Re: U.S. Drops 'E-Bomb' On Iraqi TV
at Tuesday, April 01, 2003 11:53 PM, Kevin S. Van Horn [EMAIL PROTECTED] was seen to say: What's a legitimate government? One with enough firepower to make its rule stick? One with real (not imagined) WMD to frighten off american presidents. NK being a good example...
Re: U.S. Drops 'E-Bomb' On Iraqi TV
at Thursday, March 27, 2003 6:36 AM, Sarad AV [EMAIL PROTECTED] was seen to say: there is a lot of self imposed sensor ship in US on the war.The Us pows's shown on al-jazeera were not broadcasted over Us and those sites which had pictures of POW's were removed as unethical graphics on web pages. May be the US itself might be stopping access to al-jazeera networks. It certainly sounds probable. All the US and UK coverage is being very carefully stage-managed - all reporters are embedded into units for a reason - they are permitted to film what they are told, when they are told, and striking out on your own (or using a uplink to upload raw news to the newsroom carries the death penalty - as the ITN crew found out. Having a raw source of news - particularly one that carries pictures of young children being pulled from the rubble minus their legs - cannot possibly be tolerated. That isn't to say *that* source isn't biassed as well - try finding pro-COW coverage, and there must be at least some of the pro-COW coverage that our major media puts out that isn't faked.
Re: I for one am glad that...
at Wednesday, March 19, 2003 3:39 AM, Keith Ray [EMAIL PROTECTED] was seen to say: Which resolution took away any Member State's authority to all necessary means to uphold resolution 690? I think the problem here is who gets to define what is necessary - the UN Security council thinks it is them, Bush thinks it is him personally.
Re: Scientists question electronic voting
at Thursday, March 06, 2003 5:02 PM, Ed Gerck [EMAIL PROTECTED] was seen to say: On the other hand, photographing a paper receipt behind a glass, which receipt is printed after your vote choices are final, is not readily deniable because that receipt is printed only after you confirm your choices. as has been pointed out repeatedly - either you have some way to bin the receipt and start over, or it is worthless (and merely confirms you made a bad vote without giving you any opportunity to correct it) That given, you could vote once for each party, take your photograph, void the vote (and receipt) for each one, and then vote the way you originally intended to :) No, as I commented before, voiding the vote in that proposal after the paper receipt is printed is a serious matter -- it means that either the machine made an error in recording the e-vote or (as it is oftentimes neglected) the machine made an error in printing the vote. Or more probably, as seen in the american case - the user didn't understand the interface and voted wrongly. of course, you could avoid this by stating that the voting software displays the vote and gives a yes/no choice before printing the slip, but there is no reason to actually display the slip if there is no hope of voiding it short of storming out of the booth and demanding someone fix it.
Re: The burn-off of twenty million useless eaters and minoritie s
at Friday, February 21, 2003 4:44 PM, James A. Donald [EMAIL PROTECTED] was seen to say: Highly capitalist nations do not murder millions. but their highly capitalist companies sometimes do. is this a meaningful distinction?
Re: School of the future
at Thursday, February 20, 2003 2:04 AM, Harmon Seaver [EMAIL PROTECTED] was seen to say: The real school of the future won't have classrooms at all, and no teachers as we now know them. Instead there will be workstations with VR helmets and a number of software gurus in the machine tailoring themselves to the individual students needs and personality. The machine will never be tired or grumpy or just having a bad day or serious personality problems like human teachers. They would if I wrote them :) Some days you need a kind, understanding, sympathetic teacher; others, you need the Scary kind :)
Re: Blood for Oil (was The Pig Boy was really squealing today
at Thursday, February 20, 2003 1:28 AM, Harmon Seaver [EMAIL PROTECTED] was seen to say: No oil but lots of dope, especially lots of high grade opium and the CIA and the US scum military has been just desperate to get control of the world heroin trade again like they did in Vietnam days. They don't need to build a pipeline though Afganistan any more then? I know they were pretty annoyed when the taleban refused to let them, prior to 9/11
Re: Putting the NSA Data Overwrite Standard Legend to Death... (fwd)
at Monday, February 10, 2003 3:20 AM, Jim Choate [EMAIL PROTECTED] was seen to say: On Sun, 9 Feb 2003, Sunder wrote: The OS doesn't boot until you type in your passphrase, plug in your USB fob, etc. and allow it to read the key. Like, Duh! You know, you really ought to stop smoking crack. Spin doctor bullshit, you're not addressing the issue which is the mounting of an encrypted partition -before- the OS loads (eg lilo, which by the way doesn't really 'mount' a partition, encrypted or otherwise - it just follows a vector to a boot image that gets dumped into ram and the cpu gets a vector to execute it - one would hope it was the -intended- OS or fs de-encryption algorithm). What does that do? Nothing (unless you're the attacker). indeed. it usually boots a kernel image with whatever modules are required to get the main system up and running; There are two and only two general applications for such an approach. A standard workstation which isn't used unless there is a warm body handy. The other being a server which one doesn't want to -reboot- without human intervention. Both imply that the physical site is -secure-, that is the weakness to all the current software solutions along this line. The solution is only applicable to cold or moderately tamper-proofed systems, to prevent analysis of such systems if confiscated. It can only become a serious component in an overall scheme, but this is universally true - there is no magic shield you can fit to *anything* to solve all ills; this will add protection against the specified attacks and in fact already exists for windows (drivecrypt pluspack) - it is just non-windoze platforms that lack a product in this area.
Re: Putting the NSA Data Overwrite Standard Legend to Death... (fwd)
at Monday, February 10, 2003 3:09 AM, Jim Choate [EMAIL PROTECTED] was seen to say: On Mon, 10 Feb 2003, Dave Howe wrote: no, lilo is. if you you can mount a pgpdisk (say) without software, then you are obviously much more talented than I am :) Bullshit. lilo isn't doing -anything- at that point without somebody or something (eg dongle) being present that has the -plaintext- key. Without the key the disk isn't doing anything. So no, lilo isn't mounting the partition. It -is- a tool to do the mount. I don't understand why this concept is so difficult for you - software *must* perform the mount; there is absolutely no way you could personally inspect every byte from the disk and pass decrypted data to the os at line speed yourself. lilo is the actor here. If you gave a program spec to a programmer and said write this you wouldn't be able to claim you wrote the code yourself, no matter how good or essential the program spec was. As to mounting the disk without software, not a problem it could be done all in hardware. Though you'd still need the passphrase/dongle. you couldn't *mount* a disk in hardware; you *could* decrypt on-the-fly and make the physical disk look like a unencrypted one, but you would still need non-crypto software to mount it. for virtual drives, the real question is at what point in the boot process you can mount a drive - if it is not until the os is fully functional, then you are unable to protect the os itself. if the bootstrap process can mount the drive before the os is functional, then you *can* protect the os. No you can't. If the drive is mounted before the OS is loaded you can put the system into a DMA state and read the disk (screw the OS) since it's contents are now in plaintext. no, you can't. data from the hardware is *still* encrypted; only the output of the driver is decrypted, and a machine no longer running bootstrap or os is also incapable of decryption. you *could*, if good enough, place the processor in a halt state and use DMA to modify the code to reveal the plaintext, but it would be a major pain to do so and would require both physical access to the machine *while powered up and without triggering any anti-tamper switches* after the password has been supplied. This is actually a weakness in firmware cryptodrives (as I have seen advertised recently) - once the drive is unlocked it can usually be swapped over to another machine and the plaintext read. You can also prevent the default OS from being loaded as well. Indeed so, yes. however, usually that decision has to be made before the password would be entered - so making more awkward. you *could* finangle the bootstrap though; there must *always* be part of the code outside the crypto envelope (but of course this can be removable media such as the usb drive mentioned, and stored securely when not in use) Clue: If you own the hardware, you own the software. indeed so. however, if that applied to machines not already running, the police wouldn't be so upset when they find encrypted files on seized hardware.
Re: A secure government
No, the various provisions of the Constitution, flawed though it is, make it clear that there is no prove that you are not guilty provision (unless you're a Jap, or the government wants your land, or someone says that you are disrespectful of colored people). Unfortuately, this is not true in the UK - the penalty for non-decryption of encrypted files on request by an LEA (even if you don't have the key!) is a jail term.
Re: A secure government
at Thursday, February 06, 2003 11:21 AM, Pete Capelli Then which one of these groups does the federal government fall under, when they use crypto? In the feds opinion, of course. Or do they believe that their use of crypto is the only wholesome one? Terrorism of course, using their own definition - they use force or the threat of force to achieve their political aims :)
Re: Putting the NSA Data Overwrite Standard Legend to Death... (fwd)
at Thursday, February 06, 2003 2:34 PM, Tyler Durden [EMAIL PROTECTED] was seen to say: I've got a question... If you actually care about the NSA or KGB doing a low-level magnetic scan to recover data from your disk drives, you need to be using an encrypted file system, period, no questions. OK...so I don't know a LOT about how PCs work, so here's a dumb question. Will this work for -everything- that could go on a drive? (In other words, if I set up an encrypted disk, will web caches, cookies, and all of the other 'trivial' junk be encrypted without really slowing down the PC?) Provided the drive is mounted, yes. and there is no without slowing down the pc - obviously it *will* cost CPU time (you are doing crypto on each virtual disk sector on the fly), but it shouldn't impact on bandwidth unless you have a really slow pc. Virtual drives occupy a drive letter like a normal drive. most (including pgpdisk) have to be mounted while windows is already running - ie, there is nothing at that disk letter until you run a program and type a password. Some (like DriveCrypt Pluspack) allow the boot volume to be a virtual volume and be mounted *before* windows starts running. Easiest way to find out what you can and can't do is download Scramdisk or E4M, and play :)
Re: A secure government
at Thursday, February 06, 2003 3:44 PM, Peter Fairbrother [EMAIL PROTECTED] was seen to say: David Howe wrote: a) it's not law yet, and may never become law. It's an Act of Parliament, but it's two-and-a-bit years old and still isn't in force. No signs of that happening either, except a few platitudes about later. Indeed - and the more FaxYourMP can do to keep that ever coming into force the better :) b) Plod would have to prove you have the key, and refused to give it, before you got convicted. Kinda hard to do. Not true - they have to prove you *had* the key at some point in the past. having lost the key isn't a defense c) you already know this!!! probably - it was an oversimplification of a complex legal situation. the law *is* on the books, and as far as I can see, all that is stopping the first part of it coming into force is the desire of the HO to add a shopping list of new people to the list already defined in the act. I am assuming that the part we are discussing here is held up in the queue until the bits before it come into effect.
Re: A secure government
at Thursday, February 06, 2003 4:48 PM, Chris Ball [EMAIL PROTECTED] was seen to say: Another point is that ``normal'' constables aren't able to action the request; they have to be approved by the Chief Constable of a police force, or the head of a relevant Government department. The full text of the Act is available at: at least in theory. It was only a massive public FaxYourMP campaign that aborted the attempt to extend the people able to authorise list for interception to the head of any local government department (and a few other groups). I have no reason to believe that a similar paper would not have extended authority to demand keys right down to the dogcatcher general too :)
Re: Sovereignty issues and Palladium/TCPA
at Friday, January 31, 2003 2:18 AM, Peter Gutmann [EMAIL PROTECTED] was seen to say: schnipp More particularly, governments are likely to want to explore the issues related to potential foreign control/influence over domestic governmental use/access to domestic government held data. In other words, what are the practical and policy implications for a government if a party external to the government may have the potential power to turn off our access to its own information and that of its citizens. And indeed - download patches silently to change the disable functionality to email anything interesting directly to the CIA functionality.
Re: the news from bush's speech...H-power
at Wednesday, January 29, 2003 11:18 PM, Bill Frantz [EMAIL PROTECTED] was seen to say: Back a few years ago, probably back during the great gas crisis (i.e. OPEC) years, there were a lot of small companies working on solar power. As far as I know, they were all bought up by oil companies. Of course, only a paranoid would think that they were bought to suppress a competing technology. Actually, Oil companies are all in favour of competing technologies - provided they get to control them. Solar may be an exception though; wind is ok as the massive installations, land usage permissions and nature of the output fluctuations mean you really can't start off small (they are fine to feed into a large system where the overall average would be fairly level, though) but solar is just too easy to reduce down to individual installations in individual homes or businesses; only technologies that permit a service based business model (delivery of electricity and/or production of fuels that can't be done without massive plant) are encouraged :(
Re: [IP] Open Source TCPA driver and white papers (fwd)
at Friday, January 24, 2003 4:53 PM, Mike Rosing [EMAIL PROTECTED] was seen to say: Thanks Eugen, It looks like the IBM TPM chip is only a key store read/write device. It has no code space for the kind of security discussed in the TCPA. The user still controls the machine and can still monitor who reads/writes the chip (using a pci bus logger for example). There is a lot of emphasis on TPM != Palladium, and TPM != DRM. TPM can not control the machine, and for DRM to work the way RIAA wants, TPM won't meet their needs. TPM looks pretty useful as it sits for real practical security tho, so I can see why IBM wants those !='s to be loud and clear. Bearing in mind though that DRM/Paladium won't work at all if it can't trust its hardware - so TPM != Paladium, but TPM (or an improved TPM) is a prerequisite.
Re: Singularity ( was Re: Policing Bioterror Research )
at Tuesday, January 07, 2003 1:14 AM, Michael Motyka [EMAIL PROTECTED] was seen to say: financial resources, other than those that pass through verified identity gatekeepers; That's an odd way to spell Campaign Fund Contributing Corporations
Re: Libel lunacy -all laws apply fnord everywhere
at Tuesday, December 17, 2002 5:33 AM, the following Choatisms were heard: Nobody (but perhaps you by inference) is claiming it is identical, however, it -is- a broadcast (just consider how a packet gets routed, consider the TTL for example or how a ping works). ping packets aren't routed any differently from non-ping packets - they bounce up though your ISPs idea of best route to the recipient's ISP, who then use their idea of best route to the target (leaving aside the via IP flag). The reply bounces up their ISP's idea of best route to your ISP, and down though your ISP's best route to you. There isn't a sudden wave of ping packet travelling out across the internet like a radar pulse, and reflecting back to you - it is a directed transfer of a single discrete packet. The best analogy (made by someone else here earlier) is a telephone call; each call follows a routing path defined by the phone company's best idea of pushing comms one step closer to the destination at that time; it may be that a longer route (bouncing via a third country to get to a second, rather than using the direct line) has a lower cost due to the usage at that time, so that route is used.
Re: CNN.com - WiFi activists on free Web crusade - Nov. 29, 2002 (fwd)
at Monday, December 02, 2002 8:42 AM, Eugen Leitl [EMAIL PROTECTED] was seen to say: No, an orthogonal identifier is sufficient. In fact, DNS loc would be a good start. I think what I am trying to say is - given a normal internet user using IPv4 software that wants to connect to someone in the cloud, how does he identify *to his software* the machine in the cloud if that machine is not given a unique IP address? few if any IPv4 packages can address anything more complex than a IPv4 dotted quad (or if given a DNS name, will resolve same to a dotted quad) The system can negotiate whatever routing method it uses. If the node doesn't understand geographic routing, it falls back to legacy methods. odds are good that cloud nodes will be fully aware of geographic routing (there are obviously issues there though; given a node that is geographically closer to the required destination, but does not have a valid path to it, purely geographic routing will fail and fail badly; it may also be that the optimum route is a longer but less congested (and therefore higher bandwidth) path than the direct one. For a mental image, imagine a circular cloud with a H shaped hole in it; think about routing between the pockets at top and bottom of the H, now imagine a narrow (low bandwidth) bridge across the crossbar (which is a high cost path for traffic). How do you handle these two cases?
Re: Psuedo-Private Key -Methodology
at Thursday, November 21, 2002 2:26 PM, Sarad AV [EMAIL PROTECTED] was seen to say: 'A' uses a very strong crytographic algorithm which would be forced out by rubber horse cryptanalysis Now if Aice could give another key k` such that the cipher text (c) decrypts to another dummy plain text(D) the secret police gets to read the dummy plain text(D) using the surrendered key k` without compramising the real plain text(P). Depends on what (c) looks like and how it is obtained. if it is a random jumble of characters (like a scramdisk) then you might get away with claiming a key 'k is the otp key for it (and of course given (c) and the required plaintext, 'k is trivial to construct) if (c) is self-evidently in the format of a known encryption package (pgp, smime, lots of others) then your attackers are not going to believe they are really OTP encrypted if the message is intercepted, not sniffed (ie, you never receive a copy yourself) then you cannot construct 'k
Re: What email encryption is actually in use?
at Monday, November 04, 2002 2:28 AM, Tim May [EMAIL PROTECTED] was seen to say: Those who need to know, know. Which of course is a viable model, provided you are only using your key for private email to those who need to know if you are using it for signatures posted to a mailing list though, it just looks silly. You, I've never seen before. Even if you found my key at the Liberal Institution of Technology, what would it mean? it would at least give us a chance to check the integrity of your post (what a sig is for after all) and anyone faking your key on the servers would have to prevent you ever seeing one of your own posts (so that you can't check the signature yourself) Parts of the PGP model are ideologically brain-dead. I attribute this to left-wing peacenik politics of some of the early folks. The Web-of-Trust model is mildly broken - all you can really say about it is that it is better than the alternatives (X509 is not only badly broken, but badly broken for the purpose of hierachical control and/or profit) In the current case, one reason to sign important posts is to establish a pattern of ownership for posts, independent of real-world identity. If I know that posts a,b c sent from nym x are all signed, I will be reasonably confident that key y is owned by the normal poster of nym x. that I don't know who that is in meatspace is pretty irrelevant. Where both systems break down is when trying to assert that key y is tied to anything but an email address (or possibly a static IP). There is little to bind a key to anything or anyone in the real world, unless you meet in person, know each other reasonably well (if only via third parties that can identify you both) and exchange fingerprints. in fact, WoT is simply an attempt to automate this process offline, so that you can be introduced to someone by a third party without all three of you having to meet; you still have to make a value judgement based on how sure you are about the third party's reliability and how confident they seem about the identity of x - however in the real world, both of those are vague, hard-to-define values and in the WoT they are rigid (you have a choice of two levels of trust for an introducer, and no way to encode how much third parties should rely on your identification)
Re: What email encryption is actually in use?
at Monday, November 04, 2002 3:13 PM, Tyler Durden This is an interesting issue...how much information can be gleaned from encrypted payloads? Usually, the VPN is an encrypted tunnel from a specified IP (individual pc or lan) to another specified IP (the outer marker of the lan, usually the firewall/vpn combo box but of course that function can be split if needs be) sniffers can usually catch at least some of the initial login - normally a host name or user name is passed unencrypted as part of the setup - but any actual mail traffic will be indistinguishable from any other traffic; it is encapsulation of IP packets in an outer encrypted wrapper. similar statements can usually be made for Zeb, SSH and other similar tunnels - each encapsulates a low level (almost raw in the case of strict tunnels like zeb or ssh) packet passing tunnel in a crypto skin.
Re: Office of Hollywood Security, HollSec
at Saturday, October 26, 2002 1:18 AM, Tim May [EMAIL PROTECTED] was seen to say: Yes, but check very carefully whether one is in violation of the anti-hacking laws (viz. DMCA). By some readings of the laws, merely trying to break a cipher is ipso fact a violation. IIRC, you can't be arrested for cracking a cypher unless that cypher is in use to protect a copyrighted work
Re: The Register - UK firm touts alternative to digital certs (fwd)
at Monday, October 21, 2002 3:14 PM, Trei, Peter [EMAIL PROTECTED] was seen to say: I'd be nervous about a availability with centralized servers, even if they are triple redundant with two sites. DDOS attacks, infrastructure (backhoe) attacks, etc, could all wreck havoc. Indeed so, yes. I suspect (if it ever takes off) that they will have to scale their server setup in pace with the demand, but to be honest I think 600/sec is probably quite a high load for actual payments - we aren't talking logins or web queries, but actual real-money-payment requests. I suspect that, if it became the dominant payment method for amazon or ebay, they would need a much more hefty server, but at this stage I suspect a heavy load would be two auths per second :)
Re: The Register - UK firm touts alternative to digital certs (fwd)
at Monday, October 21, 2002 4:20 PM, Eric Murray [EMAIL PROTECTED] was seen to say: Looking at their web site, they seem pretty generic about what it's for, but I did not see any mention of using it for payments. So I assume it's for logins. well, I was working from: The Quizid registry The Quizid registry is a database that translates the customer profile information required to facilitate secure online payment. Once a customer has been authenticated by the Quizid vault, the payment transaction is completed between the registry and the acquiring bank using the appropriate payment protocols. The bank then performs the necessary clearing between acquirers and issuers. As well as storing credit and debit card details the registry can be used to securely hold any personal information you would rather not enter over the Internet. So you can pre-load your delivery address, details of loyalty cards or even your seating preference for airline tickets. As well as being more secure this makes shopping online faster and simpler as you don't have to enter in the same information time after time. plus the two of their demo sites I checked offer it only as a checkout payment option. They do say that their servers are benchmarked at 300 transactions/sec. That's pretty darn slow for single des. Not sure that 1Des is the bottleneck. From my (perhaps incorrect) idea of the process: 1. user checks out with QuizID code 2. Website opens link to QuizID and presents *its* credentials 3. QuizID checks database, confirms valid login for the website 4. Website presents user ID and Quizid code 5. QuizID checks database, verifies that QuizID code was recently generated, the sequence number is in a reasonable range, and that the user hasn't closed his account or something 6. QuizID returns to Website any site-specific data held in its registry for that Website+Customer pair, plus any data that the user has marked of general accessability (such as delivery address) 7. Website requests payment of $amount 8. QuizID retrieves bank details from database for user, signs onto merchant services, and gets a authorization for the amount; signs on again and commits the payment; gets the account details for the Website owner from the database; signs on to the merchant services *again* and makes a payment of equal amount (presumably minus their fees) into the Website owner's account 9. QuizID sends a success (or fail) message to the Website there are probably enough individual comms and database lookup tasks there to slow things down quite a bit, even leaving aside the crypto aspects.
Re: commericial software defined radio (to 30 Mhz, RX only)
at Thursday, October 17, 2002 4:54 AM, Morlock Elloi Also, if regular cheapo PC sounboards can digitize 30 MHz (and Nyquist says this requires 60 MHz sampling rate) then some product managers need ... flogging. If I am reading this correctly, they don't need to - a fixed-frequency first mixer bandshifts a frequency block down to khz (with presumably a bandpass filter for selectivity), and the soundcard samples down in the ranges it is designed for. I could be reading it wrong though, DSP is nowhere near being my field :)
Re: One time pads
at Wednesday, October 16, 2002 6:13 PM, Bill Frantz [EMAIL PROTECTED] was seen to say: OTP is also good when: (1) You can solve the key distribution problem. Its certainly usable provided key distribution isn't an issue - if it is also worth the trouble and expense is another matter. (2) You need a system with a minimum of technology (e.g. no computers) it certainly does shine in this context - few decent encryption methods can be done with pencil and paper, and certainly by protecting the key with extra (discarded) characters, you can make the key document look innoculous indeed. Of course, indicating those characters then becomes a problem (unless you use some simplistic scheme like the second and second from last characters of each word in a specified book, but the odds of a random distribution from such is low)
Re: XORing bits to eliminate skew
at Thursday, October 17, 2002 4:38 PM, Sarad AV [EMAIL PROTECTED] was seen to say: He wanted to know how I was able to do XOR on P(0) and P(1) when xor is defined only on binary digits. you don't. P(x) is a probability of digit x in the output. ideally, P(0)=P(1)=0.5 (obviously in binary, only 0 and 1 are defined, so they are the only two possible outcomes. Now assume that one output (1 say) is more probable than the other. If this is true, you can define some value of probability (e) that is the amount a given outcome is more or less probable than the ideal. Now add a second bit. assume that the bits are (i) and (ii) so we know that the probability of (i) being 1 is 0.5-e and and being 0 is 0.5+e (there isn't a bias btw in that notation - e could be negative) so all the possible combinations are P(i=1, ii=1) =(0.5-e)(0.5-e) P(i=1, ii=0) =(0.5-e)(0.5+e) P(i=0, ii=1) =(0.5+e)(0.5-e) P(i=0, ii=0) =(0.5+e)(0.5+e) but of course if you XOR (i) and (ii) together, then (i=1, ii=1) = 0 (i=1, ii=0) = 1 (i=0, ii=1) = 1 (i=0, ii=0) = 0 collecting identical outputs allows you to say P(0)=P(i=1, ii=1)+P(i=0, ii=0) = (0.5-e)(0.5-e)+(0.5+e)(0.5+e) P(1) P(i=1, ii=0) + P(i=0, ii=1) = (0.5-e)(0.5+e)+(0.5+e)(0.5-e) reducing P(0) as in the example you gave gives you the probability of P(0) being 0.5+(2*(e^2)) so the answer is - you don't ever apply XOR to anything but binary - you do straight algebraic math on the *probabilities* of a given output (0 or 1)
Re: One time pads
at Wednesday, October 16, 2002 7:17 PM, David E. Weekly [EMAIL PROTECTED] was seen to say: As for PKI being secure for 20,000 years, it sure as hell won't be if those million-qubit prototypes turn out to be worth their salt. I wasn't aware they even had a dozen-qbit prototypes functional yet - but even so - assuming that each qbit is actually a independent complete machine (it isn't - you need to build a machine bigger than one bit) and you had a million-unit module built - this would be equivilent to building one million (2^20, I'll be generous and give you the extra few thousand) machines each able to cross-check their results instantly (so identify if one of the million has a correct answer) This will mean you can brute force a key as though it were 20 bits shorter in keylength. even assuming you can use the usual comparison (3Kbit RSA=128 bit symmetric) this leaves you the equivilient of a 108 bit key to break - and even assuming a quantum virtual machine ran as fast as a real world one, that would take a while. Of course, if you have a machine that will break a 108 bit key in under a hundred years, I am sure the NSA would like to make you an offer.. I can't remember the last time I used an asymmetric key as small as 3Kbits. my current key is 4K and has been for some years, and my next will probably be 6K just to be sure.
Re: One time pads
at Wednesday, October 16, 2002 2:01 PM, Sarad AV [EMAIL PROTECTED] was seen to say: Though it has a large key length greater than or equal to the plain text,why would it be insecure if we can use a good pseudo random number generators,store the bits produced on a taper proof medium. because you have replaced a OTP (provably secure) with a PRNG stream cypher (only as secure as the PRNG). he isn't saying that stream cyphers can't be secure - just that they aren't OTP. There is also no point in distributing the output of a PRNG as a tamperproof tape - you just run the PRNG at both sides, in sync. if you use a *real* RNG, then you can do the tape disribution thing and it *will* be a OTP - but its the tape distribution that is the difficult bit (as he points out in the article) why do we always have to rely on the internet for sending the pad?If it is physically carried to the receiver we can say for sure if P or R is intercepted. two obvious points are 1. it isn't aways possible to ensure secure delivery - if a courier is compromised or falls asleep and the tape is substituted with another, a mitm attack can be made transparently. 2. if the parties are physically remote, they may not have time to exchange tapes securely; unless there is a airplane link directly or indirectly between the sites, it may be days or weeks in transit. can some one answer the issues involved that one time pads is not a good choice. OTP is the best choice for something that must be secret for all time, no matter what the expense. anything that secure for 20,000 years will be sufficient for, go for PKI instead :)
Re: UK Censors, Shayler, Bin Laden
at Saturday, October 12, 2002 2:01 AM, Steve Furlong [EMAIL PROTECTED] was seen to say: On Thursday 10 October 2002 13:13, Tim May wrote: There are two advantages of web-based discussion fora over usenet: propagation time and firewalls. Not sure about that - propagation time is a issue of course, but a web interface to nntp isn't that hard (dejanews offered it for years) and the propagation issue is fixed only by limiting the web forum to a single server or local cluster of servers - if you were setting up a web-based interface anyhow, you could get all the benefits of a single server node while not preventing users not using the web interface from participating. yes, NNTP submissions from other usenet servers might take a while to propagate to the Master server (or vice versa) but that wouldnt' affect the web interface users amongst themselves or indeed, anyone using nntp directly to that server. On the other hand, few discussions are so urgent that they need near-real-time reparte, and participants shouldn't be cruising usenet from work. depends on the forum. there are groups I *only* read at work - technical ones of course, related to my job. Usenet is a resource, and at times a good one (provided you can live with the low signal-to-noise ratio). More generally, I've been watching the migration of many discussion groups over to Web-based forums (or fora). Usually the migration does not improve the discussion...it just puts dancing ads and cruft all over the pages. probably more to the point - *profit-making* dancing ads. Something like...Google? You can't count on their sweep schedule, but it does most of what you're looking for. deja-google is ok, but a lot of the more interesting threads include x-no-archive headers (which google respects, and rightly so) somewhere in them, so you have gaps...
Re: Echelon-like...
Trei, Peter [EMAIL PROTECTED] wrote: It was Sweden. They didn't really have an excuse - over a year earlier, Lotus announced their International version with details of the Work Factor Reduction Field at the RSA Conference. I immediately invented the term 'espionage enabled' to describe this feature, a term which has entered the crypto lexicon. Indeed so, yes - If my memory isn't failing me though, their excuse was that the lotus salesdroid they had awarded the contract to hadn't disclosed it to them in his bid and in fact, the original tender had specified *secure* encryption, not *secure, except for the american spy industry*. I don't know enough sweedish to even attempt a google on it though :)
Re: Echelon-like...
I assume everyone knows the little arrangement that lotus reached with the NSA over its encrypted secure email? I'm new here, so do tell if I am wrong. Are you referring to the two levels of Encryption available in Bogus Notes? More or less, yes. Lotus knew nobody would buy a 40 bit version of their crypto, so there is a two-level encryption all right, but not along those lines - in the export version, some of the session key is encrypted using a PKI work reduction factor key in the message header; this section of header is important, as lotus gateways won't accept messages that have had it disturbed. by decoding this block, the NSA have the actual keysize they need to block reduced to the legal export level of 40 bits; one government found this out *after* rolling it out to all their billing and contract negotiation departments... belgum or sweden by memory . Lotus thought it would be ok if only the NSA (and other US government orgs) could break the key, rather than letting everyone have an equal chance (and indeed, letting their customers know their crypto was still only 40 bit vs USA intel agencies) Still, even the domestic version was only 64 bits, which is painfully small even by the standards of the day. certainly, even strong lotus could have been crackable by the NSA, who after all own their own fab plant to make custom VLSI cracking chips.
Re: Echelon-like...
On Wednesday, October 9, 2002, at 07:28 PM, anonimo arancio wrote: The basic argument is that, if good encryption is available overseas or easily downloadable, it doesn't make sense to make export of it illegal. Nope. The biggest name in software right now is Microsoft, who wasn't willing to face down the government on this. no export version of a Microsoft product had decent crypto while the export regulations were in force - and the situation is pretty poor even now. If microsoft were free to compete in this area (and lotus, of notes fame) then decent security *built into* the operating system, the desktop document suite or the email package - and life would get a lot, lot worse for the spooks. I assume everyone knows the little arrangement that lotus reached with the NSA over its encrypted secure email?
Re: What email encryption is actually in use?
at Tuesday, October 01, 2002 6:10 PM, James A. Donald [EMAIL PROTECTED] was seen to say: Not so. It turns out the command line is now different in PGP 6.5.8. It is now pgp -sta to clearsign, instead of pgp -sa. (Needless to say the t option does not appear in pgp -h *nods* its in the 6.5 Command Line Guide, but as identifies the input file as a text file The CLG is the best reference for this though - as it explictly lists sta as the correct option in section Ch2Common PGP FunctionsSigning MessagesSign a plaintext ASCII file. I could email you a copy of the PDF of that (its about 500K) if you wish. The clearsigning now seems to work a lot better than I recall the clearsigning working in pgp 2.6.2. They now do some canonicalization, or perhaps they guess lots of variants until one checks out. its canonicalization - again according to the CLG (CH3Sending ASCII text files to different machine environments) Perhaps they hid the clear signing because it used not to work, but having fixed it they failed to unhide it? its just an evolution. IIRC the command line tool was based at least partially on the unix version of pgp, which always had different command line switches. It would be nice if behaviour was more backwards compatable, but they *did* document it in the official M that you should RTF :)
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- at Tuesday, October 01, 2002 9:04 PM, Petro [EMAIL PROTECTED] was seen to say: Well, it's a start. Every mail server (except mx1 and mx2.prserv.net) should use TLS. Its nice in theory, but in practice look how long it takes the bulk of the internet to install urgent patches - how long is it going to take to get people to install an upgrade to privacy that actually causes more problems for them? Besides the core here is that 1) everyone with a server enroute can read the mail 2) you are relying on every other link in the chain to protect your privacy clientside crypto fixes both these problems, reduces the total crypto load on the chain (encryption/decryption is only ever done once) and allows use of digital signatures. Once you start using it, it becomes part of hte pattern by wich other people identify you. Exactly the intention, yes :) Just for the sake of it (anyone who cares will have seen my signature enough times by now) I will sign this one :) -BEGIN PGP SIGNATURE- Version: PGP - Cyber-Knights Templar iQIVAwUBPZqzpWDKt9Hjj5SVAQFlwA//cQYGFRb3sJEM695lWJ+rUhymcS5lTSEV vG3eRUvxpbhLcAS+QsdMXX3pDlu60UzOhxubpQch9E59yE/+uaeU+5AzkfDQjc2q jQ8SppCqf56+uevoZlH1RiKkBT6Hx7ctPimEIlq3FXWsaqA3ocPVghZwFhMaxA1G twCtBxR7Q3y6VePzCzeealx7TDgcoS7hoBKNTsueAIWd/9xB9JYjFvS8OecOMdZG B+yvSLHZn1YJG62JfZ8EWXr1xKh5BZxdRVxLVzhaumtyAFr2hCDQffDiz5UtyGSa JdMoJAzmZZZ5EvcHc0rMDVs5BiDr5/EaSU+xecPz/YxY4BWxGFprqsRi7IapTkb1 26zgJQ4miGylFlmZM30cxKYudi5PdSJ4VUWpuoHRg9clZlH9KzC7f0suYAnACDXC bzr5Fgp3+bvRnziMD65NT4G1hxA5pYPl+4IudVSKcaMsHLWSTE8Lnf0US283MdeR VXKbINvyEr0p0zrl7lVmHZbmuLjdUHrgAoyQEKcaMelE+Q8suXynDYtSV7LCfdAE CjKBz2RxAiNhi1vAq6NuFOMx+R9c23Sxg2uUUbpYeRbl5fPbjamDzIhK2ccNNmpU euuWj3O9e6YMtW0KPezYbJ/9fMMkOAv3KnfdeAgcjSnipMqVvqgJ4sWil3gfUADY X0TKznTghWs= =3uOF -END PGP SIGNATURE-
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- at Tuesday, October 01, 2002 9:04 PM, Petro [EMAIL PROTECTED] was seen to say: Well, it's a start. Every mail server (except mx1 and mx2.prserv.net) should use TLS. Its nice in theory, but in practice look how long it takes the bulk of the internet to install urgent patches - how long is it going to take to get people to install an upgrade to privacy that actually causes more problems for them? Besides the core here is that 1) everyone with a server enroute can read the mail 2) you are relying on every other link in the chain to protect your privacy clientside crypto fixes both these problems, reduces the total crypto load on the chain (encryption/decryption is only ever done once) and allows use of digital signatures. Once you start using it, it becomes part of hte pattern by wich other people identify you. Exactly the intention, yes :) Just for the sake of it (anyone who cares will have seen my signature enough times by now) I will sign this one :) -BEGIN PGP SIGNATURE- Version: PGP - Cyber-Knights Templar iQIVAwUBPZrB22DKt9Hjj5SVAQF3eBAAh8RK5LgLIPv8JhBwX6kdj2x0c6NsrtdA xiH45Zb+bCNO07ac07n+qyKRZ5UiTGjekjQXjnSOczDFUgCyUymexqif7SnDZ04P S/55rQ31wfUWNRVrO/ULjdq4TVYHMsAUFKhrYgwvYyqJNOg2C+sBwgNsLM3gedm2 R0KRY6pO/wqpVsvki3c27h7wszfvCkmsRrqtuKTwktm23XdbmAs+21YWbThbqc3Y r1gtmH8QrJuUzhPXfE/L104reFo5yi2BMuY/ac1G7uXNc+6yAhy61q4z0v17OMcS glEASE0AO+XrtYFfq/3VXk1SN5S3x44GazHvKo9NgqpJn8pvoNq9TsXhXIa9c1/u hchVahwsuZ6rooMxur8ekLP86zTn8mfI+lFKd1n+LuFzcVbzezzKRH3PM+TjDMTF p0TzHsrDOeUkrYJ2ImznpJ1019oDPBVvDCwRyCqOeLZ9MvARTXLtO9gwjt1NAh2E h7WBYhQyMdlKeUMh6mUwIG7DOoitOnf/mQkmQWybPK7NT2tOhx9uHEWE92iWUxc+ AQF4UywdSvFpTskVBkQIQESsYWGs92A350zEapogB2+cDJxytqtRDN2mLGG6tPPt u+60lj65OQUdc0D91e2W3yif9mF7ul3aztt2Ca5qziyMRVwnoceSwbejDyr1fZLO 8MgGBffIDis= =jz44 -END PGP SIGNATURE- resent - with broken line wrap fixed. damned lousy MS email client :) Next time I *check* first before sending and don't look so clueless in a worldwide list :)
Re: What email encryption is actually in use?
at Wednesday, October 02, 2002 3:13 AM, Peter Gutmann [EMAIL PROTECTED] was seen to say: As opposed to more conventional encryption, where you're protecting nothing at any point along the chain, because 99.99% of the user base can't/won't use it. That is a different problem. if you assume that relying on every hop between you and your correspondent to be protected by TLS *and* the owner of that server to be trustworthy (not only in the normal sense, but resistant to legal pressure, warrants from LEAs and financial incentives from your competitors) then you are in for a rude awakening at some point. S/Mime isn't wonderful, but it is built-in to the M$oft email packages and you can trivially generate a key *for* your correspondents to be delivered to them out-of-band. installing is double-clicking a file, and decryption automatic. More security aware users will obviously want their own, a key from a recognised CA or prefer pgp, but that is upgrades to the basic security you can provide by five minutes work with a copy of OpenSSL. In any case most email is point-to-point, which means you are protecting the entire chain (that is, if I send you mail it may go through a few internal machines here or there, but once it hits the WAN it's straight from my gateway to yours). Depends on the setup. Few home users can afford always-up connections, and most dialup ranges are blocked from direct delivery anyhow. the typical chain goes Sender--Sender's ISP--Recipient's ISP--Mailspool--Recipient for a corporate user, a typical chain might go Sender--sender's internal email system--sender's outbound gateway--recipient's firewall--recipients inbound gateway--recipient's email system--recipient assuming *everyone* at both companies is trustworthy (or IT is on the ball and preventing sniffers from running on their lans; I will pause while everyone laughs and then drafts replies pointing out that is impossible) then you can get away with TLS-protecting just the link gateway--firewall. Yes, crypto should be transparent and enabled *by default* in those M$ corporate products; no, the US government wasn't (and still isn't even under the more relaxed regime) willing to wear on-by-default unbreakable, easy crypto in mass-market products.
Re: What email encryption is actually in use?
at Monday, September 30, 2002 7:52 PM, James A. Donald [EMAIL PROTECTED] was seen to say: Is it practical for a particular group, for example a corporation or a conspiracy, to whip up its own damned root certificate, without buggering around with verisign? (Of course fixing Microsoft's design errors is never useful, since they will rebreak their products in new ways that are more ingenious and harder to fix.) Yup. In fact, some IPSec firewalls rely on the corporate having a local CA root to issue keys for VPN access. from there it is only a small step to using the same (or parallel issued) keys for email security. The problem there really is that the keys will be flagged as faulty by anyone outside the group (and therefore without the root key already imported), and that will usually only work in a semi-rigid hierachical structure. There *is* an attempt to set up something resembling a Web of trust using x509 certificiates, currently in the early stages at nntp://news.securecomp.org/WebOfTrust I intended to sign this using Network Associates command line pgp, only to discover that pgp -sa file produced unintellible gibberish, that could only be made sense of by pgp, so that no one would be able to read it without first checking my signature. you made a minor config error - you need to make sure clearsign is enabled. I suggest that network associates should have hired me as UI design manager, or failing, that, hired the dog from down the street as UI design manager. It's command line. Most cyphergeeks like command line tools powerful and cryptic :)
Re: What email encryption is actually in use?
at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann [EMAIL PROTECTED] was seen to say: For encryption, STARTTLS, which protects more mail than all other email encryption technology combined. See http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix02_slides.pdf (towards the back). I would dispute that - not that it isn't used and useful, but unless you are handing off directly to the home machine of the end user (or his direct spool) odds are good that the packet will be sent unencrypted somewhere along its journey. with TLS you are basically protecting a single link of a transmission chain, with no control over the rest of the chain. For signing, nothing. The S/MIME list debated having posts to the list signed, and decided against it: If I know you, I can recognise a message from you whether it's signed or not. Signing has a limited application - I wouldn't use it routinely other than to establish an association (key--poster) early in a conversation, and then omit it except for things whose source *I* would want verified if I was receiving it. It is unusual for me to use a sig outside of encrypt+sign. If I don't know you, whether it's signed or not is irrelevant. Depends on the definition of know. If a poster had a regular habit of posting at least one signed message every week, and had never protested that the sigs were faked, then you could assume that the poster whose sig just cleared is the same as the poster who has been posting for that time period - mapping that to any real-world individual is more problematic, but mostly you don't need to. There are plenty of people I only know online from email exchanges, and in some cases am not even sure what sex they are :)
Re: Best Windows XP drive encryption program?
at Monday, September 23, 2002 10:35 PM, Curt Smith [EMAIL PROTECTED] was seen to say: http://www.drivecrypt.com/dcplus.html DriveCrypt Plus does everything you want. I believe it may have descended from ScramDisk (Dave Barton's disk encryption program). As an aside - Dave Barton? Shaun Hollingworth was the author of SD as far as I know. I can't remember exactly, but seem to recall Dave Barton did a delphi wrapper around some of the SD function calls...
Re: Virtuallizing Palladium
Ben Laurie [EMAIL PROTECTED] was seen to declaim: Albion Zeglin wrote: Similar to DeCSS, only one Palladium chip needs to be reverse engineered and it's key(s) broken to virtualize the machine. If you break one machine's key: a) You won't need to virtualise it b) It won't be getting any new software licensed to it I would think it would be more likely to match the mod chips that address this very issue in the Gaming world - a replacement chip that tells the OS yeah, everythings ok even when it isn't :)
Re: When encryption is also authentication...
Mike Rosing [EMAIL PROTECTED] wrote: Having it be transparent where the user doesn't need to know anything about how it works does not have to destroy the effectiveness of digital signatures or crypto. When people sign a document they don't know all the ramifications because few bother to read all of any document they sign - most of it won't apply as long as you keep your part of the bargin, so why bother? Partially agreed - a user doesn't have to know *how* it works, but must have to take a positive step (eg, type in a password, answer yes to a are you really sure you want to do this message, that sort of thing) for it to be binding under most e-sig legislation. However, the law of contract assumes every dotted i and crossed t is read and fully understood to the full measure of the law. Enough people get caught out this way each year (they find the contract they signed isn't what they negotiated but (eg) binds them to a full term of service (say, two years) when they wanted a three month trial... There is a balance to be had here. it should be impossible for a random user to walk up to their powered off pc, power it on, then sign a document. It should be extremely difficult for a random user to walk up to a pc that has been left logged on (but which hasn't been used to sign documents for five minutes or so) and sign a document; it should be easy for the user to sign a large number of documents in rapid succession, without having to type in a complex password every single time. If this involves remembering the password for a specified idle time, or using a smartcard to auth (rather than a manual password or in addition) that the user can remove when he takes a coffee break then fine - but whatever you do must almost certainly use no other hardware than is already fitted to the machine, so a usb dongle could be ok for a home user but a credit-card style smartcard almost certainly won't be (although if anyone knows a decent floppy-adaptor for smartcards, I would love to know about it)
Re: When encryption is also authentication...
Mike Rosing [EMAIL PROTECTED] wrote: Having it be transparent where the user doesn't need to know anything about how it works does not have to destroy the effectiveness of digital signatures or crypto. When people sign a document they don't know all the ramifications because few bother to read all of any document they sign - most of it won't apply as long as you keep your part of the bargin, so why bother? Partially agreed - a user doesn't have to know *how* it works, but must have to take a positive step (eg, type in a password, answer yes to a are you really sure you want to do this message, that sort of thing) for it to be binding under most e-sig legislation. However, the law of contract assumes every dotted i and crossed t is read and fully understood to the full measure of the law. Enough people get caught out this way each year (they find the contract they signed isn't what they negotiated but (eg) binds them to a full term of service (say, two years) when they wanted a three month trial... There is a balance to be had here. it should be impossible for a random user to walk up to their powered off pc, power it on, then sign a document. It should be extremely difficult for a random user to walk up to a pc that has been left logged on (but which hasn't been used to sign documents for five minutes or so) and sign a document; it should be easy for the user to sign a large number of documents in rapid succession, without having to type in a complex password every single time. If this involves remembering the password for a specified idle time, or using a smartcard to auth (rather than a manual password or in addition) that the user can remove when he takes a coffee break then fine - but whatever you do must almost certainly use no other hardware than is already fitted to the machine, so a usb dongle could be ok for a home user but a credit-card style smartcard almost certainly won't be (although if anyone knows a decent floppy-adaptor for smartcards, I would love to know about it)
Re: Open-Source Fight Flares At Pentagon Microsoft Lobbies Hard Against Free Software
Microsoft also said open-source software is inherently less secure because the code is available for the world to examine for flaws, making it possible for hackers or criminals to exploit them. Proprietary software, the company argued, is more secure because of its closed nature. Presumably the contrast between this and their other recent declaration (that their code is so insecure releasing it would be a national security risk) doesn't occur to them? Or maybe they think the two compliment each other (eg look, our code is so insecure that we can't release it, and we can't believe anyone is any better than us, so theirs must be so insecure it can't be released too)
Re: Bad guys vs. Good guys
Nope, Usually credit card transactions are free for the payer Bullshit, they charge interest on the loans and such. You should read your credit card bills closer. Not sure if the rules are different over there then - after all, you add on extra charges to the ticket price when you reach the paypoint :) in the UK, almost all credit cards charge *no* interest at all on payments made with it provided you clear your balance when the bill comes in, and most charge no annual fee for usage either. A handling charge is applied if you use a cashpoint to withdraw money, but that is sensible as there there isn't a vendor to gouge :) The CC contract insists on no surcharge (to the customers) for CC payments ??? I guess the vendor who pays the fees to use credit cards just pulls the money out of thin air...not hardly. *shrug* I am not responsible for for your problems there. In my experience (limited to the uk, admittedly) card usage is free, and vendors are under a contractual obligation (and I know this because I have signed such a contract) to the CC swipe box supplier (the merchant account provider) not to add a surcharge for use of the card to pay; this leads to some strange situations, where companies will accept CCs to purchase goods, but will *not* accept them to pay bills. Mind you, if you wave a bundle of cash and mutter discount for cash payment? to a lot of companies, you can get a discount. but then, this is true *anyhow* particularly for payments over 100ukp to anything but the biggest of the high street names - and even then, usually a store manager has the discretionary power to apply discounts (usually booked as shop soiled (ie ex-display model) or manager's special promotion)
Re: Bad guys vs. Good guys
Jim Choate [EMAIL PROTECTED] gave us the benefit of the following opinion: It makes no sense to talk about 'cheapness of payment' from the recipients view. It costs them nothing to get paid (outside of whatever service or labor was involved in the exchange). You have your cognates reversed (ie payer v payee). Nope, Usually credit card transactions are free for the payer (provided they pay their bill at the end of the month) while a percentage of that money is lost if you are the payee to the credit card company (if it were a flat fee for the service, it could be a business expense; as it is, it is a cost of handling the payment). The CC contract insists on no surcharge (to the customers) for CC payments for the very good reason that most businesses would want to pass that handling fee onto the customer, and the CC company's business model wouldnt' survive that happening.
Re: Cypherpunks Europe
I don't think you get freelance IRA guys. Not with both kneecaps, anyway. might be surprised - donations from the states have apparently tailled off (having been the subject of a terrorist attack themselves they seem less willing to fund them) and they could do with the revenue - but you are probably better off talking with the dodgier firms in london - the prices will be better and they will do a more professional/painful job. The price improvement is because reusable sledgehammers are cheaper than having to dispose of a gun ;) L** G*** is a nice man. He wrote that the Cult of the Dead Cow were a bunch of barely literate mindless American teenage delinquents. If they lived in England they could possibly sue him for that :-) Maybe they could anyhow - juristiction shopping isn't exclusive to LG. In fact, I am sure half the list will chip in a tenner or so each to help out the legal fees ;)
Re: Cypherpunks Europe
On Sunday, April 28, 2002, at 07:32 AM, Jan Dobrucki wrote: Greetings, I've been reading the list for a while now, and what I find annoying is that there are mostly American news and little about what's happening in Europe. As little as I respect America, America is not all of the world. Come on Cypherpunks from Europe, make your presence noticed! Not sure about the rest of europe - but we have a targetted crypto list in the UK (UKCrypto, sensibly enough) so already have a forum for uk-specific issues. Thats not to say some of it wouldn't be better here - but I am sure our problems with Godfrey would bore you all to tears anyhow :)
Re: Two ideas for random number generation
Jim Choate [EMAIL PROTECTED] wrote: But that changes the game in the middle of play, the sequence of digits in pi is fixed, not random. You can't get a random number from a constant. Otherwise it wouldn't be a constant. PRNG output is fixed/repeatable too - that is a properly you *want* from a PRNG. any subset of the digits of pi is as close to RNG output as you would need to satisfy any entropy tests - unless you *knew* you had derived it from pi you couldn't distinguish it from a true random string of the same size. You can't stop them from using their tables. Slow them down, not stop them. You can't use that huge a seed, hardware limitations. They can match you. *shrug* given that adding a bit to the seed doubles the quantity of data they would have to cache in their tables, it can quickly become unworkable; the single-digit-of-pi formula is too slow to form a good stream cypher, but is otherwise ok; if you aren't constrained to matching a real world sequence (pi in this case) but are happy with *any* non-repeating but deterministic stream, you can probably find something much faster.
Re: Biometrics helping privacy: excerpt from Salon article on fo rensics
Peter Trei wrote: Encrypted files on a portable device that you keep with you would seem to be the best of all worlds. any of the usb mini drives can manage that - just set them to autorun Scramdisk Traveller and mount a SD volume from the device. just don't forget to dismount it before you remove the drive :)