Cryptography-Digest Digest #386, Volume #14 Fri, 18 May 01 19:13:00 EDT
Contents:
Re: OT lethal force; was: ON-topic - UK crime statistics (was Re: Best, Strongest
Algorithm) (SCOTT19U.ZIP_GUY)
Re: OAP-L3: "The absurd weakness." (Anthony Stephen Szopa)
Re: OAP-L3: "The absurd weakness." (Darren New)
Re: PGP details (Tom McCune)
Re: Questionable security measures (CIC and Cloakware!) (Darren New)
Re: Questionable security measures (CIC and Cloakware!) (Darren New)
Re: Questionable security measures (CIC and Cloakware!) (Darren New)
Re: Questionable security measures (CIC and Cloakware!) (Paul Rubin)
Re: Questionable security measures (CIC and Cloakware!) (Paul Rubin)
Re: OAP-L3: "The absurd weakness." ("Paul Pires")
Re: closed door example (again with Cloakware) (Paul Rubin)
Re: Questionable security measures (CIC and Cloakware!) ("Roger Schlafly")
Re: Questionable security measures (CIC and Cloakware!) (Mok-Kong Shen)
Re: OFF-topic by now - UK crime statistics (was Re: Best, Strongest ("Trevor L.
Jackson, III")
Re: OFF-topic by now - UK crime statistics (was Re: Best, Strongest Algorithm)
([EMAIL PROTECTED])
Re: OT lethal force; was: ON-topic - UK crime statistics (was Re: Best, Strongest
Algorithm) ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: OT lethal force; was: ON-topic - UK crime statistics (was Re: Best,
Strongest Algorithm)
Date: 18 May 2001 20:11:20 GMT
[EMAIL PROTECTED] (Trevor L. Jackson, III) wrote in
<[EMAIL PROTECTED]>:
>
>Fisher's analysis is irrelevant to police doctrine. There is no US
>Police Standards and Training organization that trains cops to fire as
>soon as they draw. The very concept is witless. The ladder of force
>used by the police has ten or more rungs and the justification for
I think you misunderstood on purpose. I am telling you the
cops I know said if there was a buglar in there house that
they would shoot him on sight and ask questions later. This
hardly the same as saying every time they confront someone with
a gun while on the job they most shoot. You took it out of context.
>
>Consider the standard scenario: a bump in the night. Let's pretend that
>the occupants do everything exactly right. He grabs his pistol and
>flashlight and moves to the top of the stairs, taking a position behind
>cover that commands the stairway. She grabs the portable phone and the
>shotgun, gathers the children and ensconces behind the furniture in a
>bedroom with the shotgun ready to perforate anything entering the
>doorway. She dials 911 and explains the situation to the dispatcher.
>
This very incident occured to a friend of mine when he was a sheriff
deputy excpt the lady had a 25 auto. He answered the call and annoced his
presience. He was not wearing armor. The lady shot him in the chest.
He just rushed her since she was scared and took the gun away. He
was not hurt the 25 auto hit a rib and he was not even hospitalized.
>He observes the front door is shaking under a pounding, and then the
>window beside the door breaks in and a hand fumbles at the knob. By the
>OP's doctrine this is an opportunity to exercise lethal force against a
>violent intruder. It's also an opportunity to challenge the intruder
>verbally. Since the husband is not in immediate danger and no weapon is
>present he does not fire.
>
>The intruder gets the door unlocked and, cursing horribly, slams open
>the door, and enters the house. He has something in his hand. By the
>OP's doctrine this is another opportunity for exercise lethal force.
>It's also another opportunity to challenge the intruder. Since the
>intruder turns towards the stairs the husband opens fire, and delivers a
>Mozambique (two fast shots to the chest and one careful shot to the
>head), which results in the immediate inactivity and eventual death of
>the intruder.
>
>The intruder turns out to be the next door neighbor who came home very
>drunk, parked in the wrong driveway, and could not get his key to work.
>This happens all the time. About a year ago in AZ a man came home to
>find someone else was in his house. He took a knife from the kitchen
>and cornered the intruder in a bathroom. The intruder was female and
>offered to have sex with the man as long as he wore a condom. He
>agreed, and was dismayed when the police eventually arrested him for
>rape. He was drunk, in the wrong house, and mistook the occupant for an
>intruder. She was not drunk, did not recognize her neighbor, and
>thought he was truing to rape her, even though the subject never entered
>his mind until she suggested it.
>
Bullshit it was rape but maybe a good lawyer got the man off.
>The same thing happens with kids who sneak home late. Some of them die
>at their parent's hands. See 60 minutes.
>
I lived in AZ when a man shot his own son on a surprise visit
from the service, He died to bad. The dad was not charged with murder.
Hint don't sneak into your house when your dad might shoot.
I think the dad was justafed in shooting his son. You might not.
The point is the intruder could have been a buglar. Accidents
happen. People kill petesrains with cars all the time. People should
learn to think. If not then the stupid get killed.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker,talk.politics.crypto
Subject: Re: OAP-L3: "The absurd weakness."
Date: Fri, 18 May 2001 13:38:27 -0700
John Savard wrote:
>
> On Tue, 15 May 2001 12:59:47 -0700, Anthony Stephen Szopa
> <[EMAIL PROTECTED]> wrote, in part:
>
> >I can't discuss what you are talking about if you cannot
> >communicate it.
>
> Well, he did make one specific claim:
>
> >>Yes, the fact that your method is almost totally unused does save you from
> >>extensive analisys. If a government really wanted to beat your method, it would
> >>NOT take long.( I'd attack the stored key files -- large unweildy and
> >>vulnerable they are.
>
> so he basically appears to admit your program is secure against an
> attacker who can only intercept ciphertext (provided the person using
> the program chooses to generate a large enough key file) but it leaves
> information on the hard disk that can be used to crack messages. (In
> comparison, in PGP, the copy of your secret key on the hard disk is
> encrypted by a pass phrase.)
>
> John Savard
> http://home.ecn.ab.ca/~jsavard/
Yes. Everyone is slowly coming to the realization that OAP-L3 can
provide exceptionally useful random numbers for encryption purposes.
I am thankful of the controversy that has arisen over OAP-L3 because
it has helped me concentrate on further refining the basic ideas and
make their implementation better, although time limitations make
this a very slow process.
Your point about hard drives having large amounts of encryption OTP
data is a valid point.
I have addressed this problem some time ago with my explanation of a
proposed Version 5.0 that has been on my web site for over a year now.
"With only 2920 data bytes you will be able to generate 9.2E15 random
numbers from 0 - 255 with a security level equivalent to 2000 bits;
or with only 4600 data bytes you will be able to generate 2.3E17
random numbers from 0 - 255 with a security level equivalent to
10,000 bits;
or with only 1,271,000 data bytes (fits on one floppy) you will be
able to generate 1.3E36 random numbers from 0 - 255 with a security
level equivalent to 100,000 bits.
The first example has a ratio of random numbers output to stored
bytes of data of 3.15E12.
The second example has a ratio of random numbers output to stored
bytes of data of 5E13.
The third example has a ratio of random numbers output to stored
bytes of data of 1E30.
Let me emphasize again using the first example above: your key will
generate 2920 data bytes. And these 2920 data bytes will have a
security level equivalent to 2000 bits and enable you to encrypt
9.2E15 bytes. Can you spare the space on your hard drive to store
2920 bytes?"
(I suppose this data could be secured with some sort of pass phrase,
as well.)
For a thorough and detailed explanation go to http://www.ciphile.com
then click on the What's Ahead web page from the Table of Contents.
You will find the above text excerpt and at the bottom of the page you
will find two links: "Version 5.0 Tables" - a set of tables and
"Version 5.0 Table Text" - a text file that will explain the tables
file.
(I will continue to post my further comments on Mr. Felling's reply
post over the next several days.)
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker,talk.politics.crypto
Subject: Re: OAP-L3: "The absurd weakness."
Date: Fri, 18 May 2001 21:00:42 GMT
Anthony Stephen Szopa wrote:
> Darren New wrote:
> > If you don't know what a group is, maybe you should look it up, rather
> > than pretending the flaw isn't clearly expressed.
>
> Now I know why war exists: it is to rid the planet of ignorance
> that may become a threat to survival.
Hi. We're from the nonsequitar police. We're not an official body, but
we do like pizza.
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
This is top-quality raw fish, the Rolls-Rice of Sushi!
------------------------------
From: Tom McCune <[EMAIL PROTECTED]>
Subject: Re: PGP details
Date: Fri, 18 May 2001 21:09:55 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
In article <[EMAIL PROTECTED]>, jlcooke
<[EMAIL PROTECTED]> wrote:
>Harris Georgiou wrote:
>> In the key properties the "Cipher" field reports the algo that WAS
>> default when the key was created. Does this mean that this particular
>> key works only with this cipher (i.e. CAST), even if my current
>> preference is TripleDES or AES? And if so, can I modify this key
>> setting in PGP?
>
>Aska pgp users group. This NG is mostly for theory questions.
<snip>
If your key's preference is CAST, then anytime anyone is encrypting only
to your key, CAST will be used. If you remove the self signature, the
preference will default to IDEA, but that is the only way the PGP GUI
will change the key's preference.
=====BEGIN PGP SIGNATURE=====
Version: PGP Personal Security 7.0.3
Comment: My PGP Page & FAQ: http://www.McCune.cc
iQA/AwUBOwWQB4F5MmKVFkG0EQKCwwCePoxdOpfpgBRg0ACwqY8YWu1TexMAnRFo
RVBMi67HjACIN/dkxuR4jygd
=8g4B
=====END PGP SIGNATURE=====
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Subject: Re: Questionable security measures (CIC and Cloakware!)
Date: Fri, 18 May 2001 21:14:03 GMT
Tom St Denis wrote:
> Well I am not a lawyer but last I heard wrongful termination is a civil
> issue and can be brought into court.
I don't know about CA's laws, but in the US, for the most part,
"wrongful termination" means "fired for legal reasons or in breach of an
employment contract." That doesn't sound like what happened here. In the
US, illegal reasons include things like age, skin color, and whether you
face east five times a day. It's not illegal to fire you for things you
say about the company if it's not your job to talk about the company.
Did you actually have a contract with them, or could they have fired you
for no reason at all if they wanted?
Of course, you can *sue* for any reason, and it's often cheaper to
settle than fight. Another one of those business decisions.
> It screws up your credit and can get
> you a bad character rept.
Doctor, doctor, it hurts when I do this! :-)
If you're worried about it, quit first, *then* squeal. :-)
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
This is top-quality raw fish, the Rolls-Rice of Sushi!
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Subject: Re: Questionable security measures (CIC and Cloakware!)
Date: Fri, 18 May 2001 21:20:11 GMT
Tom St Denis wrote:
> Fact: Money is some imaginary object we invented to replace slugging each
> other in the heads in order to steal things.
Well, it's a little more complex than that. :-)
> Fact: My boss is the boss.
Fair nuff.
> Fact: My boss didn't provide a real reason why he fired me. Wonder why?
Not at all. He wasn't required to, was he? I mean, sure, it might have
been nice, but nowadays anything a boss says can be used against him. So
if he wasn't required to tell you why you're fired, and he thinks you'd
disagree with his analysis, I'm not in the least surprised he wouldn't
tell you. It could only hurt him, and besides, you already knew.
Anyway, all that said, he did tell you. He told you that you didn't
understand how businesses work well enough to distinguish between
appropriate and inappropriate public discussion of your employer's
business practices. I.e., "If you don't know why..." But it's OK, that's
what youth is for. :-)
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
This is top-quality raw fish, the Rolls-Rice of Sushi!
------------------------------
From: Darren New <[EMAIL PROTECTED]>
Subject: Re: Questionable security measures (CIC and Cloakware!)
Date: Fri, 18 May 2001 21:23:00 GMT
Tom St Denis wrote:
> I want your job :-)
Me too! Sadly, I kind of fell into it. I worked down the hall from one
of the founders before he quit to found it. So I can't really give any
good advice on *finding* such a job.
--
Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
San Diego, CA, USA (PST). Cryptokeys on demand.
This is top-quality raw fish, the Rolls-Rice of Sushi!
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Questionable security measures (CIC and Cloakware!)
Date: 18 May 2001 15:03:01 -0700
"Tom St Denis" <[EMAIL PROTECTED]> writes:
> Then companies like Cloakware should not invent new schemes if they are not
> willing to develop them using a scientific process.
Obviously they don't feel that way. Maybe that's a mistake, but it's
THEIR mistake to make. If you want to see a more respectable example
of someone breaking paths with an employer because of bad crypto
policy decisions on the employer's part, look at Philip Zimmerman's
announcement when he left PGP. He explained his differences with the
company and said he was quitting. Note that it wouldn't have have
flown at all for him to criticize them in that way, without also
quitting.
> The info I gave out was not private information. My employer has(d) no
> expectation of privacy in the issue. They can't fire me because I don't
> like their practices. That's illegal!
I have no idea about the legality but I bet if you said on the
newsgroup that Cloakware's CEO wears ugly shirts, that wouldn't have
gone over too well with them either.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Questionable security measures (CIC and Cloakware!)
Date: 18 May 2001 15:04:28 -0700
"Tom St Denis" <[EMAIL PROTECTED]> writes:
>
> I didn't fight the system I just posted a comment. If that's a fight wow.
>
Carville's first rule of holes: if you find that you're in one, stop digging.
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker,talk.politics.crypto
Subject: Re: OAP-L3: "The absurd weakness."
Date: Fri, 18 May 2001 15:02:51 -0700
Darren New <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Anthony Stephen Szopa wrote:
> > Darren New wrote:
> > > If you don't know what a group is, maybe you should look it up, rather
> > > than pretending the flaw isn't clearly expressed.
> >
> > Now I know why war exists: it is to rid the planet of ignorance
> > that may become a threat to survival.
>
> Hi. We're from the nonsequitar police. We're not an official body, but
> we do like pizza.
Any Job openings? I'm qualified.
Paul
>
> --
> Darren New / Senior MTS & Free Radical / Invisible Worlds Inc.
> San Diego, CA, USA (PST). Cryptokeys on demand.
> This is top-quality raw fish, the Rolls-Rice of Sushi!
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: closed door example (again with Cloakware)
Date: 18 May 2001 15:06:05 -0700
"Tom St Denis" <[EMAIL PROTECTED]> writes:
> To those that say closed door crypto is a matter of business send your
> browser to
>
> www.pgp.com
>
> Nuff said,
I don't understand you're point. PGP closed its source and Zimmerman
as a result, criticized the decision and quit working for the company.
You're trying to do the same thing without quitting, which doesn't go
over so well.
------------------------------
From: "Roger Schlafly" <[EMAIL PROTECTED]>
Subject: Re: Questionable security measures (CIC and Cloakware!)
Date: Fri, 18 May 2001 20:38:38 GMT
"Darren New" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Tom St Denis wrote:
> > Well I am not a lawyer but last I heard wrongful termination is a civil
> > issue and can be brought into court.
> I don't know about CA's laws, but in the US, for the most part,
> "wrongful termination" means "fired for legal reasons or in breach of an
> employment contract." That doesn't sound like what happened here. In the
> US, illegal reasons include things like age, skin color, and whether you
> face east five times a day. It's not illegal to fire you for things you
> say about the company if it's not your job to talk about the company.
> Did you actually have a contract with them, or could they have fired you
> for no reason at all if they wanted?
Most employees in the US can be fired for no reason at all. Just not
for reasons like skin color, as you say. That is why many employers
consider it prudent to give no reason at all when firing someone.
Maybe Tom wasn't fired for badmouthing his boss and his employer;
maybe it was for spending too much time on sci.crypt instead of
doing his job!
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Questionable security measures (CIC and Cloakware!)
Date: Sat, 19 May 2001 00:26:08 +0200
Tom St Denis wrote:
>
> If you worked for a drug company that made cyanide asprin would you just ho
> hum as millions died?
I would first quit, in order to get a entirely clean
position for me.
M. K. Shen
------------------------------
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: OFF-topic by now - UK crime statistics (was Re: Best, Strongest
Date: Fri, 18 May 2001 22:52:39 GMT
"Douglas A. Gwyn" wrote:
> "Trevor L. Jackson, III" wrote:
> > You are welcome to retain your doubts. Contact any of Massad Ayoob of
> > Lethal Force Institute, John Farnam of Defense Training International, Clint
> > Smith of Thunder Ranch, Ray Chapman of Chapman Academy, Jeff Cooper of
> > Gunsite Training Center, etc. I didn't invent any of it. Self defense
> > doctrine is a well established, although esoteric field.
>
> Indeed, and what these experts have said and published on the
> matter disagrees with what you have been saying here.
Unless you are thinking of to issues on which those experts disagree with each
other, and there are several, I doubt I've misrepresented their positions. Please
specify what you believe to be inconsistent.
------------------------------
Subject: Re: OFF-topic by now - UK crime statistics (was Re: Best, Strongest
Algorithm)
From: [EMAIL PROTECTED]
Date: 18 May 2001 19:03:53 -0400
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> writes:
> I'd have a hard time justifying killing a burglar who stole some
> property...
You're using the past tense! There's no doctrine which permits ``self
defense'' after the danger has passed.
> The hassle of justifying a homicide simply isn't worth it even in the
> most generous interpretation of justification.
In some states at least, killing a burglar *while* committing his crime
is considered justified, because the homeowner is justified in assuming
that the criminal is an armed and present threat.
Len.
--
``Install and forget'' is a dubious concept for critical applications.
-- Dan Bernstein
------------------------------
Subject: Re: OT lethal force; was: ON-topic - UK crime statistics (was Re: Best,
Strongest Algorithm)
From: [EMAIL PROTECTED]
Date: 18 May 2001 19:10:11 -0400
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> writes:
> ...as opposed to burglary or B&E which are not crimes against a person.
True; they're not. But a homeowner confronting a burglar is, generally
speaking, entitled to assume his life is in danger. This is more true in
places like England and Australia, where ``hot'' burglaries have increased
dramatically since total gun registration.
Len.
--
Frugal Tip #2:
Eat your pets.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
