Cryptography-Digest Digest #185
Cryptography-Digest Digest #185, Volume #11 Wed, 23 Feb 00 07:13:01 EST
Contents:
I have added few images of my notebooks to alt.politics.org.cia ("Markku J.
Saarelainen")
need help! decryption (jamie)
Re: Passwords secure against dictionary attacks? (John Underwood)
Re: OAP-L3 Encryption Software - Complete Help Files at web site ("Douglas A. Gwyn")
Re: need help! decryption (Elgar)
Re: EOF in cipher??? (Mok-Kong Shen)
Re: Processor speeds. (Mok-Kong Shen)
Re: Passwords secure against dictionary attacks? ("Steve Coath")
cannot understand CFB mode code.. ([EMAIL PROTECTED])
Re: Passwords secure against dictionary attacks? ("Ken Hagan")
Transmitting ciphered data ("Markus Eiber")
First announcement for ECC 2000 (Alfred John Menezes)
Re: Passwords secure against dictionary attacks? ([EMAIL PROTECTED])
Re: Passwords secure against dictionary attacks? (Michel Dalle)
Re: need help! decryption (Runu Knips)
Re: I am really scared of my NT ([EMAIL PROTECTED])
Re: Stuck on code-breaking problem - help appreciated ("jdc")
Re: Does the NSA have ALL Possible PGP keys? ("csabine")
From: "Markku J. Saarelainen" [EMAIL PROTECTED]
Crossposted-To:
alt.2600,soc.culture.russian,soc.culture.soviet,soc.culture.nordic,soc.culture.europe,soc.culture.german,soc.culture.ukrainian,soc.culture.china
Subject: I have added few images of my notebooks to alt.politics.org.cia
Date: Wed, 23 Feb 2000 07:05:31 GMT
I have added few images of my notebooks to
alt.politics.org.cia
all these are intelligence related .. I still have hundreds of pages of
my notebooks that I have to review for you ..
other posted diary and notebook entries are at
http://homestead.virtualjerusalem.com/waeg/Diaries.html
Visit also the Game of General (M) (updated with the language - actually
I can teach the language to you more clearly - it is quite simple but
very effective) at
http://homestead.virtualjerusalem.com/waeg/gameofm.html
Best regards,
Markku
--
From: jamie [EMAIL PROTECTED]
Subject: need help! decryption
Date: Wed, 23 Feb 2000 07:48:36 GMT
This arrived in my email and I have no idea what it is, can someone tell
me how to decypher it?
Thanx in advance...
Subject:
¯u¹êªº¬G¨Æ¡A½Ð§A§Ú¤@»ô¨ÓÃö¤ß
From:
Nothing [EMAIL PROTECTED]
¡@¡@±z¦n¡A«Ü©êºp¡A¥´ÂZ±zÄ_¶Qªº¦¬«H®É¶¡¡A³o¨Ã¤£¬O¤@«Ê¼s§i«H¡A¦Ó¬Oµo¥Í¦b§ÚªB
¤Í¨¤Wªº¤@¥ó¯u¹êªº¬G¨Æ¡AÁöµM§Ú¨Ã¤£»{Ãѱz¡A±zªº¶l¥ó¦ì§}¤]¬O§Ú±qºô¸ô¤W©Ò¨ú±o
ªº¡A¦ýÁÙ¬On½Ð±zªáÂI®É¶¡±N³oÓ¬G¨Æ¬Ý§¹¡A¦pªG¥i¥Hªº¸Ü¡A½Ð±N³o«Ê«H¶Çµ¹±zªºªB
¤Í¡AÁöµM«H¤¤´d¼@ªº¥D¨¤»P±zµLÃö¡A¦ý¦pªG¥xÆW¥æ³q°ÝÃDÄ~Äò¦p¦¹¡A½Ö¤]¤£´±«OÃÒ¤U
¤@¬í´d¼@·|¤£·|´Nµo¥Í¦b§Ú̪ºªB¤Í¡Ð¡Ð¬Æ¦Ü¬O§Ú̦ۤv¨¤W¡A½Ð¦@¦Pn¨D§Ú̪º¬F
©²¤Î¨ä©xû¡A»P¨ä¥u·|¦b¿ïÁ|®É¥´°ªªÅ¡A»¡¨Ç¨¥¤£¤Î¸qªº¨¥½×¡Aˤ£¦p¯uªº©ñ¤@ÂI¤ß
«ä¦b§Ú̳o¨Ç¤p¦Ñ¦Ê©m¨¤W¡AÅý§ÚÌ¥i¥H¦³¤@Ó§K©ó®£ÄߪºÀô¹Ò¡C
¡@¡@¥H¤U¬O¥ØÀ»ªÌ©Ò¼gªºì¤å¡A«H¤¤©Î³\¦³¨Ç¿ù¦r¡A¦ý¬°´L«·í¨Æ¤H¡A§Ú¨Ã¤£¥[¥ô¦ó
ªº×§ï¡A«H¦³ÂIªø¡A½Ð±z@¤ß§â¥¦¬Ý§¹¡C
©M¦o»{ÃѬO¦b©_¼¯ªººô¸ô¤W,¨º¤@¤Ñ§Ú̲᪺«Ü¶}¤ß,¶¢½Í¤§¤¤§Ṳ́~ª¾¹D§ÚÌ¦íªº¬O
¦p¦¹£xªñ¦]¦¹§Ṳ́¬¬Û¯d¤U³q°T¤è¦¡,«á¨Ó§Ṳ́§¶¡³q¹L¤F´X¦¸¹q¸Ü,¨º¤@¤Ñ±ß¤W§Ú¨{
¤l¾j¤F,©p»¡n±a§Ú¥h¦YªF¦è,¦]¦¹§ÚÌ´N¬ù¥X¨Ó¦Y®d©],¨£¨ì©p,©p¤ñ§Ú·Q¹³¤¤£x©pÁÙ¥i
·R,¦b¦Y¶º¤§¤¤ª¾¹D©p£x®a®x,©p£x¤@¤Á,ì¨Ó©p¬O¤@Ó¨º»ò°í±j£x¤k¥Í,¤@Ó¤H¯²«Î¦b¥~
±ÁÈ¿ú¾i¬¡¦Û¤v,¨º®ÉÔ£x§Úı£x¦Û¤v©M©p¤ñ°_¨Ó©¯ºÖ¤Ó¦h¤F,¦^¥h¤§«á§Ṳ́S¶¢²á¤F
¤@¨Ç,©p§i¶D§Ú©p·Q¾Ç^¤ån§Ú±Ð©p,§ÚµªÀ³¤F©p§i¶D©p§Ú£x½Ķ¾÷¨S¦³¥Î¥i¥HÉ©p,©p
Å¥¤F«Ü°ª¿³,«á¨Ó©p§i¶D§Ú©ú¤Ñn¦^ªO¾ô£x°®¶ý®a,¥i¯à·|¥h´X¤Ñ,¦^¨Ó«á·|¥´¹q¸Üµ¹§Ú,
§Ú§i¶D©p¦^¨Ó«á¤@°_¥h°Ûºq,©pµªÀ³¤F§Ú.
¬P´Á¤@£x¤U¤È¥x¥_¤U°_¤F«B,¤Ñ®ð¦³ÂIÀã§N,¥´¹q¸Üµ¹©pª¾¨ì©p¤H¦b¥x¥_,è¦^¨Ó,§Ú°Ý
©pn¥h°Ûºq¶Ü?©pµªÀ³¤F§Ú,«á¨Ó§Ú¬ù¤F¥t¥~¤TÓºô¤Í¥h°Ûºq,§Ų́º¤@¤Ñ°Ûºq°Û£x«Ü¶}
¤ß,¬P´Á¤T£xâ±á§Ú̦b½u¤W¸I¤F±,¨º¤Ñ¤Ñ®ð¤]¬O¯S§O£x§N,¥~±ÁÙ¤U°_¤F«B,©p§i¶D§Ú
·Q¸ò¥t¤@Óºô¤Í¥h¸õ»R,n§Ú¸ò©p¤@°_¥h,§Ú°Ý©p¬°¤°»ò?©p¦^µª§Ú¦]¬°§Ú¤H¦n,¦Ó¥B¥h£x
¸Ü¥i¥H«OÅ@©p,¦Ó¥B©p¤]¤£·|µL²á,¥i¬O§ÚÁÙ¬O¶û¥~±¤Ó§N¤F,§Ú¥u·Q¥h¦Y®d©]¤£·Q¥h¸õ
»R,«á¨Ó©p¦³ÂI¤£°ª¿³¥i¬OÁÙ¬O§i¶D§Ú¨º¤£µM¤j®a¬ù¥X¥h¦Y®d©]¦n¤F,©pª¾¹D§Ú·Q¦Y¨¡
¶ê,»¡n±a§Ú¥h¦Y¤@®a¦n¦Y£x©±,¨º¤@¤Ñ§Ú¬ï¤F²D¾c¬ï£x«Ü¥ð¶¢,¨£±«á©p¥´¶q¤F§Ú¤@¤U,
¯ºµÛ¹ï§Ú»¡,¨þ¨þ~~~§A¦nµl¤l³á!!§Ú¤]¯º¤F¯º!¦^µª©p§Ú¥»¨Ó´N¬Oµl¤l¹À!!¤£µM«ç»ò·|¤j
®a³£·R©O?©p¯ºµÛ¹ï§Ú»¡¹ï§r!¹ï§r!¦]¬°©pÁy¥Ö«p¹À!«á¨Ó§ÚÌ´N¸ò¥t¥~¨âÓºô¤Í¥h¦Y®d
©],°e©p¦^®a£x¸ô¤W,§Ú̦bÃM¼Ó¤U²á¤F¤@·|,©p§i¶D§Ú·Q¦^³Ìªñ¥i¯à·|¦^ªO¾ô£x°®¶ý®a,
§Ú»¡¨SÃö«Y§ÚÌÁÙ¬O¥i¥H«Ü±`¨£±£x,¦^®a«á¨ì¦¤W§Ú¤~ºÎµÛ!!
³Ä±ß¤»ÂI¦h°_§ÉÅ¥¨ì¤â¾÷©p£x¯d¨¥,©p»¡§Ú¦n½Þ³á!!ºÎ¨ì²{¦bÁÙ¨S¿ôn§Ú»°§Ö°_§É,¦³
¦n±d£xn¤¶²Ðµ¹§Ú!!Å¥§¹¯d¨¥«á§Ú°¨¤W¦^¤F©p¹q¸Ü,©p½|§Ú¯u·|ºÎ,§Ú¯º¤F¯º°Ý©p¤°»ò¦n
±d£x§r?©p§i¶D§Ú¦³Óºô¤Ín½Ð¦Y¤õÁçn±a©p¸ò§Ú¥h,§Ú»¡¥L¤S¤£»{ÃѧÚ,©p»¡©p¦³§i¶D
¹L¥L¤F§r?§Ú¯ºµÛ°Ý©p¬°¦ó¨C¦¸¸òºô¤Í¥X¥h³£n§Ú³§r!©p¯º¯º£x»¡¦]¬°§Ún«OÅ@©p§r!!
¨þ¨þ...§Ú¬ðµMÅܦ¨©p£x¤p¸ò¯Z¤F§Ú§i¶D©p!!²á¤F¤@¤U,©p§i¶D§Ú¦³Óºô¤Í±H·Ó¤ùµ¹©p,§Ú
»¡§Ú¤]n¬Ý,©p¥s§Ú§Ö¤Wºô,§ÚÌ´N¦bºô¸ô¤W²á¤F°_¨Ó,©p§â·Ó¤ù¶Ç¤F¹L¨Ó,¦b²á¤Ñ«Ç¤¤,§Ú
§i¶D©p§Ú©ú¤Ñn¦^]®ß¤F,¦]¬°§Ú¦Ñª¨n¶}¨®¤W¨Ó¸ü§Ú¦^®a,©p»¡§Ú¦n¹³§µ¤l³á!!§Ú§i¶D
Cryptography-Digest Digest #186
Cryptography-Digest Digest #186, Volume #11 Wed, 23 Feb 00 11:13:01 EST
Contents:
Re: Large Int Lib for Delphi ("ink")
Re: Q: Large interger package for VB? (longreply with source) ("Neila Nessa")
Re: Does the NSA have ALL Possible PGP keys? ("csabine")
Re: Does the NSA have ALL Possible PGP keys? ("csabine")
Re: Passwords secure against dictionary attacks? (Ilya)
Re: US secret agents work at Microsoft claims French intelligence report (Gordon
Walker)
Re: Transmitting ciphered data (Volker Hetzer)
Re: Implementation of Crypto on DSP ([EMAIL PROTECTED])
DES algorithm (Charles Nicol)
Re: RSA Speed ([EMAIL PROTECTED])
Re: need help! decryption (wtshaw)
Re: need help! decryption (wtshaw)
Re: DES algorithm (Jean-Jacques Quisquater)
Re: shorter key public algo? (JCA)
Re: need help! decryption (Richard Herring)
From: "ink" [EMAIL PROTECTED]
Subject: Re: Large Int Lib for Delphi
Date: Wed, 23 Feb 2000 14:37:22 +0100
Thank you very much!
Ryan Phillips schrieb in Nachricht [EMAIL PROTECTED]...
check www.scramdisk.clara.net and click delphi.
Ryan
ink wrote:
Does anyone know of a large integer library for
Borland/Inprise Delphi, Version 3 or higher? A
Turbo Pascal ;-) version would also be welcome,
as the language/compiler is essentially the same.
Thanks a lot in advance, kind regards
Kurt
--
From: "Neila Nessa" [EMAIL PROTECTED]
Subject: Re: Q: Large interger package for VB? (longreply with source)
Date: Wed, 23 Feb 2000 07:44:47 -0600
Crossposted-To: comp.lang.basic.visual.misc,comp.lang.basic.visual.3rdparty,sci.math
This isn't what you are looking for either, but I found it to be an amusing
site ;-)
http://www.jargon.net/jargonfile/b/bignum.html
Neila
Ed Pugh [EMAIL PROTECTED] wrote in message
news:88v4cn$hrj$[EMAIL PROTECTED]...
Thanks for your follow-up, Michael, but I do not think this is quite
what I am looking for.
It appears that the module you posted does arithmetic on large
precision decimal numbers, NOT integers (or natural numbers).
Also, it did not appear to implement the modulus operation,
which I need.
As well, I noticed that it seemed to have a "naive" implementation
of the exponentiation function which, for the sizes of exponents
I am talking about, would probably take a few millenia to execute!
Does anyone know of any better VB implementations of large integer
packages?
Michael Carton ([EMAIL PROTECTED]) wrote:
I trimmed the NG list.
Why? I added them back!
Ed Pugh wrote:
I want to use Visual BASIC (5.0, pro ed'n, SP3) to do some
prototyping and experimenting with algorithms involving very
large natural numbers or integers.
Does anyone know if and where I can find and download a
*FREEWARE* (or *UNCRIPPLED* shareware) VB class or "library"
that can handle arbitrarily large natural numbers or integers
(up to a few thousand bits long)? (And it has to work with
VB 5.0.)
Here's something I downloaded. Free Source. I tested it with numbers
with up to 2,090 digits. It works.
Bet you did not try a number this size as an exponent (i.e. 2nd
parameter) for the IntPower function! ;-)
[ SNIP - VB module source code ]
Thanks and regards,
--
Ed Pugh, [EMAIL PROTECTED]
Richmond, ON, Canada (near Ottawa)
"Bum gall unwaith-hynny oedd, llefain pan ym ganed."
(I was wise once, when I was born I cried - Welsh proverb)
--
From: "csabine" [EMAIL PROTECTED]
Crossposted-To: comp.security.pgp,misc.survivalism
Subject: Re: Does the NSA have ALL Possible PGP keys?
Date: Wed, 23 Feb 2000 13:43:48 -
Kinda reminds of what Descartes once said:
Of all things, good sense is the most fairly distributed: everyone thinks he
is so well supplied with it that even those who are the hardest to satisfy
in every other respect never desire more of it than they already have.
Discours de la Méthode. 1637.
Colin.
B Poulton wrote in message ...
In article [EMAIL PROTECTED],
[EMAIL PROTECTED] (Steve K) wrote:
I just read most of this thread, and it's a very silly thread.
Agreed. I've been following it because I know little about it. Yet. In
conjunction with the original post I don't think this article is off topic.
(Note: This is *not* a slam against Americans. It's just that the study
groups were primarily American).
Incompetent people rarely know they are
By Deborah Zabarenko
WASHINGTON, Jan 20 (Reuters) - The truly incompetent may never know the
depths of their own incompetence, a pair of social psychologists said on
Thursday.
"We found again and again that people who perform poorly relative to
their peers tended to think that they did rather well," Justin Kruger,
co-author of a study on the subject, said in a telephone interview.
Kruger and co-author David Dunning found that when it came to a variety
of
Cryptography-Digest Digest #187
Cryptography-Digest Digest #187, Volume #11 Wed, 23 Feb 00 14:13:01 EST
Contents:
Re: I am really scared of my NT (Tim Tyler)
Crypto enthusiasm (wtshaw)
Re: Passwords secure against dictionary attacks? (Alun Jones)
Re: e-payment suggestion ("Dr.Gunter Abend")
Re: The solution is Open Source! ("John E. Kuslich")
Re: DES algorithm (John Savard)
Re: NSA Linux and the GPL ("John E. Kuslich")
Re: Crypto enthusiasm (Mok-Kong Shen)
Re: Passwords secure against dictionary attacks? (Barry Margolin)
Re: e-payment suggestion (Mike Rosing)
Re: Linking Time-Stamping Servers (Mike Rosing)
Re: John McCain Encrypt? (Thunder Dan)
Re: Processor speeds. (Mike Rosing)
Re: DES algorithm (Quisquater)
Re: NSA Linux and the GPL (Mike Rosing)
Report Details Vast SPY Network (Dave Hazelwood)
Re: Transmitting ciphered data ("Douglas A. Gwyn")
Re: OAP-L3 Encryption Software - Complete Help Files at web site (David A. Wagner)
Re: Stuck on code-breaking problem - help appreciated ("Douglas A. Gwyn")
Re: Stuck on code-breaking problem - help appreciated ("r.e.s.")
Re: Does the NSA have ALL Possible PGP keys? ("Douglas A. Gwyn")
Re: Passwords secure against dictionary attacks? (JimD)
Re: DES algorithm ("Douglas A. Gwyn")
Re: DES algorithm ("Douglas A. Gwyn")
Re: The solution is Open Source! ("Douglas A. Gwyn")
From: Tim Tyler [EMAIL PROTECTED]
Subject: Re: I am really scared of my NT
Reply-To: [EMAIL PROTECTED]
Date: Wed, 23 Feb 2000 15:37:04 GMT
[EMAIL PROTECTED] wrote:
: Someone should come out with a crypto gaurd-ring to protect all the
: ports and physical access of a windows 98/NT w/s. The whole thing is
: so shaky and insecure...
If possible, it's better to build on a solid foundation, than to try to
shore up the house built on sand.
--
__
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
The more you complain, the longer God makes you live.
--
From: [EMAIL PROTECTED] (wtshaw)
Subject: Crypto enthusiasm
Date: Wed, 23 Feb 2000 09:19:25 -0600
This morning, I awakened with thoughts of all that I might get done in a
crypto way today. The result on best will be that of the various areas,
I'll just get a little done, however. But, I pick the topic...that's
freedom. Here are the options:
1) News--probably read crypto relavant groups three or so different times today.
2) C/C++--work on extending my basic knowledge in the area as I enlarge
the current dumb crypto program to be more flexible; file I/O is partly
working. I wish it was as easy to do as BASIC, less cryptic and require
less microefforts to do anything.
3) I'm close to finishing a series of transposition applications according
to ACA standards, a handful leftSwagman, and some interesting Grilles.
4) Speaking of ACA, I could do a little cipher solving, even learn
something new. This is apt to cause me to think how to write a program
too, or even come up with a variation.
5) Base Translation...scores of usable ones need implementing, picking up
with the one I was doing when I had my stroke last summer. And, there is
always some new idea that needs to be reduced to workable notes with so
many others.
6) Pull out one of the formal articles I have been writing, correcting,
writing, correcting...
7) Do a little rabble rousing regarding crypto politics on the phone. Or,
check on progress regarding certain projects involviing others...voice or
email.
8) Wander around the web looking for information that might be helpful.
9) Go to one of the nearby university libraries and hit the stacks.
10) Website work: Write something new, start another speciality site.
11) Clean up and reorganize information, trying to condense important
stuff so that it can be searched.
12) I'm sure there are more, and at least one will get into today's activities.
13) Look at future conferences, CFP, AES, ACA, etc. , note dates on the
calendar, and hope that I will feel good enough to reasonably go to one
soon; but, I can dream can't I?
--
Regarding healthcare, when GWB became govenor, Texas was 43 in
the nation, now we are 49th. And, I need not tell you about his
bloody support of the death penalty. Reformer?
--
From: [EMAIL PROTECTED] (Alun Jones)
Crossposted-To: comp.security.misc,alt.security.pgp
Subject: Re: Passwords secure against dictionary attacks?
Date: Wed, 23 Feb 2000 16:21:41 GMT
In article newscache$c6pdqf$ci5$[EMAIL PROTECTED], "Ken Hagan"
[EMAIL PROTECTED] wrote:
"Ilya" [EMAIL PROTECTED] wrote in message
news:zZEs4.2145$[EMAIL PROTECTED]...
Is it secure to take two words and join them together, such as:
crypto/life cyber@machine green-dog Loud!Music
I think that they are not vulnerable to dictionary attacks since the
password is not a word, it combines two words and is meaningless
and can only be brute-forced.
You don't
Cryptography-Digest Digest #188
Cryptography-Digest Digest #188, Volume #11 Wed, 23 Feb 00 17:13:02 EST
Contents:
Re: NSA Linux and the GPL ("Douglas A. Gwyn")
Re: Passwords secure against dictionary attacks? ([EMAIL PROTECTED])
Re: The solution is Open Source! (Paul Schlyter)
SAC 2000 Call for Papers (Stafford Tavares)
Re: Question about OTPs (Bryan Olson)
Re: Passwords secure against dictionary attacks? ("Ken Hagan")
Re: Processor speeds. ("Clockwork")
Re: The solution is Open Source! (Mike McCarty)
Compression in the Real World ([EMAIL PROTECTED])
Re: Does the NSA have ALL Possible PGP keys? (Mike McCarty)
Re: Passwords secure against dictionary attacks? (Alun Jones)
Re: Passwords secure against dictionary attacks? (Peter Berlich)
Re: Passwords secure against dictionary attacks? (Alan J Rosenthal)
From: "Douglas A. Gwyn" [EMAIL PROTECTED]
Subject: Re: NSA Linux and the GPL
Date: Wed, 23 Feb 2000 19:15:21 GMT
"John E. Kuslich" wrote:
Why is has John Deutch not been arrested and charged with violations
of the law regarding care of classified information?
To what "law" are you referring? We have laws about espionage and
sedition, but no Official Secrets Act.
I agree that it was a terrible, inexcusable mistake, and should
keep anyone from ever again putting Deutsch in a position of trust,
but I don't see how he can be punished under the law.
--
From: [EMAIL PROTECTED]
Crossposted-To: comp.security.misc,alt.security.pgp
Subject: Re: Passwords secure against dictionary attacks?
Date: Wed, 23 Feb 2000 19:12:00 GMT
QWERTY offsets are not very secure. A typcial dictionary
attack interation would go: 1) Dictionary, 2) Reverse Dictionary, 3)
QWERTY Offset Dictionary, 4) Alpha offset Dictionary,
If bullwinkle is in my dictionary, interation number 3 would get you.
I used to use QWERTY offsets. Not any more.
As to the original posting on concatenating dictionary words. That too
can be weak. However, since the concatenation permutations far exceed
the QWERTY offset, I would dare say that concatenation is more secure
than QWERTY.
In article 88vpde$s3c$[EMAIL PROTECTED],
"NutWrench" [EMAIL PROTECTED] wrote:
Hi Ilya,
One way to have a easily-remembered password that defeats dictionary
based
attacks is to enter your passphrase, but press the key which is above
and to
the left or right of the actual key. For example, if your password is
'bullwinkle', instead of pressing 'b' press 'h' (above and to the
right).
The typed text for 'bullwinkle' would then be: 'h8pp39jop4':o)
--Nut
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: [EMAIL PROTECTED] (Paul Schlyter)
Subject: Re: The solution is Open Source!
Date: 23 Feb 2000 19:07:45 +0100
In article MaUs4.71$[EMAIL PROTECTED],
John E. Kuslich [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] wrote in message news:88ua13$29b$[EMAIL PROTECTED]...
In article 88s99s$lhu$[EMAIL PROTECTED],
[EMAIL PROTECTED] wrote:
How can we be sure our encryption software has no backdoor?
The answer, of course is Open Source. There are several free open source
encryption packages available, e.g. the java package by www.cryptix.org.
The source code for this is available, so anyone with a basic
understanding of programming and math can check the code to make sure
there are no secret backdoors or key escrow systems.
It's free, and you yourself can ensure it's safe! Goodnight NSA...
The "answer" you provide is NOT the answer at all. It is an illusion.
Suppose you write open source code and everybody agrees that the source code
is a pure as the driven snow.
Now you have to compile the sucker, right? How do you know that the
compiler you are using is as pure.
Ok, so you use an open source compiler, right?
Now you have to compile THAT sucker, right? Well no, some of it is written
in assembler so we worry about the assembler.
So we use an open source assembler. Which was compiled by another compiler,
so let's see we have to check that compiler also
Gees, this is starting to be like work...
This is no problem really. Yes, when developing a compiler, you must
during the devlopement phase some time "bootstrap" it by using some
software tool which isn't open source. But after that, the compiler
might very well be self-compiling, if a suitable language is used,
e.g. C. OK, you may need to assemble some parts -- but that assembler
can be written in C and assembler too. So the combination of C compiler
and assembler will form a self-compiling/assembling system. Then you
have a true open source compiler -- that is, if your linker, librarian
and loader also are open source.
But, suppose, through a super human effort, you manage to convince yourself
that all the tools you use to compile your open source code are pure,
Which is faily easily acheived by a
Cryptography-Digest Digest #189
Cryptography-Digest Digest #189, Volume #11 Wed, 23 Feb 00 21:13:01 EST
Contents:
Re: John McCain Encrypt? (ChenNelson)
Re: Compression in the Real World (Mok-Kong Shen)
Re: Processor speeds. (Mok-Kong Shen)
Re: EOF in cipher??? (Bryan Olson)
Re: DES algorithm (John Savard)
Re: DES algorithm (John Savard)
Re: DES algorithm (John Savard)
Re: NSA Linux and the GPL (John Savard)
Re: DES algorithm (JPeschel)
Re: DES algorithm ([EMAIL PROTECTED])
Re: OAP-L3 Encryption Software - Complete Help Files at web site (Tim Tyler)
RSA private key representation w/3 primes ([EMAIL PROTECTED])
Re: The solution is Open Source! ("John E. Kuslich")
Re: Passwords secure against dictionary attacks? (David A Molnar)
Re: Question about OTPs (Tim Tyler)
Re: NIST, AES at RSA conference (Tim Tyler)
From: [EMAIL PROTECTED] (ChenNelson)
Subject: Re: John McCain Encrypt?
Date: 23 Feb 2000 22:16:53 GMT
=BEGIN PGP SIGNED MESSAGE=
Hash: SHA1
No one really knows what this "Hipcrime" character is. What is known
is that Hipcrime periodically floods groups he/she/it doesn't like
with garbage such as that posted. At least no one has been able to
determine a message, if there is any. The news.admin.net-abuse.*
groups are the most common Hipcrime target. All in vain, of course,
and this character simply loses the throwaway accounts used for the
abuse.
Later,
Nelson Chen
=BEGIN PGP SIGNATURE=
Version: PGP for Personal Privacy 5.5.2
Comment: For public key, go to key server with key ID 0xD28C0DD9
iQA/AwUBOLRc4W1ACZTSjA3ZEQKnvACfX1lSo+Pl7jjLlIY+99vOuADZ6zkAnjhO
vU+AAV2QZSFEs1RMQ4i4qqwX
=X4Jw
=END PGP SIGNATURE=
==
To earn $0.05 per clickthrough from your web page, please go to
http://www.3wmart.com/ and sign up for our button banner program.
--
From: Mok-Kong Shen [EMAIL PROTECTED]
Subject: Re: Compression in the Real World
Date: Wed, 23 Feb 2000 23:31:20 +0100
[EMAIL PROTECTED] wrote:
There has been a lot of discusion about 1-1 Hufman compression and how
it would increase the entropy before encryption .
Sometimes you need real compressors. Lets assume I have a 100 page word
document which I want to compress and encrypt. If I dont compress it it
will take take about an hour to transmit ( 1 page of word doc is 40
KBytes at 5Kb/s sustained connection ).
Working with large documents, 100-500 pages requires real compressors.
I remember meeting the CEO of an Imaging company in San Jose way back in
the 80´s (forgot the name of the co. Viacom?...I think it merged with
I2S, Int. Imaging Systems), he claimed he had a text compression system
with a 100:1 compression ratio...and he was an expert in the field..
And what happened to Compression Labs...they had pretty good imaging
compression technology.
It seems that no real discusion has taken place of encypting large text
files . Emails and small messages are a piece of cake. If you are an
insurance company or a pharmaceutical company, and you have to transmit
1000´s of pages then real compression is a must.
A Word document has formatting informations and that increases
the volume over what the pure text characters need. As far as I
am aware, one normally refers to pure text characters when one
talks about a text file. Hence text file compression also refer
to compression of these. If you have really secret messages, what
you want to protect are only the pure text characters. Hence a
question is whether you 'really' have to transmit a Word document
or it suffices to have its contents be transmitted. If you insist
on transmitting a Word document as such, i.e. accepting the
inefficiency incurred by the presence of formatting informations,
then of course you can do that, since a Word document is a sequence
of bytes and you can compress it with any of the lossless
compression schemes to reduce the volume and then apply your
encryption method. For image compression, on the other hand, one
generally uses lossy compressions. Such lossy compression techniques
cannot be applied to the byte sequence of a Word document, because
you cannot recover the original due to the losses. Well, theoretically
you could treat what you see on the screen of the document as a
picture and apply the image compression techniques, but that's a
tremendous waste of resources, since each character would then have
to be represented by a number of pixels and that would cause a large
expansion factor which I believe (though I have no real data to
precisely support my claim) can by far not be compensated by the
fact that the lossy compressions usually have a much larger
compression ratio than the lossless ones. (Afterall, this larger
compression ratio comes from properties of the common types of
pictures which differ from a Word document that is 'treated'
(thought of) as a picture.)
The
Cryptography-Digest Digest #190
Cryptography-Digest Digest #190, Volume #11 Thu, 24 Feb 00 02:13:01 EST
Contents:
Re: DES algorithm (JPeschel)
Re: DES algorithm ([EMAIL PROTECTED])
Re: RSA private key representation w/3 primes (Paul Rubin)
Re: OAP-L3 Encryption Software - Complete Help Files at web site (Terry Ritter)
Re: NIST, AES at RSA conference (Terry Ritter)
Re: NSA Linux and the GPL ("Trevor Jackson, III")
Re: Processor speeds. ("Trevor Jackson, III")
Re: Implementation of Crypto on DSP (Thierry Moreau)
Re: EOF in cipher??? ("Trevor Jackson, III")
Re: EOF in cipher??? ("Scott Fluhrer")
Re: Processor speeds. ("Clockwork")
Re: EOF in cipher??? ("Douglas A. Gwyn")
Re: DES algorithm ("Douglas A. Gwyn")
Re: Processor speeds. ("Clockwork")
Re: DES algorithm (Nemo psj)
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: DES algorithm
Date: 24 Feb 2000 02:30:39 GMT
[EMAIL PROTECTED] (John Savard) writes:
the only thing I can do with it in a browser is to
type it in in the URL box. Only if Acrobat Reader isn't installed (or
it's on the disk, but the file types aren't registered) do I get the
chance to save the file.
Set up your browser to warn you of a "security hazard."
That will give you the choice of opening the file or saving
it.
Joe
__
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__
--
From: [EMAIL PROTECTED]
Subject: Re: DES algorithm
Date: Thu, 24 Feb 2000 02:38:45 GMT
http://www.ams.org/notices/23/fea-landau.pdf
I notice that URLs are occasionally provided directly to .pdf
documents. That will make them come up in the browser, which requires
both the browser and Acrobat Reader to be running at the same time,
which may lead to system crashes on older computers with less memory.
I never get anything except a blank browser page from these even
though I see the Acrobat Reader logo for a few seconds. What would
cause this?
-- Jeff Hill
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: RSA private key representation w/3 primes
Date: 24 Feb 2000 03:16:25 GMT
In article 891sg7$lq9$[EMAIL PROTECTED], [EMAIL PROTECTED] wrote:
Forgive the possibly stupid question, but I am looking
for a statement of the decryption operation and key
representation for RSA with 3 primes that is analogous
to the following 2-prime procedure as articulated in
PKCS#1:
Basically phi(n) = (p-1)(q-1)(r-1) and everything else works out
mostly the same way as before. You do secret key operations using the
residues mod p,q,r and combine them with Garner's algorithm (see
Knuth vol. 2 or any similar book).
I have to ask, though, why do you want to mess around with a scheme
like this, especially if you don't know enough basic math to be able
to easily figure out all the details?
--
From: [EMAIL PROTECTED] (Terry Ritter)
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: OAP-L3 Encryption Software - Complete Help Files at web site
Date: Thu, 24 Feb 2000 03:37:37 GMT
On Wed, 23 Feb 2000 23:20:22 GMT, in [EMAIL PROTECTED], in
sci.crypt Tim Tyler [EMAIL PROTECTED] wrote:
In sci.crypt David A. Wagner [EMAIL PROTECTED] wrote:
: In article [EMAIL PROTECTED], Tim Tyler [EMAIL PROTECTED] wrote:
: Any algorithm that comes with a mathematical proof that it's unbreakable
: is unlikely to be analysed by the world's leading codebreakers.
:
: Instead it is likely to be dismissed out-of-hand - as the output of
: someone with little idea about the nature of the field.
: Nonsense. Cryptosystems that are provably secure (under some assumptions)
: are published all the time, and broken some of the time.
An "unbreakable" code?? Give me a break! ;-)
"Provably secure" is the sort of "in joke" which has become common in
academia: Simply by re-defining ordinary words and phrases one can
achieve apparently breathtaking results. But in practice, "provably
secure (under some assumptions)" means "no more secure than anything
else."
Admittedly, there is some motive for continued progress in what can be
proven in ciphers. But until we get a complete reasonable proof,
using the phrase "provably secure" for a cipher which is *not* in fact
provably secure in practice comes remarkably close to deliberate
academic deception.
Similar things happen in randomness testing.
---
Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
--
From: [EMAIL PROTECTED] (Terry Ritter)
Subject: Re: NIST, AES at RSA conference
Date: Thu, 24 Feb 2000 03:41:15 GMT
On Thu, 24 Feb 2000 01:26:09 GMT, in [EMAIL PROTECTED], in
sci.crypt Tim Tyler [EMAIL PROTECTED] wrote:
