Cryptography-Digest Digest #614, Volume #9 Fri, 28 May 99 20:13:02 EDT
Contents:
Re: The BRUCE SCHNEIER Tirade (John Savard)
Re: Authenticating identity? ([EMAIL PROTECTED])
Re: Oriental Language Based Enryption ("Markku J. Saarelainen")
Re: Oriental Language Based Enryption ("Markku J. Saarelainen")
Re: alt.timestamp ("Jean Marc Dieu")
Re: Scramdisk cracked (SCOTT19U.ZIP_GUY)
Re: Scramdisk cracked (Sundial Services)
Re: alt.timestamp (Josh - Forward Observer for the Romathians)
Re: What good is hushmail? ([EMAIL PROTECTED])
Re: evaluation cryptographic algorithms (Dan)
Re: OTP Problems (Mario Lyken)
Re: Review of Scottu19 (David Hamilton)
Re: Review of Scottu19 (Derek Bell)
Re: The BRUCE SCHNEIER Tirade (Jerry Coffin)
Re: The BRUCE SCHNEIER Tirade (David Hamilton)
Re: Threatening SW ^besides^ Strong-Crypto (Steve Rush)
Re: OTP Problems (SCOTT19U.ZIP_GUY)
MORE CLUES TO SCOTT19U CONTEST (SCOTT19U.ZIP_GUY)
Re: OTP Problems (Steve Rush)
Re: What good is hushmail? ([EMAIL PROTECTED])
ScramDisk RED SCREEN: monitoring keystrokes - problem? ([EMAIL PROTECTED])
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (John Savard)
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The BRUCE SCHNEIER Tirade
Date: Fri, 28 May 1999 21:08:48 GMT
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote, in part:
> Actually Bruce stuck his foot in his mouth. He should now better than to
>spout the BS about a OTP since it is PROVABLE SECURE and Bruce
>knows it.
And an OTP requires a lot of key, and that _can_ be inconvenient in
some circumstances...and Bruce knows that too.
Oh, yes: and he also knows that while a true OTP is provably secure,
there are some people making stream cipher encryption products, and
calling them OTP systems when they aren't.
When he says things he knows are true, he isn't saying nonsense.
John Savard ( teneerf<- )
http://members.xoom.com/quadibloc/index.html
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Authenticating identity?
Date: Fri, 28 May 1999 21:35:16 GMT
Medical Electronics Lab <[EMAIL PROTECTED]> wrote:
: To change the subject, you mentioned time stamps.
: In the US we have WWV, a set of frequencies that send
: a clock signal from the NIST atomic clock. I think
: Canada has the same thing, do most other countries
: broadcast something similar? I would think it's easy
: to incorporate that as part of a security protocol.
Canada has CHU where the US has WWV, WWVH, and WWVL.
But even better is the time from a (relatively) inexpensive
GPS receiver. For under $200, you're guaranteed to be within
one or two seconds and to have a nice mapping gadget to boot.
Specialized GPS receivers can and do deliver accuracies on
the order of a few dozen nanoseconds, and very often are
used as secondary time standards to drive NTP servers. They
are, for all practical purposes, directly traceable to NIST
primary standards.
_Really_ cool gadgetry, and not at all expensive for that
they give you.
: Patience, persistence, truth,
And no end of frustration, much of the time.
--
Mike Andrews
Tired old sysadmin
[EMAIL PROTECTED]
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Subject: Re: Oriental Language Based Enryption
Date: Fri, 28 May 1999 17:14:16 -0700
Sometimes some of the most simple things are most complex ones. Cheers, Markku
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Subject: Re: Oriental Language Based Enryption
Date: Fri, 28 May 1999 17:13:15 -0700
You must understand that some of oriental cultures have existed for
thousands of years and some of ancient people such as Sun-Tzu are
followed today. Just go to the roots of intelligence ...
Has anybody ever applied Sun-Tzu practically to encryption...?
Cheers,
Markku
P.S. The world is ever changing and increasingly complex.
[EMAIL PROTECTED] wrote:
> > Well now you heard ... enlightening.. isn't it...?
>
> My life has changed dramatically :)
>
> Where did you here about such ciphers though?
>
> Tom
> --
------------------------------
From: "Jean Marc Dieu" <[EMAIL PROTECTED]>
Crossposted-To: alt.config
Subject: Re: alt.timestamp
Date: Fri, 28 May 1999 23:45:24 +0200
Brian Queen wrote in
<7imvjf$o8l$[EMAIL PROTECTED]>...
(...)
>Existing newsgroups such as alt.anonymous could be used for such
>purposes
>but the creation of a new group for this specific purpose would be
>beneficial.
It's a good idea but what prooves that you did not backdate the hash you're
posting on the newsgroup ???
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: Scramdisk cracked
Date: Fri, 28 May 1999 22:52:06 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>John Kennedy wrote:
>> > Unfortunately,
>> >chances are that a person who would decide to use 7 char
>> >passphrase would also limit themselved to the lower-case alphabet
>> >thus reducing the effective size of the phrase to 35 bits.
>>
>> And such a peson would probably use a password that would be cracked
>> by a dictionary attack in a second or two.
>
>
>Even the best-designed lock is no good with a bad key. We still live in
>a world where it is assumed that "your mother's maiden name" is somehow
>mysterious - when any fool can look it up on the Internet.
>
>A password as nonsensical but easy to remember as
>'dumdumDiddlypiddlytiddlyTum' would keep a password sniffer glurking
>along for a long time. Plus it's fun to type.
Actually since you posted this it would be added to a NSA list of possible
passwords. So I think it is safe to say this password SUCKS at this time
but it may have been good till you blabbled it.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
Date: Fri, 28 May 1999 14:16:34 -0700
From: Sundial Services <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Scramdisk cracked
John Kennedy wrote:
> > Unfortunately,
> >chances are that a person who would decide to use 7 char
> >passphrase would also limit themselved to the lower-case alphabet
> >thus reducing the effective size of the phrase to 35 bits.
>
> And such a peson would probably use a password that would be cracked
> by a dictionary attack in a second or two.
Even the best-designed lock is no good with a bad key. We still live in
a world where it is assumed that "your mother's maiden name" is somehow
mysterious - when any fool can look it up on the Internet.
A password as nonsensical but easy to remember as
'dumdumDiddlypiddlytiddlyTum' would keep a password sniffer glurking
along for a long time. Plus it's fun to type.
------------------------------
From: [EMAIL PROTECTED] (Josh - Forward Observer for the Romathians)
Crossposted-To: alt.config
Subject: Re: alt.timestamp
Date: Fri, 28 May 1999 22:03:33 GMT
On 28 May 1999 13:50:55 -0700, Brian Queen <[EMAIL PROTECTED]> wrote:
>
>alt.timestamp free, online Trusted Third Party for electronic media.
>
>Charter:
>
>Posting of nothing more than minimally sized digital signatures of
>electronically
>published information for the purposes of time stamping.
This is not an appropriate forum for this, use a web site.
--
Joshua B. Kramer, (Currently located - Bozo Bin) [EMAIL PROTECTED]
Knight of the Ancient Garter of Romath (WE ARE ALL ROMATH)
Don't try making me look like the fol, because you'll never succeed.
-Romath in <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: What good is hushmail?
Date: Fri, 28 May 1999 22:02:53 GMT
On a parallel subject to the implementation of hushmail; whether or not
the strong encryption is really that strong. I logged on and got an
account as soon as I heard about it, partly out of interest and partly
to have another anonymous email option. The way that random numbers
are generated seems suspect to me, though. Moving your mouse cursor
around in a box on the screen strikes me as a very non-random method,
and perhaps a weakness in the design. I think you would be able to
find strong similarities in each user's key, because the way that
the "random" numbers are generated is not sufficiently robust.
Willy-Yam
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Dan)
Subject: Re: evaluation cryptographic algorithms
Date: 28 May 1999 18:19:52 -0500
>>*Assuming* a cipher is "strong" simply because *we* cannot break it
>>means that if the cipher ever *is* broken in secret, we will *still*
>>assume that cipher is "strong" even while our information is being
>>harvested. That seems like a strange meaning for "strength."
>>
>>---
>>Terry Ritter [EMAIL PROTECTED] http://www.io.com/~ritter/
>>Crypto Glossary http://www.io.com/~ritter/GLOSSARY.HTM
>>
>
> It not strange if you are the NSA part of there success is to keep
>idots thinking they are using strong encryption when they are not.
>
>
>David A. Scott
The irony of this statement is too just for words.
-Dan
------------------------------
From: [EMAIL PROTECTED] (Mario Lyken)
Subject: Re: OTP Problems
Date: Fri, 28 May 1999 22:13:22 GMT
[EMAIL PROTECTED] (DJohn37050) wrote:
>OTP is provably secure. Why is it not used everywhere?
I'll bet the navies around the world use OTP's to communicate with their
ships. I can't think of a reason for using anything else.
--
"Mario Lyken" better known as [EMAIL PROTECTED]
01234 56789 <- Use this key to decode my email address.
Fun & Free - http://www.5X5poker.com/
------------------------------
From: [EMAIL PROTECTED] (David Hamilton)
Subject: Re: Review of Scottu19
Date: Fri, 28 May 1999 22:55:25 GMT
=====BEGIN PGP SIGNED MESSAGE=====
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
(snip)
>You are making statements
>you can't back up.
Words like 'pot', 'kettle', 'black' etc spring to mind.
David Hamilton. Only I give the right to read what I write and PGP allows me
to make that choice. Use PGP now.
I have revoked 2048 bit RSA key ID 0x40F703B9. Please do not use. Do use:-
2048bit rsa ID=0xFA412179 Fp=08DE A9CB D8D8 B282 FA14 58F6 69CE D32D
4096bit dh ID=0xA07AEA5E Fp=28BA 9E4C CA47 09C3 7B8A CE14 36F3 3560 A07A EA5E
Both keys dated 1998/04/08 with sole UserID=<[EMAIL PROTECTED]>
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
Comment: Signed with 2048 bit RSA key
iQEVAwUBN08dDMo1RmX6QSF5AQG9MAgAg9PdI0bIcNTY+66Ysi+4LkmMhP0ZgaJR
8ysHI5NrYcGeSE15MeGXc6TpGaeRhx3OBT5aydA24hZzBAcaGbDI3W282OoJenWc
UwwvA3G/mqA5LD+H2/PeiwryGhas6ObwNBA7h4apbpLac4tjXjHsW15Dt3CWL+Hz
aHEhhysQGZF110GZ6iwPd9QT+dN7tV9tZN7dpLHrmdYAv1YNayFbJjMapJF3jlEv
iQsVdePOxjJOqZI9/29PhvP7YS9MDGZPhTS0qSiFJ4bLlZX7W4xPUqvJFAb304jw
xWPq3W0lMLq4RRj4BL9B0xKQdtwhSuY5XutQu5MecXP1uouyNwTN6Q==
=hzwA
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Derek Bell)
Subject: Re: Review of Scottu19
Date: 28 May 1999 23:44:19 +0100
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) writes:
> I am not a C purist in case you could not figure it out. But I see C as a
>tool to help one write code. But only a modern lazy programmer would
>blindly code without giving the underlying machine some serious thought.
This misses the point entirely - he's talking about portability.
> Yes my program counts on the indianess of the machine but you must
>realize the goal was to make secure encryption for PC's I really could give a
>rats ass if the NSA can't get it to run fast on a CRAY using some stupid
>language like ADA.
It's not a matter of the NSA being involved, it's a matter of
a serious incompatibility of implementations.
Here's an example: Alice and Bob both decide to use SCOTT19. However,
Alice's machine is a high-endian, Bob's is a low-endian. As a result, neither
can decypher what the other encyphers. They get fed up and change to a system
that gives identical results for identical inputs on both machines.
Derek
--
Derek Bell [EMAIL PROTECTED] | Socrates would have loved
WWW: http://www.maths.tcd.ie/~dbell/index.html| usenet.
PGP: http://www.maths.tcd.ie/~dbell/key.asc | - [EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The BRUCE SCHNEIER Tirade
Date: Fri, 28 May 1999 16:52:04 -0600
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
[ ... ]
> I would go beyond that: When a cipher is used for real, even an
> expert has no way to know that it is being broken in secret and our
> information exposed and harvested.
Oh, I don't argue that at all. Ultimately, encryption basically falls
into two groups: those that have been broken, and those that haven't
yet, at least to a significant degree (e.g. a method of breaking IDEA
ten times faster than brute-force would clearly be a break, but by
itself an insignificant one).
> The advantage an expert has is the ability to identify particular
> ciphers which have been broken or are thought weak. But if the cipher
> has no known break (a common case for actual use), the expert is no
> more informed than any other user.
Right -- the problem is, that given a form of encryption such as was
being discussed, there are LOTS of pitfalls. He talked about getting
some semi-random input from the user, and using it as a seed in a PRNG
of some sort. Unfortunately, if he's written, for example, something
like a linear congruential generator, even if it's of high quality for
general-purpose use, it's almost certainly weak and useless for
encryption purposes. Even if he's used a general TYPE of generator
that could be useful, there are still lots of pitfalls.
Summary: the right question isn't "is this secure?" but "is there at
least some chance that this might be secure?"
------------------------------
From: [EMAIL PROTECTED] (David Hamilton)
Crossposted-To: talk.politics.crypto,alt.privacy
Subject: Re: The BRUCE SCHNEIER Tirade
Date: Fri, 28 May 1999 22:55:39 GMT
=====BEGIN PGP SIGNED MESSAGE=====
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
(snip)
>So he
(ie Bruce Schneier)
>can spout whatever he wants and
>the Hamitons of the world will whorship his word as holy writ.
False; because I'm an atheist thank God.
David Hamilton. Only I give the right to read what I write and PGP allows me
to make that choice. Use PGP now.
I have revoked 2048 bit RSA key ID 0x40F703B9. Please do not use. Do use:-
2048bit rsa ID=0xFA412179 Fp=08DE A9CB D8D8 B282 FA14 58F6 69CE D32D
4096bit dh ID=0xA07AEA5E Fp=28BA 9E4C CA47 09C3 7B8A CE14 36F3 3560 A07A EA5E
Both keys dated 1998/04/08 with sole UserID=<[EMAIL PROTECTED]>
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
Comment: Signed with 2048 bit RSA key
iQEVAwUBN08eKso1RmX6QSF5AQGplgf6Al1Av96VLnb3C14mWUxNqAGybleWSJOk
ZQL43pNZ39nqlP1yHl6D/BRdsYdNIWrO/4RlnARxsGwM0q/yXwQZRa4nfhceHfnz
NcXZ8GJS8CsEEy4Aqbr3F+ZBMM3Bt/gLa9MW5AQFT7YN4yLEaoazTyi9hR9kQBm1
+dVjekg36u8Zyai1Egim0HysLZidbhiV4SgXbJ5udtSv7O7D0Q+N/1QKSYz40FHl
4/ukXBAPULsNrbIAIqLL3JieFLJNrJeyq+m/f3Md0OMpnh2ofpbxzyLLzOGiqGom
kf204kKRha6LB+EZ/XsNne948HgUirWP55ks3b+6wqjEj+qigldY1Q==
=vVDI
=====END PGP SIGNATURE=====
------------------------------
From: [EMAIL PROTECTED] (Steve Rush)
Subject: Re: Threatening SW ^besides^ Strong-Crypto
Date: 28 May 1999 22:55:27 GMT
>
>Well, you might look at the Wassenaar agreement lists. Apart from
>design software for weapons and suchlike, there is:
>
>- Vector computer OSs
>- Sonar & signal processing s/w
>- Cellphone software in source
>- Apdative routing software in source
>- Real-time OS software with low interrupt latency
>- Expert system software with time dependence
>- Semiconductor CAD software with testing functionality
>
>and so on.
I wonder why the politicians bother. Software is so absurdly easy to smuggle
that the whole situation looks comic, especially for software that is sold
over-the-counter.
I think the inclusion of cellphone and adaptive routing software in the list is
an attempt to slow down the hackers (make 'em disassemble the products before
they can start fiddling), but some of the items in that list look like some
company has done the international equivalent of buying legislation designed to
cripple the competition.
**********************************************************************
If it's spam, it's a scam. Don't do business with Net abusers.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: OTP Problems
Date: Fri, 28 May 1999 23:48:12 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (Mario Lyken)
wrote:
>[EMAIL PROTECTED] (DJohn37050) wrote:
>
>>OTP is provably secure. Why is it not used everywhere?
>
>I'll bet the navies around the world use OTP's to communicate with their
>ships. I can't think of a reason for using anything else.
The main reason to use something else is stupidy of the government
officals making the final decision. Even the NSA is mostly likely not
incouraging the US Navy to do much in this direction since it would
undercut there power. The only way they would do it is for a bearacrat
to keep an extra copy of the key so it could later be sold to the chinese.
Management always like to think they are better than anyone else so they
will always have a key on hand in case they get the urge to read the mail.
And the Chinese know where and what group of people to give money to
so that they can read the info. The government may think it is the engineer
and scientist saleing the secrets but it is more likely someone in power who
sales the country out.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: MORE CLUES TO SCOTT19U CONTEST
Date: Sat, 29 May 1999 00:02:34 GMT
Yes folks for the long holiday the gloat contest is still on
and I am supplying another HEX ( 4 bits) to the solution of
the problem. So the solution is no harder than guessing the
remaing 48bits. This means it should be much easyer for
someone with a brute force attack to find the anwser.
And Yes folks this contest the way the rules are would have
been solved in less than a week with any of the AES candidates.
I think even a crypto god could see that.
But yes that does not prove my software definitly better.
It just proves there are cases where the AES candidates are
obviously weaker ( which is what the NSA wants) However
if your stuck using a weak AES method I will soon release
code that is not encryption code but chaining code so that
those who use this weak methods have the choice to use
"wrapped PCBC" chaining this will allow the user to achieve
"all or nothing encryption" so that it would be on par with
what I have done.
The code I will supply will not be written for speed but for
understanding and I hope it will be "straight ANSI C" that
could be used on any machine even those that have a different
Indianness than a PC.
Have a HAPPY WEEKEND all
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
http://members.xoom.com/ecil/index.htm
NOTE EMAIL address is for SPAMERS
------------------------------
From: [EMAIL PROTECTED] (Steve Rush)
Subject: Re: OTP Problems
Date: 28 May 1999 23:15:52 GMT
>>OTP is provably secure. Why is it not used everywhere?
>
>I'll bet the navies around the world use OTP's to communicate with their
>ships. I can't think of a reason for using anything else.
Actually, most naval traffic doesn't need that kind of security. some of it is
transmitted in clear, most secure traffic is in stream cyphers, and some of it
uses symmetric block
cyphers. OTP is probably reserved for the short, *really* critical items,
like ICBM launch orders.
If the longest message you will ever send on a certain channel is something
like "Execute Plan 9.", and you hope you will never have to send that message,
OTP is the _most_ practical cypher. If you have several megabytes per day of
administrative traffic, a hardware secret-key cypher box between the computer
and the radio link is about the only way to go.
**********************************************************************
If it's spam, it's a scam. Don't do business with Net abusers.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: What good is hushmail?
Date: Fri, 28 May 1999 23:22:20 GMT
> The problem is that they've had to limit themselves to current
> web browsers using Java 1.1. This ties their hands a little bit
> as they have no access to the local machine for storage.
So where is secret key being kept? I hope not at their server.
...I still have to wade my way through their FAQ.
Art Gecko
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp,comp.security.misc,comp.security.pgp.discuss
Subject: ScramDisk RED SCREEN: monitoring keystrokes - problem?
Date: Fri, 28 May 1999 23:43:29 GMT
Summary
It is possible to grab passwords as they are typed in by the user, even
when the low-level RED SCREEN is being used for password entry.
Tested with version 2.02h of ScramDisk.
========================================================================
Demonstration
1. Download and install KeyKey (see links below)
2. Launch ScramDisk
3. Disable password entry via the RED SCREEN in ScramDisk
4. Launch Notepad
5. Activate KeyKey
6. Type "Before Windows password entry" into Notepad
7. Enter your passwords into ScramDisk via the Windows password entry
dialog
8. Type "After Windows password entry" into Notepad
9. Type "Before RED SCREEN password entry" into Notepad
10. Enter your passwords into ScramDisk via the low-level RED SCREEN
11. Type "After RED SCREEN password entry" into Notepad
12. Deactivate KeyKey, generate and view KeyKey report
The report generated will show the text you typed into Notepad at stage
6,
after which, you will see your passwords, as entered in stage 7. The
report
will also show the text you typed into Notepad at stage 9, and the
passwords you entered into the RED SCREEN at stage 10.
========================================================================
Notes
It should be noted that if someone has the access to you computer
required
to install a program like "KeyKey" (be it through trojan software given
to
you, or by gaining physical access to your computer and putting in a
3.5"
disk); a simpler attack would probably be to replace the ScramDisk VxD
with
a modified version, bypassing all of ScramDisk's security.
In summary; although ScramDisk's RED SCREEN does provide more protection
against keyboard monitoring software (such as SKin98) than
BestCrypt/PGPDisk do, this method of password entry should not be relied
upon.
KeyKey can be downloaded from:
http://mikkoaj.hypermart.net/index.html
(or from:)
http://www.fortunecity.com/skyscraper/true/882/zipped/KEYKEY.zip
--
Sarah Dean
[EMAIL PROTECTED]
http://www.fortunecity.com/skyscraper/true/882/
For information on ScramDisk and SecureTrayUtil, check:
http://www.fortunecity.com/skyscraper/true/882/ScramDisk.htm
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
