Re: Opt-Out of DoubleClick
Harmon Seaver wrote: Has anyone noticed that when you go to this "opt-out" page and get the doubleclick cookie set to optout, that three new cookies get set at that moment? One for imigis.com, one for www.britannica.com, and another for avenuea.com. So possibly the "opt-out" is just a scam, and they track under another name, so you won't know to delete those cookies? possible. I noticed that imigis.com and avenuea.com get used on sites that use doubleclick, now that I put that into the DNS killfile. it looks up a lot of ad.doubleclick.net (rotates between that and the site I'm viewing very quickly, since both are in the dns cache), then turns to imigis.com the interesting part is that even though the HTML source points to a file on doubleclick.net, there IS some image there. no hint of imigis.com anywhere on the whole page, even though I positively saw it being looked up in the status line. anyone knows what's going on here? just the usual paranoia, or is doubleclick really up to something?
Re: Big Brother at the Nurnberg Toy Fair
At 9:40 PM -0800 2/13/00, David Kane-Parry wrote: http://www.spielen.at/action/defaulte.htm Search by title for "Big Brother". It would be nice if all you folks who suggest that we go to some site and search for some story give us some hints as to why we should bother. The opening paragraphs of the story, for example. Or the submitter's paraphrase. Mostly I just delete these kinds of "no explanation" suggestions. Especially from people I don't recognize, for obvious reasons. --Tim May print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*", )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0X+d*lMLa^*lN%0]dsXx++lMlN/dsM0J]dsJxp"|dc` -:-:-:-:-:-:-: Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
Re: Opt-Out of DoubleClick
Reese wrote: I didn't bother to check - I delete any and all cookies, at regular and frequent intervals,,, I used to run a nightly cron job that deleted my cookies, but that presents a different problem -- such as deleting the mp3.com cookies means that I have to re-register every time I go there, which sometimes is daily. Likewise deleting the amazon cookies means that the the partial orders in my shopping cart disappear. Neither is a big deal, I guess, but annoying. One other thing on the doubleclick optout page -- after you get your cookie "fixed", it has a button that says "Close Window". Clicking on this starts a java applet on my machine which crashes Netscape -- anybody know what this is about? Obviously, "close window" is a trojan something -- they don't need to run an applet on my machine to close a window on their website.
Reeses manhood questioned again
At 03:51 AM 2/14/00 -0500, Reese wrote: Anecdotal, and heresay to boot. Point is, you weren't paying attention to detail when you walked up, got in and tried the guhnition switch --- these are not cypherpunk qualities, as I've come to understand them,,, Reese Do you even know how to program, Reese?
RE: the power of cryptography
At 12:51 AM -0800 2/14/00, Reese wrote: At 12:12 AM 2/14/00 -0500, Lucky Green wrote: Reese wrote: I doubt that a true cypherpunk has ever mistaken anothers car, for his own. Forget the precise lat and lon coordinates maybe, but not mistake someone elses property. The balance of your text is based on this false premise, and is both snipped and unaddressed. I've mistaken somebody elses car for mine more than once. Heck, many years ago, I got into a car with the same side-long dent my old junker had. As I am trying to turn the ignition key, I notice all these half-smoked menthol cigarettes in the open ashtray. Same year, same model, same interior. Parked three cars down from my car. If it hadn't been for the cigarette butts in the ashtray, I might have found myself disassembling the ignition lock while the real owner walked up. Instead, I quietly exited the car. Anecdotal, and heresay to boot. Point is, you weren't paying attention to detail when you walked up, got in and tried the guhnition switch --- these are not cypherpunk qualities, as I've come to understand them,,, No, not hearsay, nor even "heresay" or "heresy." Direct testimony. You, Reese, claimed that you doubted that a "true cypherpunk" has ever mistaken another's car for his own. Lucky said he had. Direct testimony. I have as well. Never to the point of being inside the car, but to the point of trying my key in the lock. Reese, you've really become especially obnoxious these last couple of months. --Tim May print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*", )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0X+d*lMLa^*lN%0]dsXx++lMlN/dsM0J]dsJxp"|dc` -:-:-:-:-:-:-: Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
Kadaffi Report
We offer the 1995 secret UK report on the plot to overthrow Kadaffi reported in Britain Saturday: http://cryptome.org/qadahfi-plot.htm
Re: Re: Opt-Out of DoubleClick
Harmon Seaver wrote: I used to run a nightly cron job that deleted my cookies, but that presents a different problem -- such as deleting the mp3.com cookies means that I have to re-register every time I go there, which sometimes is daily. Likewise deleting the amazon cookies means that the the partial orders in my shopping cart disappear. Neither is a big deal, I guess, but annoying. One other thing on the doubleclick optout page -- after you get your cookie "fixed", it has a button that says "Close Window". Clicking on this starts a java applet on my machine which crashes Netscape -- anybody know what this is about? Obviously, "close window" is a trojan something -- they don't need to run an applet on my machine to close a window on their website. So learn how to write shell scripts that use grep. Grep for the shit you want to keep and write it to the new cookie file. -- Kaos Keraunos Kybernetos + ^ + Sunder "Only someone completely distrustful of /|\ \|/ [EMAIL PROTECTED]all government would be opposed to what /\|/\ --*-- we are doing with surveillance cameras" \/|\/ /|\ You're on the air. -- NYC Police Commish H. Safir. \|/ + v + Say 'Hi' to Echelon "Privacy is an 'antisocial act'" - The FedZ. http://www.sunder.net --- I love the smell of Malathion in the morning, it smells like brain cancer.
Re: PGP?
On Sun, Feb 13, 2000 at 12:14:26AM -0800, Bill Stewart wrote: At 01:55 PM 02/10/2000 -0700, Forrest Halford wrote: I am wondering what the consensus is on the security of the newer versions of PGP vs the 2.x series? What think all ye Cypherpunks? It's all been discussed long ago. The advantage of the 2.x series it was small enough there was some chance of reading the code and finding the bugs, whereas newer versions are out of control, with creeping featuritis, guis, Microsoft-like bloatware, etc. However, there are serious problems in the 2.x versions that are fixed in the later versions, which justify switching. GPG is probably worth considering as well. -- 1024/D9C69DF9 steve mynott [EMAIL PROTECTED] http://www.pineal.com/ gravity cannot be held responsible for people falling in love. -- albert einstein
Re: Opt-Out of DoubleClick
Yeah, I know how to do that. But it has the same problem that it does in using grep to check your system logs every day -- it misses stuff you haven't thought of. Finding a way to defeat the doubleclicks would be better, if you could keep up with all their various personas and nyms. But perhaps you're right, maybe it's too difficult to keep up with, and better to just kill all cookies except the few known to have value. Sunder wrote: So learn how to write shell scripts that use grep. Grep for the shit you want to keep and write it to the new cookie file. -- Harmon Seaver, MLIS Systems Librarian Arrowhead Library SystemVirginia, MN (218) 741-3840 [EMAIL PROTECTED] http://harmon.arrowhead.lib.mn.us
NWA computer seizureg;
From: http://www.wsws.org/articles/2000/feb2000/nwa-f11.shtml Date: 2/14/00 Time: 8:41:33 AM Remote Name: 205.188.192.174 Comments WSWS : Workers Struggles : Airlines Action against dissidents in airline contract struggle US court orders seizure of Northwest flight attendants' home computers By Jerry White 11 February 2000 Use this version to print Northwest Airlines last week began court-authorized searches of the home computers of flight attendants whom the airline suspects organized a sick-out over the New Year's holiday. Two computer forensic experts, hired by Northwest, seized the computers of a rank-and-file flight attendant who operates a web site and electronic bulletin boards, and copied the hard drives from the computers of 21 individuals, including private e-mail messages. The investigators also spent two hours searching computers at the Bloomington, Minnesota offices of Teamsters Local 2000, which represents Northwest's 11,000 flight attendants. Last month, after a high number of sick calls from flight attendants forced the company to cancel flights over New Years, Northwest sued the union and individually-named flight attendants, alleging they had violated federal law by orchestrating a sick-out. US District Judge Donovan Frank in St. Paul, Minnesota agreed and issued a temporary restraining order prohibiting Teamsters Local 2000, its leaders and specific flight attendants from encouraging or participating in sick-outs or other illegal job actions. The judge gave Northwest the right to seek evidence relating to the job action, including searching through the e-mails of 43 individuals, well beyond the number of people named in the original lawsuit. The company has particularly targeted two dissident flight attendants, Kevin Griffin of Honolulu and Ted Reeve of North Hollywood, California, who operate web sites and electronic bulletin boards that have been critical of both the company and the union. Flight attendants have been fighting for a new contract since September 1996 and are anxious to recoup concessions that the union granted to the now highly profitable airline earlier in the decade. Last August, flight attendants used Internet forums to organize the overwhelming defeat of a contract proposal endorsed by Local 2000 and Teamsters General President James Hoffa. Northwest accuses Griffin and Reeve of inciting the alleged job action. The company's attorneys cited anonymous postings calling for a sick-out on Griffin's message board nwaflightattendants.com during the request for a temporary restraining order. These messages were usually followed by urgings from Griffin that participants not advocate illegal activities. Griffin, a veteran Northwest flight attendant, was forced to surrender his Packard Bell desktop and Fujitsu laptop to investigators from the firm of Ernst Young last week. The two examiners flew to Hawaii from their Washington DC and Texas offices to confiscate the machines. Afterwards Griffin said, I didn't think they had the right to come and get your home computer. Jon Austin, a spokesman for Northwest, defended the search, saying, In the age we live in, the normal course of discovery includes taking depositions, producing documents and these days more than ever looking into the content of computers. So many documents and communications these days are purely electronic in nature, he said. The threat of court-authorized searches of home computers has already had its desired effect. Postings to Griffin's web site have slowed down significantly. Of those who aren't afraid to comment in the open forum section of the web site, a much smaller percentage of the writers are identifying themselves, Griffin said. It's like they are running scared, with good reason, he added. Reeve said the judge's order means that he must be particularly cautious about what information he posts on his own site, lest the company accuse him of supporting a sick-out and therefore violating the district court's order. Free speech advocates denounced the searches. This kind of precedent could have a very chilling effect on the exercise of speech rights, and could set a very bad precedent for privacy, said Jerry Berman, executive director for the Center for Democracy and Technology, a leading privacy rights organization based in Washington DC. If Northwest succeeds in gaining access to the hard drives of the home computers of its employees, it will certainly put a chill on the uses employees everywhere make of their home computers, said Beth Givens, director of the Privacy Rights Clearinghouse in San Diego. The concern for democratic rights was not echoed, however, by the flight attendants' own union, Teamsters Local 2000. On the contrary, earlier this week the Teamsters officials entered into a deal with Northwest and the federal court that paves the way for the continued persecution of the rank-and-file flight attendants. On Sunday, February 6,
Robin Cooks Bad Day
TO FUSD 185 IMMEDIATE TO RESEARCH DEPT 234 IMMEDIATE TO MOD 913 IMMEDIATE TO CABINET OFFICER 721 IMMEDIATE TO SECURITY SERVICE 1G0 IMMEDIATE BT IMMEDIATE LEDGER UK S E C R E T/DELICATE SOURCE/UK EYES ALPHA REQUIREMENTS: 2LIAPX01 LEDGER DISTRIBUTION: FCO - FUSD DICTD XHEAD RAD - ME MOD - DI(I AND W) DI (ROW)A CABINET OFFICE - JIC (ASSESSMENTS STA GCHQ - E1GA2 SECURITY SERVICE - G5A5, G6A5 AND G5A3 BRITISH AUHTORITIES INFORMED: CAIRO TUNIS WASHINGTON CX 95/53452(R/ME/C) OF 04 DECEMBER 1995 (GYNI[-]/I EXT I[---]/I) /REPORT PAGE TWO UK S E C R E T/DELICATE SOURCE/UK EYES ALPHA REPORT NO: 95/53452 (R/ME/C) TITLE: LIBYA: PLANS TO OVERTHROW QADAHFI IN EARLY 1996 ARE WELL ADVANCED SOURCE: A NEW SOURCE WITH DIRECT ACCESS WHOSE RELIABILITY HAS NOT BEEN ESTABLISHED SUMMARY 5 Libyan colonels in charge of plans to overthrow QADAHFI, scheduled to coincide with the next General Peoples Congress in February. Coup will start with unrest in Tripoli, Misratah and Benghazi. Coup plotters are not associated with Islamic fundamentalists. MUSA QADHAR AL-DAM murdered by coup plotters in June. Attempt to assassinate QADAHFI in August thwarted by security police. DETAIL 1. In late November 1995 I[Removed to protect illegible's identity]/I described plans, in which he was involved, to overthrow Colonel QADAHFI. He said that 5 colonels from various parts of the armed forces were in charge of the coup plot. the included I[blank--/I I-blank]/I The latter was most likely to take overall control. 2. The coup was scheduled to start at around the time of the next General Peoples Congress on 14 February 1996. It would begin with attacks on a number of military and security installations including the military installation at TARHUNA. There would also be orchestrated civil unrest in Benghazi, Misratah and Tripoli. The coup plotters would launch a direct attack on QADAHFI and would /either PAGE THREE UK S E C R E T/DELICATE SOURCE/UK EYES ALPHA 95/53452 either arrest him or kill him. 3. The coup plotters had 1275 active sympathisers in the following areas: TRIPOLI 240 persons; BENGHAZI 135; TOBRUK 114; MISRATAH 148; SIRTE 40; AL-ZAMIYA 180; AL ZUMARAH 300; AL KNUME 28; GHADAMIS 50. Their occupations ranged from students, military personnel and teachers throgh to businessmen, doctors, police officers and civil servants. The plotters were divided into 5 groups, each with 5 officers in charge. Messages to members of each group were passed via schools and Mosques. The start of the coup would be signalled through coded messages on television and radio. The coup plotters had sympathisers working in the press, radio and television. 4. The military officer said that the plotters would have cars similar to those in QADAHFI's security entourage with fake security number plates. They would infiltrate themselves into the entourage in order to kill or arrest QADAHFI. 5. One group of military personnel were currently being trained in the desert area near KUFRA for ther role of attacking QADAHFI and his entourage. The aim was to attack QADAHFI after the GPC, but before he had returned to SIRTE. One officer and 20 men were being trained especially for this attack. 6. The coup plotters were not associated with the Islamic fundamentalists who were fermenting unrest in Benghazi. However, they had had some limited contact with the fundamentalists, whom the military officer described as a mix of Libya veterans who served in Afghanistan and Libyan students. The coup plotters also had limited contact with the Algerian and Tunisian governments, but the latter did not know of their plans. /7. PAGE FOUR UK S E C R E T/DELICATE SOURCE/UK EYES ALPHA 95/53452 7. The coup plotters were responsible for the death of I[blank,--/I INames removed to protect security--blank]/I was about to take up the position as head of Military Intelligence when he was forced off the Tripoli-Sirte road and was killed. The 2 coup plotters involved escaped unhurt. In August 1995, 3 army captains who were part of the coup plot attempted to kill Colonel QADAHFI. However, security police caught them waiting at the roadside on the Tripoli-Sirte road awaiting QADAHFI's entourage. Bothe men escaped to TUNISIA. 8. The plotters had already distributed 250 Webley pistols and 500 heavy machine guns amongst the groups. SOURCE COMMENT A.The coup plotters expected to establish control of Libya by the end of March 1996. They would form an interim government before discussions with tribal leaders. The group would want rapproachment with the West. They hoped to divide the country into smaller areas, each with a governor and a democratically elected parliament. There would be a federal system
This week, Prudential Securities' Ralph Acampora and Nick Heymann discuss the impacts of e-commerce on consumer electric
* You are receiving this information because you have previously registered for Multex Investor * Dear Multex Investor Member, Multex Investor is pleased to invite you to join Prudential Securities' Ralph Acampora and Nick Heymann on Thursday, February 17, as they discuss General Electric (GE) and the impacts of e-commerce on consumer electric companies. Heymann says, "The shift to an e-commerce business model could offer some of our companies, General Electric and Honeywell in particular, exceptional and sustained above-average growth." The analysts will discuss General Electric (GE), Honeywell, Inc. (HON), Rockwell (ROK), Maytag (MYG), and Black and Decker (BDK). You may pre-register to view the webcast by signing up for Prudential Securities' free 60-day research trial on Multex Investor. (Regrettably, non-U.S. residents are not eligible for Prudential Securities' free research trial and will not be able to view the webcast.) To register for the exclusive free webcast and Prudential Securities' free research trial, please visit: http://www.multexinvestor.com/eventPreview.asp?eventID=PruSec2217 Windows Media Player or RealPlayer is required to watch this event. Download and/or test your software here: http://www.multexinvestor.com/eventPreview.asp?eventID=PruSec2217 Please direct any questions about this webcast to [EMAIL PROTECTED] Sincerely, Trevor Coe Associate Producer, Community Multex Investor
Health care privacy/HIPAA
At last Saturday's physical meeting in the SF Bay Area, I mentioned HIPAA, recent federal health care legislation which includes a privacy component. In the absence of further Congressional action, the federal Department of Health and Human Services has created draft regulations intended to regulate information practices within the healthcare and health insurance industries. A summary of the draft regulations is available online at http://www.jhita.org/hipprs.htm, for those who would like to read more about these regulations. -- Greg Broiles [EMAIL PROTECTED]
Re: shmoo on web of trust, Israeli-Iran TOWs
At 6:02 PM -0800 2/14/00, Anonymous Sender wrote: Here a punkly (?) site seems to suggest that trusting the government is a reasonable policy. This problem exemplifies the problems you encounter when dealing with a web of trust model. You must actively monitor those to whom you give your trust, or it may bite you later. While dealing with large, central companies such as Verisign or the Post Office may be evil, at least they're a known evil entity. The option is the possibility of hundreds of evil people running around abusing your trust. http://www.shmoo.com/ Yet another wrongheaded interpretation of "trust." Insofar as key signings go, political views are not important. Golda Meier could have signed the Ayotallah Khomeini's key with complete equinimity. Think about it. If I were to meet Fidel Castro, and were to become convinced that the guy in military fatigues I was talking to was in fact the same "Fidel Castro" that I have been seeing since I was a 9-year-old, I would probably sign his key (maybe for a box of good cigars). [Modulo the issue that some folks in Washingon who deserve to be executed have probably made it a crime of some sort to sign the key of an Unapproved Person.] That I would sign his key means that I am expressing a level of belief that the person presenting the key is the owner of that key. Not that he is "Fidel Castro," per se, and certainly not that I agree with his policies or that I think he has TOW missiles, or whatever. Somene seeing my name on the list of signatures attached to "Fidel Castro's key" simply tells someone: "Tim May had some level of confidence that the key belongs to someone that Tim thinks is Fidel Castro." (I believe the calculus for thinking about webs of trust is the "Dempster-Shafer theory of belief." Search on Dempster-Shafer. I wrote a fairly long article a few years ago on why this is the best calculus. The archives, such as they are, may have this article.) Key signings have nothing to do with support of opinions or policies or beliefs about weapons deals. In this particular instance, the Iranians and Hezbollah are on the side of right in battling the Zionist insect that preys upon the life of the people. --Tim May print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*", )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0X+d*lMLa^*lN%0]dsXx++lMlN/dsM0J]dsJxp"|dc` -:-:-:-:-:-:-: Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
Re: shmoo on web of trust, Israeli-Iran TOWs
At 18:38 2/14/2000 -0800, Tim May wrote: Yet another wrongheaded interpretation of "trust." Insofar as key signings go, political views are not important. Golda Meier could have signed the Ayotallah Khomeini's key with complete equinimity. Think about it. Right. This shouldn't need to be explained, of course, but there's not a good institutional memory here, at least not in web-archive form. One useful analogy might be Time magazine's "Man of the Year," designed to highlight the most important person, or thoughts along those lines. Hitler was it once. Time mag is not endorsing him by dubbing him that; neither are you necessarily endorsing someone's views when signing their key. At least the analogy might be useful to newcomers. -Declan (who tried to get the Internet as Man of the Year in '97 but got outvoted. sigh.)
bankers warned of hacker attack
http://www.washingtonpost.com/wp-srv/aponline/2214/aponline221350_000.htm
Re: shmoo on web of trust, Israeli-Iran TOWs
I voted for you as many times as they'd let me. MacN -Declan (who tried to get the Internet as Man of the Year in '97 but got outvoted. sigh.)
Re: Opt-Out of DoubleClick
Harmon Seaver [EMAIL PROTECTED] writes: Has anyone noticed that when you go to this "opt-out" page and get the doubleclick cookie set to optout, that three new cookies get set at that moment? One for imigis.com, one for www.britannica.com, and another for avenuea.com. So possibly the "opt-out" is just a scam, and they track under another name, so you won't know to delete those cookies? It seems you've uncovered their sinister plot for world domination. The Encylopædia Britannica is nothing but a front for the military- industrial complex's effort to regulate your life and suck your money right out of your pocket. The black helicopters will be there shortly to pick you up so you don't live to spread the tale. (sheesh, I mean, I enjoy conspiracy theories as much as the next illuminatus, but try to think before you write) DES -- Dag-Erling Smorgrav - [EMAIL PROTECTED]
Re: RSA Patent Workaround
According to well-informed sources in Her Majesty's Government, Pete Chown [EMAIL PROTECTED] wrote: This is a bit late since the patent expires in September. However, what do people think about this scheme? Firstly is it cryptographically reasonable, and secondly does it genuinely avoid the scope of the patent? Whereas in RSA you form a modulus n as the product of two primes p and q, in my scheme you set n = pqr, where all three are prime. The order of the multiplicative group modulo n is now (p - 1)(q - 1)(r - 1). You choose e and find d such that de is congruent to 1 modulo (p - 1)(q - 1)(r - 1). This will now behave in all respects identically to an RSA key, although you will have to make the modulus bigger for identical security. In fact, someone who is given e and n will find it almost impossible to prove that it is not a genuine RSA key. You could make a key like this into an X.509 certificate. The public side will work with all software, since proving that it is not an RSA public key involves factoring n and so is computationally infeasible. The private half should work with just about all software, since it has no reason to recalculate e and d. It's a nice idea, but it's been around for ages. RSA has always seemed confident that the general description of the RSA mechanism (claim 33, which doesn't ennumerate the number of primes;-) in the Stateside RSA patent covers it. (YMMV) Even if it is not a RSApkc "patent workaround," however, it may be a potentially useful formulation of PKC. [I don't think RSA (or anyone else, AFAIK) has thus far used it in a commercial product or included it in BSAFE or any other toolkits. Dunno why not. I do know that RSA, at least, explored in some depth its potential for speeding up (~X2) crypto calculations at the server in C/S interactions. ] A Compaq crypto team has also done research in this area, using different numbers of primes with RSA. (There may even be an old paper from RSA Labs on it. I'll see if I can find it. If it is not proprietary -- I'll send it along.) Suerte, _Vin "Cryptography is like literacy in the Dark Ages. Infinitely potent, for good and ill... yet basically an intellectual construct, an idea, which by its nature will resist efforts to restrict it to bureaucrats and others who deem only themselves worthy of such Privilege." _A Thinking Man's Creed for Crypto _vbm *Vin McLellan + The Privacy Guild + [EMAIL PROTECTED]*
Re: RSA Patent Workaround
Whereas in RSA you form a modulus n as the product of two primes p and q, in my scheme you set n = pqr, where all three are prime. The order of the multiplicative group modulo n is now (p - 1)(q - 1)(r - 1). You choose e and find d such that de is congruent to 1 modulo (p - 1)(q - 1)(r - 1). that may or may not work. i'm not gonna try to work out in my head which way it goes, but a simple change to an encryption algorithm doesn't always work (for example, doubling the block size for idea doesn't work because the 33 bit modulus you'd end up using isn't prime). oh, and it *almost certainly* will not work if any of p, q, or r are equal. A Compaq crypto team has also done research in this area, using different numbers of primes with RSA. anything published and available on line? -- ha-ha!
RSA Patent Workaround
This is a bit late since the patent expires in September. However, what do people think about this scheme? Firstly is it cryptographically reasonable, and secondly does it genuinely avoid the scope of the patent? Whereas in RSA you form a modulus n as the product of two primes p and q, in my scheme you set n = pqr, where all three are prime. The order of the multiplicative group modulo n is now (p - 1)(q - 1)(r - 1). You choose e and find d such that de is congruent to 1 modulo (p - 1)(q - 1)(r - 1). This will now behave in all respects identically to an RSA key, although you will have to make the modulus bigger for identical security. In fact, someone who is given e and n will find it almost impossible to prove that it is not a genuine RSA key. You could make a key like this into an X.509 certificate. The public side will work with all software, since proving that it is not an RSA public key involves factoring n and so is computationally infeasible. The private half should work with just about all software, since it has no reason to recalculate e and d. -- phone +44 (0) 20 8542 7856, fax +44 (0) 20 8543 0176, post: Skygate Technology Ltd, 8 Lombard Road, Wimbledon, London, SW19 3TZ
Re: RSA Patent Workaround
Pete Chown [EMAIL PROTECTED] suggested a PKC formulation: Whereas in RSA you form a modulus n as the product of two primes p and q, in my scheme you set n = pqr, where all three are prime. The order of the multiplicative group modulo n is now (p - 1)(q - 1)(r - 1). You choose e and find d such that de is congruent to 1 modulo (p - 1)(q - 1)(r - 1). Vin McLellan me noted that this was not a new idea, and added that in addition to relevant research at RSA Labs over the years... A Compaq crypto team has also done research in this area, using different numbers of primes with RSA. Andrew Brown [EMAIL PROTECTED] asked for a URL that might describe the Compaq research: / anything published and available on line? Not that I know of. The Compaq work was just something I heard about sometime last year. Maybe someone from Compaq (or elsewhere) can offer more details. Suerte, _Vin