTED]>
> wrote:
> >> >> >And in the U.S. B&E, while a violent crime, does not rise to the
> >> >> >level of a threat of death or great bodily harm. The only actions
> >> >> >that justify a potentially lethal response are rape, arson, a lethal
> >> >> >threat and their respective attempts.
> >> >> >
> >> >>
> >> >> Actually it does. And having taken both by kids through the
> >> >> repquired California state hunter saftey classed. They even exaime
> >> >> the special laws of California where the law makes woman not only
> >> >> the equal of man but more equal.
> >
> >The technical term is "disparity of force". It justifies a response ot a
> >threat that is at a higher level of nastiness than that of the threat. E.g,
> >where a police officer may use any necessary force, a citizen is restricted
> >to the use of only equal force. (fist/fist, knife/knife, firearms/firearm).
>
> I am not a lawyer. However, Jason D. Fisher is. See his survey of
> "Shoot the Burglar" laws as part of:
>
> http://www.law.emory.edu/ELJ/volumes/fall98/fisher.html
>
> Basically, there are a variety of situations where it is legal to use
> disproportionate force. In California, for example, "CAL. PENAL CODE �
> 197(2) (West 1988) (justifying a homicide "[w]hen committed in defense
> of habitation, property, or person, against one who manifestly intends
> or endeavors, by violence or surprise, to commit a felony, or against
> one who manifestly intends and endeavors, in a violent, riotous or
> tumultuous manner, to enter the habitation of another for the purpose
> of offering violence to any person therein");" -- i.e., it is quite legal,
> according to California penal code, to shoot and kill someone who is breaking
> into your residence. This is all very jurisdiction-dependent.
>
> >Yes it is. Completely. Go ask a lawyer who knows something about
> >use-of-force doctrine (most don't).
>
> http://www.law.emory.edu/ELJ/volumes/fall98/fisher.html
>
> Read it again.
This treatment is critically flawed. First it analyzes carjacking, which is a
violent crime against a person, as opposed to burglary or B&E which are not
crimes against a person. Second, the analysis is with respect to Louisiana law
rather than law in general, and Louisiana law is almost unrelated to law
elsewhere within the US. Finally, and most importantly, it is factually wrong on
_the_ major point which is the burden of proof.
In general, the burden of proof rests upon the prosecution and in criminal cases
it is quite high -- beyond a reasonable doubt. However, justifying a homicide is
what's called a "perfect defense" because if the jury believes the justification
presented, then the court is bound to find the defendant not guilty. This is as
close to a directed verdict as it is possible to get.
The downside of the perfect defense strategy is that it /shifts/ /the/ /burden/
/of/ /proof/! The defendant is required to prove the justification, while the
prosecution is free to poke holes in the story. This is why many defense lawyers
are uncomfortable with this kind of defense and will counsel their clients to
plead negligent homicide via accidental discharge or some other offense. Also,
few criminal defense lawyers are familiar with justifying the acts of their
clients because almost all of their clients are guilty and there's no possible
justification for most crimes.
The analysis also skips over the doctrine of competing harms. It is an
interesting piece, but it's neither comprehensive nor accurate. It is, however,
aimed _against_ the thesis of liberal interpretation of justifiable use. It does
not list Fischer as having any credentials in this area. As I originally
observed most lawyers are clueless. The topic is barely touched upon in law
school. Fisher is not clueless, but neither is he an authority. My statements
derive from the former president of the association of criminal defense
attorneys, who is definitely clueful and an authority.
>
> >> If you pull a gun on a buglar you should do it
> >> as you pull the trigger, The same way a cop would. I have had many
> >> disccussion with cops.
> >
> >Then you weren't listening. There is no state in which that doctrine is
> >espoused.
>
> http://www.law.emory.edu/ELJ/volumes/fall98/fisher.html
Fisher's analysis is irrelevant to police doctrine. There is no US Police
Standards and Training organization that trains cops to fire as soon as they
draw. The very concept is witless. The ladder of force used by the police has
ten or more rungs and the justification for pointing a gun at someone is far
below the justification for shooting them. That implies that the officer should
draw long before he has reason to fire. And their standards for defensive use of
firearms are the same as those for civilians: defense of the innocent and the
ability+opportunity+jeopadry criteria.
>
>
>
> lists at least a half dozen states (I stopped counting at that point) where
> it is legal to kill anybody who is breaking and entering into a home.
B&E is a violent crime. Standing in a kitchen not your own at 03:00 is not. The
former may justify all kinds of responses that the latter does not.
Consider the standard scenario: a bump in the night. Let's pretend that the
occupants do everything exactly right. He grabs his pistol and flashlight and
moves to the top of the stairs, taking a position behind cover that commands the
stairway. She grabs the portable phone and the shotgun, gathers the children and
ensconces behind the furniture in a bedroom with the shotgun ready to perforate
anything entering the doorway. She dials 911 and explains the situation to the
dispatcher.
He observes the front door is shaking under a pounding, and then the window
beside the door breaks in and a hand fumbles at the knob. By the OP's doctrine
this is an opportunity to exercise lethal force against a violent intruder. It's
also an opportunity to challenge the intruder verbally. Since the husband is not
in immediate danger and no weapon is present he does not fire.
The intruder gets the door unlocked and, cursing horribly, slams open the door,
and enters the house. He has something in his hand. By the OP's doctrine this
is another opportunity for exercise lethal force. It's also another opportunity
to challenge the intruder. Since the intruder turns towards the stairs the
husband opens fire, and delivers a Mozambique (two fast shots to the chest and
one careful shot to the head), which results in the immediate inactivity and
eventual death of the intruder.
The intruder turns out to be the next door neighbor who came home very drunk,
parked in the wrong driveway, and could not get his key to work.
This happens all the time. About a year ago in AZ a man came home to find
someone else was in his house. He took a knife from the kitchen and cornered the
intruder in a bathroom. The intruder was female and offered to have sex with the
man as long as he wore a condom. He agreed, and was dismayed when the police
eventually arrested him for rape. He was drunk, in the wrong house, and mistook
the occupant for an intruder. She was not drunk, did not recognize her neighbor,
and thought he was truing to rape her, even though the subject never entered his
mind until she suggested it.
The same thing happens with kids who sneak home late. Some of them die at their
parent's hands. See 60 minutes.
The proper criteria are ability, opportunity, and jeopardy. Lacking any one of
these means that the use of lethal force is not justified.
>
>
> >> I was a big poker player. They belived in
> >> guns and stated if you need to pull one on an intruder in your house
> >> you shoot right then.
> >
> >And you go up the river for murder -- unjustified homicide.
>
> Check your local state laws. In Louisiana, Mississippi, Nevada,
> California, Idaho, Georgia, Alabama, Vermont, probably a bunch more,
> if someone has violently entered your home with intent to commit a
> felony
See the problem here? How do you know what the criminal's intent is? This is a
weak reed upon which to stake the rest of your life.
> , it is perfectly legal under that state's laws to shoot him. In
> other states, as for unjustified homicide, well, dead men don't
> testify. If you testify that he turned toward you and had an object in
> his hand that you thought was a gun, and you shot him, who's going to
> say different? I'm certainly not. While I'm no fan of capital
> punishment, I can't condemn a man for shooting a burglar in his home.
While there are many jurisdictions that will not indict or convict, there are
many that will even when the justification is plain. The gray area is wider than
that protected by any bright-line standards. Thus, unless the threat is
immediate, lethal, and otherwise unavoidable, one is best served by withholding
fire.
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: People with x86 cpus (please reply)
Date: Fri, 18 May 2001 19:22:37 GMT
"M.S. Bob" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> > - Pentium, PPro, PII, PIII
> >
> > http://tomstdenis.home.dhs.org/tc15a_spd.exe
>
> Pentium II -- 200
Thanks.
Tom
------------------------------
From: "Thomas J. Milford" <[EMAIL PROTECTED]>
Subject: Re: Questionable security measures (CIC and Cloakware!)
Date: Fri, 18 May 2001 14:13:22 -0500
Have you made your final decision on where to attend college? Perhaps you
can get in touch with a professor there and obtain a research position for
the summer. Along with the academic exposure and early feel for what a
university is like, you'd have a more lenient disclosure policy.
- tjm
"Tom St Denis" <[EMAIL PROTECTED]> wrote
> ....Well I still need a job.... Anyone interested in hiring an honest
> intern?
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Questionable security measures (CIC and Cloakware!)
Date: Fri, 18 May 2001 19:26:56 GMT
"Thomas J. Milford" <[EMAIL PROTECTED]> wrote in message
news:9e3s5k$cus$[EMAIL PROTECTED]...
>
> Have you made your final decision on where to attend college? Perhaps you
> can get in touch with a professor there and obtain a research position for
> the summer. Along with the academic exposure and early feel for what a
> university is like, you'd have a more lenient disclosure policy.
I am already enrolled in college. Aside from being honest I also had bad
marks in high school and failed to get into a local university. Hoorah for
tom.
Oh well. college is a form of schooling too :-)
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: TC15a x86 FYI
Date: Fri, 18 May 2001 19:28:49 GMT
Thanks to all that ran the program and gave me the results. Here are the
clock cycles ranked from highest to lowest.
pmmx: 240 cycles
K6 : 224 cycles
K6II: 222 cycles
PII : 200 cycles
pIII: 200 cycles
K7-T: 172 cycles
(K7-T = Athlon T-Bird).
--
Tom St Denis
---
http://tomstdenis.home.dhs.org
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Questionable security measures (CIC and Cloakware!)
Date: Fri, 18 May 2001 18:36:09 GMT
Tom St Denis wrote:
> Then companies like Cloakware should not ...
Tom, instead of justifying your position you should
try to understand the advice you're getting from more
experience people and contemplate it for a while.
*Every* technical organization I have ever seen,
and that is a *lot*, has had managerial problems,
often making clearly stupid decisions. Unless there
is an ethical imperative involved, which does happen
but more rarely than you think, the best response is
to work within the existing organization to improve
it. Fighting the system won't work.
"I fought the Law, and the Law won"
- What song was that?
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Subject: Re: Questionable security measures (CIC and Cloakware!)
Date: Fri, 18 May 2001 19:32:55 GMT
Tom St Denis wrote:
> Why not? I have no expectation of free speech? What I posted originally
> was true and public knowledge. I raised some concerns with a product that
> was constructed using homebrew crypto.
And just as you have the expectation of free speech, they have the right
to fire you for whatever reason they want that isn't illegal. And I
doubt that firing you for publicly announcing *anything* about their
product when it's not your role in the company to make such
announcements isn't illegal.
You have the right to badmouth the traffic cop, too. It's not going to
get you out of paying the ticket.
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
This is top-quality raw fish, the Rolls-Rice of Sushi!
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Questionable security measures (CIC and Cloakware!)
Date: Fri, 18 May 2001 19:35:58 GMT
"Darren New" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> > Why not? I have no expectation of free speech? What I posted
originally
> > was true and public knowledge. I raised some concerns with a product
that
> > was constructed using homebrew crypto.
>
> And just as you have the expectation of free speech, they have the right
> to fire you for whatever reason they want that isn't illegal. And I
> doubt that firing you for publicly announcing *anything* about their
> product when it's not your role in the company to make such
> announcements isn't illegal.
Well I am not a lawyer but last I heard wrongful termination is a civil
issue and can be brought into court. It screws up your credit and can get
you a bad character rept.
> You have the right to badmouth the traffic cop, too. It's not going to
> get you out of paying the ticket.
Ah, only if you are guilty. You can't goto jail for not liking the cops
though...
Tom
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: Questionable security measures (CIC and Cloakware!)
Date: Fri, 18 May 2001 19:37:11 GMT
"Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> > Then companies like Cloakware should not ...
>
> Tom, instead of justifying your position you should
> try to understand the advice you're getting from more
> experience people and contemplate it for a while.
Well I think I will just stop caring. That's the impression I am getting.
So I will take the money, not care about the result of my actions and hope
for the best (if I get paid overtime... hoping on my own time is a nono).
> *Every* technical organization I have ever seen,
> and that is a *lot*, has had managerial problems,
> often making clearly stupid decisions. Unless there
> is an ethical imperative involved, which does happen
> but more rarely than you think, the best response is
> to work within the existing organization to improve
> it. Fighting the system won't work.
I didn't fight the system I just posted a comment. If that's a fight wow.
>
> "I fought the Law, and the Law won"
> - What song was that?
I've heard of it but I can't remember the name
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Subject: Re: Questionable security measures (CIC and Cloakware!)
Date: Fri, 18 May 2001 19:37:37 GMT
Tom St Denis wrote:
> Well I am not a businessmen. I am (trying to be) a scientist.
It's hard to be a scientist working for a business, true. The aims of
the two are often contradictory.
> I believe in
> pure facts and hard core empiracle evidence.
Fact: businesses are there to make a profit. Fact: interns badmouthing
the business hurts profit. :-)
> Why must the world suck? Just "because it does"?
It doesn't suck. It's just not all about inhuman facts. The human facts
enter into it also.
Fact: your boss probably got flack if your boss' boss saw your posts.
Fact: Your boss values his job more than he values yours. :-)
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
This is top-quality raw fish, the Rolls-Rice of Sushi!
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Subject: Re: Questionable security measures (CIC and Cloakware!)
Date: Fri, 18 May 2001 19:40:57 GMT
Tom St Denis wrote:
> Well I would rather not be on a team of people that only care about the
> money and little on the impact they will have.
That's good. Now you're not. Why are you complaining? ;-)
(Just kidding.)
I'd just like to say that there *are* people who *do* care yet manage to
make money as well. I was privledged to work at a company where the
motto was:
Work on anything that satisfies at least two of these:
1) It's fun
2) It does good
3) It makes money
Note that it's the *people* who have the integrity, and not the company
itself. Follow the people about once you find them. From my limited
experience, it's fairly easy to tell when you've found such a shop, and
when it has dried up.
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
This is top-quality raw fish, the Rolls-Rice of Sushi!
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
