Cryptography-Digest Digest #400, Volume #14 Sun, 20 May 01 23:13:01 EDT
Contents:
Re: Apology to Cloakware (open letter) (JPeschel)
Re: Evidence Eliminator Detractors Working Hard But No Result? (LMB)
Re: What about SDD? ("Harris Georgiou")
Re: What about SDD? ("Harris Georgiou")
Re: taking your PC in for repair? WARNING: What will they find? (Dave Howe)
Re: What about SDD? ("Tom St Denis")
Re: What about SDD? (David Wagner)
Re: taking your PC in for repair? WARNING: What will they find? (Johnny Bravo)
Re: Evidence Eliminator Detractors Working Hard But No Result? ("Jeffrey Walton")
Re: Questionable security measures (CIC and Cloakware!) ("Ben Hamilton")
Re: Help with a message (Charles Lyttle)
Re: Evidence Eliminator works great. Beware anybody who claims it (Andrew Sullivan)
Re: taking your PC in for repair? WARNING: What will they find? (Andrew Sullivan)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 21 May 2001 00:00:24 GMT
Subject: Re: Apology to Cloakware (open letter)
"Brian Hetrick" [EMAIL PROTECTED] writes:
>Matt Timmermans" wrote...
>> Has anyone heard of a reasonably successful algorithmic method for
>> identifying people by writing style?
>
>Algorithmic? No, not that I know of. On the other hand, the point of
>poetry criticism (in particular, although this is also true of
>literature criticism as a whole, to an extent) is identifying and
>recovering information sidebands in written text, particularly
>sidebands about the identity and outlook of the speaker. For all
>except very good poets, speaker = author.
>
I've never heard good poetry critics talk about "identifying and
recovering information sidebands" of text! Is this your way of making
the subject on-top for sci.crypt? :-) Often, in most good litetature,
the speaker does not equal author.
>Unfortunately, I don't follow the group closely enough to be familiar
>with personalities. And even were I to do so, I would not expect to be
>able to coherently argue a poster's identity in lay person's terms:
>the field of forensic poetry criticism is woefully underdeveloped. I
>can, however, say my bozo detector meter pegged while reading the
>subject post. I suspect most everyone's did.
The subject post was, indeed, written by St. Denis. Other regulars
here have a recognizable style, too: Scott, Shen, Shaw, and Gillogly,
Olson, and Gwyn.
I suppose everyone (or everyone who cares) is trying to figure out who
"Just Looking" is. If he's a regular here, he's fairly literate, seems
to delight in sarcasm, and isn't above kicking a guy when he's down.
I say "fairly literate" because most of the post shows a command of
the written language with some exceptions. For instance, Just Looking
gets confused about punctuating "'...how did you put it?... oh yeah...
'stupid'
comments would cause any grief to you or your, what was that adjective?...
'shameful' employer Cloakware.'" He's not sure how to use an ellipsis,
but does know what one is. And in order to be sarcastic, Just Looking
pretends to forget, for a moment, what St Denis's words were.
Maybe a newsgroup search for posters who use idioms and cliches
such as "knee-jerk loudmouth," "shoots first and asks questions later,"
"hair-trigger mind," and "grasp the depths" would yield something about
Just Looking's identity. And don't forget the phrases: "standing in the blast
of true
reality" and "still all about you." Searching for those could be helpful,
too.
This is fun!
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
From: LMB <[EMAIL PROTECTED]>
Crossposted-To:
alt.privacy,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server
Subject: Re: Evidence Eliminator Detractors Working Hard But No Result?
Date: Mon, 21 May 2001 00:02:26 GMT
On Sun, 20 May 2001 22:49:08 +0100, "EE Support"
<[EMAIL PROTECTED]> wrote:
>Eric Lee Green is exposed for posting blatant lies about Evidence
>Eliminator. He has been proved to be lying in this debate.
More SPAM. Do you have ANY idea how many sales YOU are costing
yourself? You are on my list, as one consumer, as a company NEVER to
buy from. Why? Because of your activity in the news groups which,
whether you like it or not, I classify as SPAM. I am sure there are
thousands of other potential consumers out there like me to whom you
have totally discredited yourself.
------------------------------
From: "Harris Georgiou" <[EMAIL PROTECTED]>
Subject: Re: What about SDD?
Date: Mon, 21 May 2001 00:43:20 +0300
� David Wagner <[EMAIL PROTECTED]> ������ ��� ������ ���������:
9e91u8$6c4$[EMAIL PROTECTED]
> Harris Georgiou wrote:
> >David Wagner <[EMAIL PROTECTED]> wrote:
> >> But what's the benefit of this over standard SSL?
> >
> >As R.Rivest notes, message authentication between the two parts does
permit
> >each of them being able to distinguish bogus chatter from real traffic.
>
> I'll ask again. What's the point? Why not just encrypt the traffic
> and be done with it?
Because any encryption scheme can eventually be broken with or without the
knowledge of the sender or receiver. Not that this scheme solves the problem
but it adds a completely differrent layer of confidentiality to any
encrypted traffic. Second, if multiplexing channels can eventually produce
the necessary secrecy, even if all channels contains plaintext data, then
why whould anyone use encryption, say in satellite communications? Third,
data distribution is always a good measure or resistance to any kind of
jamming, tampering or disclosure.
> >One famous weakness of the early Unix systems was the /etc/passwd file,
> >where anyone could get the accounts and their (hashed) passwords. Imagine
> >now, given that storage capacity is far less important than security,
this
> >file being some gigabytes in size: who would try to discover some 100's
of
> >useful lines of data in all this junk?
>
> You're joking, right? If there is a way for unprivileged programs
> to verify passwords somehow by consulting your gigabyte-passwd file,
> then unprivileged attackers can do dictionary attacks -- this is
> unavoidable. If you don't need a way for unpriv. programs to verify
> passwords, then it's a solved problem: use shadow passwords. What am
> I missing?
Shadow passwords and similar techniques are just technical means for denial
of service. And like any other technical mean they are doomed to be broken
by a group of people - we just try to make this group as small as possible.
After all, no "sensible" hacker would try to break anything less than the
root itself (after all, what's the point?).
As for the gigabyte-password file, our system wil use the key as RLE-offsets
table, thus have direct access to the useful data in the file. Any attacker
that would try to get ANY info from this file should make his own copy and
then try to locate them AT RANDOM inside the file, much more difficult than
trying to guess the key itself.
PS: Brute force dictionary attacks are a matter of denial of service for
network access via login. If the system can't filter out a user that tries
100's of account/passwd combinations, then what's the point in studying the
security on it?
--
Harris
- 'Malo e lelei ki he pongipongi!'
------------------------------
From: "Harris Georgiou" <[EMAIL PROTECTED]>
Subject: Re: What about SDD?
Date: Mon, 21 May 2001 00:50:51 +0300
� Mok-Kong Shen <[EMAIL PROTECTED]> ������ ��� ������ ���������:
[EMAIL PROTECTED]
>
>
> Mok-Kong Shen wrote:
> >
> [snip]
> > It is my humble opinion that one probably need not employ
> > such sophisticated techniques, which for people with poor
> > knowledge in EE like me is difficult to designed is very
> > simple (in fact trivial) and clear-cut.
>
> Sorry, some words got lost in the above paragraph. Read
> instead:
>
> It is my humble opinion that one probably need not employ
> such sophisticated techniques, which for people with poor
> knowledge in EE like me is difficult to apply in design
> in right ways. The scheme I designed and mentioned previously
> is very simple (in fact trivial) and clear-cut.
>
> M. K. Shen
If my explanation was too technical and too-complicated, my apologies - it
was not intended to be so. :-)
As for the actual implementation, as long as we speak for digital streams
like computer packets, there is no reason in stumbling into spectrum
analysis - we can just use any random stream of much larger magnitude than
the volume of actual data and (with a good PRNG) the job is done!
In fact, your system is very similar to mine, only it works on 1-bit level
(instead 8-bit for mine) and that the data bits are located by using some
non-random structure around them (mine uses a long, random lookup table of
some kind).
I 'll take a look on your page, I'm sure I'll find some interesting stuff
there.
Cheers :))
--
Harris
- 'Malo e lelei ki he pongipongi!'
------------------------------
From: Dave Howe <[EMAIL PROTECTED]>
Crossposted-To:
alt.privacy,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server
Subject: Re: taking your PC in for repair? WARNING: What will they find?
Date: Mon, 21 May 2001 01:45:05 +0100
This is getting old fast, spread over half of the crypto or privacy
related Usenet groups. Please, someone newgroup
alt.support.Evidence-Eliminator so we can get this crap off of working
NGs.
--== DaveHowe ( is at) Bigfoot dot com ==--
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: What about SDD?
Date: Mon, 21 May 2001 00:51:04 GMT
"Harris Georgiou" <[EMAIL PROTECTED]> wrote in message
news:9e9nr7$18hm$[EMAIL PROTECTED]...
>
> � David Wagner <[EMAIL PROTECTED]> ������ ��� ������ ���������:
> 9e91u8$6c4$[EMAIL PROTECTED]
> > Harris Georgiou wrote:
> > >David Wagner <[EMAIL PROTECTED]> wrote:
> > >> But what's the benefit of this over standard SSL?
> > >
> > >As R.Rivest notes, message authentication between the two parts does
> permit
> > >each of them being able to distinguish bogus chatter from real traffic.
> >
> > I'll ask again. What's the point? Why not just encrypt the traffic
> > and be done with it?
>
> Because any encryption scheme can eventually be broken with or without the
> knowledge of the sender or receiver. Not that this scheme solves the
problem
> but it adds a completely differrent layer of confidentiality to any
> encrypted traffic. Second, if multiplexing channels can eventually produce
> the necessary secrecy, even if all channels contains plaintext data, then
> why whould anyone use encryption, say in satellite communications? Third,
> data distribution is always a good measure or resistance to any kind of
> jamming, tampering or disclosure.
You guys are discussing two different things. Crypto as David pointed out
provideds information theoretic security. I still know there is a channel,
I can physically disrupt it but I don't know the contents of the channel. I
think you are talking about actually protecting the link and not the
contents...
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: What about SDD?
Date: 21 May 2001 01:11:10 GMT
Harris Georgiou wrote:
>Because any encryption scheme can eventually be broken with or without the
>knowledge of the sender or receiver.
>[...] And like any other technical mean they are doomed to be broken
>by a group of people - we just try to make this group as small as possible.
That sounds like an defeatist attitude, one that is incidentally not
supported by my experience with cryptography. What's your evidence?
Anyway, I agree that some analogue of frequency-hopping might be useful
in conjunction with traditional crypto as a "belt-and-suspenders"
defense-in-depth technique for increasing assurance. But a replacement
for encryption? No way. Encryption is far better understood (in the
open world), and doesn't require funny assumptions about multiplicity
of data channels available (an assumption which isn't very well met on,
e.g., the Internet).
------------------------------
From: Johnny Bravo <[EMAIL PROTECTED]>
Crossposted-To:
alt.privacy,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server
Subject: Re: taking your PC in for repair? WARNING: What will they find?
Date: Mon, 21 May 2001 02:08:46 GMT
On Sun, 20 May 2001 22:49:21 +0100, "EE Support"
<[EMAIL PROTECTED]> wrote:
>Eric Lee Green is exposed for posting blatant lies about Evidence
>Eliminator.
I have yet to see you even address the charges against the failures
of your product, much less you expose any lies on his part.
>He has been proved to be lying in this debate.
Don't confuse yourself and him. The only lying scumbag I've seen
around here so far is the EE SPAM team.
--
� Best Wishes,
� � Johnny Bravo
BAAWA Knight, EAC - Temporal Adjustments Division
Ordained Minister - Universal Life Church
"The most merciful thing in the world, I think, is the inability
of the human mind to correlate all its contents." - HP Lovecraft
------------------------------
Reply-To: "Jeffrey Walton" <[EMAIL PROTECTED]>
From: "Jeffrey Walton" <[EMAIL PROTECTED]>
Crossposted-To:
alt.privacy,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server
Subject: Re: Evidence Eliminator Detractors Working Hard But No Result?
Date: Sun, 20 May 2001 22:23:47 -0400
They are spamming over in microsoft.public.win32.programmer.kernel and
microsoft.public.vc.debugger also.
"LMB" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
: On Sun, 20 May 2001 22:49:08 +0100, "EE Support"
: <[EMAIL PROTECTED]> wrote:
:
: >Eric Lee Green is exposed for posting blatant lies about Evidence
: >Eliminator. He has been proved to be lying in this debate.
:
:
: More SPAM. Do you have ANY idea how many sales YOU are costing
: yourself? You are on my list, as one consumer, as a company NEVER to
: buy from. Why? Because of your activity in the news groups which,
: whether you like it or not, I classify as SPAM. I am sure there are
: thousands of other potential consumers out there like me to whom you
: have totally discredited yourself.
------------------------------
From: "Ben Hamilton" <[EMAIL PROTECTED]>
Subject: Re: Questionable security measures (CIC and Cloakware!)
Date: Mon, 21 May 2001 12:36:24 +1000
Tom St Denis <[EMAIL PROTECTED]> wrote in message
news:EfeN6.127646$[EMAIL PROTECTED]...
> Well I would rather not be on a team of people that only care about the
> money and little on the impact they will have.
Business exists to make money,
Non-profit orgs exist to make a difference.
A business can make a difference, so long as it doesn't affect the money.
I think nemo's earlier post re they way you talk to your mother was very
appropriate. Stanleys post was quite simple, you didn't have the right
to view the source.
So when you attacked his company for his legitimate action, you asked for
it.
Sorry but no symphaty for that. I am saddened to hear that the two of you
could not communicate properly.
If you had both communicated properly, you would still be there. His
(Stanley) concern
is the confidentiallity agreements he has with Signature. Your concern is
peer review and
cryptanyalis. But because he is there to make money, he will use a non
public source initially,
thats ok (not optimal, but definately ok). His post stated that he will be
heading toward more
openess.
Rome wasn't built in a day, neither was crypto or a career. But it is
possible to destroy a
city in less than a day.....
my two cents,
ben hamilton
------------------------------
From: Charles Lyttle <[EMAIL PROTECTED]>
Subject: Re: Help with a message
Date: Mon, 21 May 2001 02:41:11 GMT
Amethyste wrote:
>
> the group JPJ Z UMPOBADV is repeated three times
>
> distances are 55 = 5 x 11 or 802 =2 x 401 (prime)
>
> for the group NXLKU repeated twice, the distance is 97 (prime)
>
> for the group QPGOFJ distance is 83 (prime)
>
> I can't find an explanation ...
As the "JPJ Z UMPOBADV" is the longest, and JPJUMPOBADV is 11, and the
message was published in the Times, a key of 11 would be a good guess.
--
Russ Lyttle
"World Domination through Penguin Power"
The Universal Automotive Testset Project at
<http://home.earthlink.net/~lyttlec>
------------------------------
Date: Mon, 21 May 2001 12:47:16 +1000
From: Andrew Sullivan <sullivanam@Don'tSpamMehotpop.com>
Reply-To: dev/null
Crossposted-To:
alt.privacy,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server
Subject: Re: Evidence Eliminator works great. Beware anybody who claims it
EE Support wrote:
>
> By now you will have witnessed the mass hysteria about Evidence Eliminator.
For me, the bottom line is that you mongrels spam newsgroups. I personally don't
care if your loadashit program is the best thing since sliced bread, if you
can't market it without using spam I (and many others) simply won't have a bar
of it.
> --
> Best Regards,
> The Evidence Eliminator Support Team
> http://www.evidence-eliminator.com/support.shtml
> --
> Technical Support Questions: Before submitting additional questions,
> please make sure you have searched the Evidence Eliminator
> KnowledgeBase online which can answer most questions instantly at
> http://www.evidence-eliminator.com/support/kb/search.shtml
------------------------------
Date: Mon, 21 May 2001 13:05:40 +1000
From: Andrew Sullivan <sullivanam@Don'tSpamMehotpop.com>
Reply-To: dev/null
Crossposted-To:
alt.privacy,alt.security.pgp,alt.security.scramdisk,alt.privacy.anon-server
Subject: Re: taking your PC in for repair? WARNING: What will they find?
Yeah, I see what you mean Omivore. It looks like some kind of E-rubber stamp.
Or is that EE-rubber stamp?
EE Support wrote:
>
> Eric Lee Green is exposed for posting blatant lies about Evidence
> Eliminator. He has been proved to be lying in this debate.
>
> Don't get dis-informed - get the facts:
>
> Eric Lee Green targets Evidence Eliminator users with false web pages:
>
> http://www.evidence-eliminator.com/dis-information.shtml
>
> --
> Best Regards,
> The Evidence Eliminator Support Team
> http://www.evidence-eliminator.com/support.shtml
> --
> Technical Support Questions: Before submitting additional questions,
> please make sure you have searched the Evidence Eliminator
> KnowledgeBase online which can answer most questions instantly at
> http://www.evidence-eliminator.com/support/kb/search.shtml
>
> "Eric Lee Green" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > M�mus wrote:
> > > In article <9dvh27$30m$[EMAIL PROTECTED]>
> > > "Omnivore" <[EMAIL PROTECTED]> wrote:
> > > > "P.Dulles" <*@*.com> wrote in message
> > > > news:[EMAIL PROTECTED]...
> > > > > In article <9dv1q1$gt0$[EMAIL PROTECTED]>,
> > > > > [EMAIL PROTECTED] says...
> > > > > >: Didn't you just say the exact same thing in another post?
> > > > > >: I suppose a good lie bears repeating?
> > > > > You really should quote there Omnivore, it gives us a clue
> > > as to what
> > > > > you may be referring to.
> > > > Just pick an EE Support post at random. Odds are it would
> > > be what I
> > > > referred to. If not it is as much bullshit anyway.
> > >
> > > You're perception of exactness is a bit scarey. I sincerely
> > > hope you're not a brain surgeon.
> >
> > On the other hand, one does not need to be a brain surgeon to poke one's
> > finger into a pile of manure and have it come back dirty.
> >
> > See http://badtux.org/eric/editorial/scumbags.html for details on this
> > particular pile of manure. (Unless you're the mysterious Mr. Ride -- I
> > doubt that Mr. Churchill could figure out how to operate an anonymous
> > remailer, so you're probably not Mr. Churchill).
> >
> > --
> > Eric Lee Green mailto:[EMAIL PROTECTED]
>
> Eric Lee Green is exposed for posting blatant lies about Evidence
> Eliminator. He has been proved to be lying in this debate.
>
> Don't get dis-informed - get the facts:
>
> Eric Lee Green targets Evidence Eliminator users with false web pages:
>
> http://www.evidence-eliminator.com/dis-information.shtml
>
> --
> Best Regards,
> The Evidence Eliminator Support Team
> http://www.evidence-eliminator.com/support.shtml
> --
> Technical Support Questions: Before submitting additional questions,
> please make sure you have searched the Evidence Eliminator
> KnowledgeBase online which can answer most questions instantly at
> http://www.evidence-eliminator.com/support/kb/search.shtml
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
