Re: Thanks, Lucky, for helping to kill gnutella
From: AARG!Anonymous [EMAIL PROTECTED] An article on Salon this morning (also being discussed on slashdot), http://www.salon.com/tech/feature/2002/08/08/gnutella_developers/print.html, discusses how the file-trading network Gnutella is being threatened by misbehaving clients. In response, the developers are looking at limiting the network to only authorized clients: They intend to do this using digital signatures, and there is precedent for this in past situations where there have been problems: Alan Cox, Years and years ago this came up with a game If only there were a technology in which clients could verify and yes, Be sure and send a note to the Gnutella people reminding them of all you're doing for them, okay, Lucky? Now that is resorting to silly accusation. My copy of Peer to Peer (Oram, O'Reilly) is out on loan but I think Freenet and Mojo use protocols that require new users to be contributors before they become consumers. (Leaving aside that Gnutella seems doomed on scalability grounds.) Likewise the WAN shooter games have (partially) defended against cheats by making the client hold no authoritative data and by disqualifying those that send impossible traffic. (Excluding wireframe graphics cards is another matter.) If I were a serious gamer I'd want 2 communities - one for plain clients to match gaming skills and another for cheat all you like contests to match both gaming and programming skills. If the Gnuts need to rework the protocol they should do so. My objection to this TCPA/palladium thing is that it looks aimed at ending ordinary computing. If the legal scene were radically different this wouldn't be causing nearly so much fuss. Imagine: - a DoJ that can enforce monopoly law - copyright that expires in reasonable time (5 years for s/w ? 15 years for books,films,music... ?) - fair use and first sale are retained - no concept of indirect infringement (e.g. selling marker pens) - criminal and civil liability for incorrectly barring access in DRM - hacking is equally illegal for everybody - no restriction on making and distributing/selling any h/w,s/w If Anonymous presents Gnutella for serious comparison with the above issues I say he's looking in the wrong end of his telescope. -- ## # Antonomasia ant notatla.demon.co.uk # # See http://www.notatla.demon.co.uk/# ## - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Wild and Crazy: Interview with Palladium's Mario Juarez
From: [EMAIL PROTECTED] [EMAIL PROTECTED] writes: In other words, when the MB is fried because of some freak electrical surge, I'm screwed, because I can't put the HD into another machine and get the data off it? What's wrong with your backups? :-) This is like a problem Windows already has: if you move a disk onto different hardware, more often than not you can't boot because the wrong Hardware Adaptation Layer info is in the disk's boot sector. At least you can recover the data by mounting it as a second disk. What's wrong is the backups are presumably encrypted in a way that requires the cooperation of MS to read it on a machine other than the originator. I'm not at all likely to become US president but if I were I'd consider this an issue worth nuking Redmond for in office hours with no warning. -- ## # Antonomasia ant notatla.demon.co.uk # # See http://www.notatla.demon.co.uk/# ## - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Stegdetect 0.4 released and results from USENET search available
From: Jim Choate [EMAIL PROTECTED] I snipped several Cc:s. I download all of alt.anonymous.messages from the same news server that large numbers of people post and download child porn on. So the traffic analysis software has your link the first couple of days. Now all they've got to do is black bag your computers text editors and news readers...assuming they've got a motivation to expend the effort. The The effort to black bag computers of a few hundred people reading AAM is much more than the effort they spend getting their computers to read it regularly. Or post to it if they chose. next step is to compare messages you submit with messages others submit, So the TLAs also have to figure out which other ISP accounts and phone lines are also used by the guy they saw reading AAM. More work for them just to rule out AAM robots equipped with a few free ISP accounts. Cover traffic requires an interesting characteristic to be effective, one that most don't 'get'; it must be full on all the time. The vast majority of your expended effort is bogus. It must be independent of the true traffic volume but full on all the time is overkill. If an AAM robot posts exactly 50 messages a day that's plenty to cover as much anonymous communication as I could organise in my head. -- ## # Antonomasia ant notatla.demon.co.uk # # See http://www.notatla.demon.co.uk/# ## - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Forward Security Question
Anonymous asks: I have recently been reading about password-based authentication schemes, especially EKE and its variants. The papers I've read on EKE, DH-EKE, and SPEKE all refer to their perfect forward security, though I have been unable to find a formal definition of this property, or any detailed explanation of what this really means. Does the forward security refer to the fact that if Eve knows a K Alice and Bob used two weeks ago, she cannot assume either of their identities for a current transaction? Or does it mean that even if Eve knows the current K in use by Alice and Bob's session, she cannot impersonate either of them? Or does it mean something else? Can someone better explain how the forward security found in EKE/DH-EKE/SPEKE works? Is it the same for each EKE variant, or does it work differently for each? When a definition was sought in May 2000 it drew the reply: From: Jerome Etienne jetienne arobas.net On Thu, May 04, 2000 at 09:40:14AM -0400, Arnold G. Reinhold wrote: Can anyone point me to a good definition of Perfect Forward Security? In rfc2408 section 1.6.1 about ike, you can find one for perfect forward secrecy. Up to you to decide how relevant and good it is. Perfect Forward Secrecy: As described in [DOW92], an authenticated key exchange protocol provides perfect forward secrecy if disclosure of longterm secret keying material does not compromise the secrecy of the exchanged keys from previous communications. The property of perfect forward secrecy does not apply to key exchange without authentication. [DOW92]Diffie, W., M.Wiener, P. Van Oorschot, Authentication and Authenticated Key Exchanges, Designs, Codes, and Cryptography, 2, 107-125, Kluwer Academic Publishers, 1992. Destroying Diffie-Hellman key parameters gets you computational secrecy; not information-theoretic secrecy. An expired ID I have stored Using the SRP protocol as a key exchange method in Secure Shell makes no mention of PFS. -- ## # Antonomasia ant notatla.demon.co.uk # # See http://www.notatla.demon.co.uk/# ## - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: archives?
From: max curious [EMAIL PROTECTED] Hello, I remember there was a thread regarding cracking the enigma machine and how the code breakers did not want to consider the simplest cases and as a result it took several years longer to 'crack' it. I think it was an article, but where and when (and on which mailing list I saw it and precisely what it was about) I can not remember. I apologize for being so vague but if someone could point me to the archives of this list or point me to the correct email OR to the correct mailing list - that would be great. Sending grep enigma to [EMAIL PROTECTED] would have returned (among other things) [EMAIL PROTECTED] from: william knowles [EMAIL PROTECTED] Date: 23apr2001 Subject: Key to breaking Nazi code was in the patent office Keywords: 12: BRITAIN'S wartime codebreakers could have cracked the German Enigma 25: manufactured it, had offered the British Government commercial Enigma 33: thought, British codebreakers were working on the Enigma machine 37: after gaining vital help from the Poles. The Enigma machine looked 46: who broke Enigma. When they had a perfect opportunity to introduce a 57: Six months later, codebreakers made their first break into Enigma, and get [EMAIL PROTECTED] gets you the article. Use of the Subject: field for coderpunks or cryptography limits the search to one list instead of both. -- ## # Antonomasia ant notatla.demon.co.uk # # See http://www.notatla.demon.co.uk/# ## - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]