Cryptography-Digest Digest #998, Volume #9 Fri, 6 Aug 99 14:13:03 EDT
Contents:
Re: Americans abroad/Encryption rules? (John Myre)
Re: Questions regarding elliptic curve cryptography. (Bob Silverman)
Re: Challenge: mental authentication ("Lassi Hippeläinen")
Re: beginner question re. MD5 and one-way hashes ([EMAIL PROTECTED])
Re: Microsoft Word 97 ("John E. Kuslich")
Re: Prime number. (Bob Silverman)
Re: Questions regarding elliptic curve cryptography. (Bob Silverman)
Re: frequency of prime numbers? (John McDonald, Jr.)
Re: Pencil-and-paper compression algorithms [Re: Between Silk and Cyanide] (wtshaw)
Re: AES finalists to be announced ([EMAIL PROTECTED])
Re: frequency of prime numbers? ("karl malbrain")
Re: What is "the best" file cryptography program out there? (fungus)
Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED])
Re: AES finalists to be announced ([EMAIL PROTECTED])
Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED])
Re: new PGP key and test (Malcolm Dew-Jones)
----------------------------------------------------------------------------
From: John Myre <[EMAIL PROTECTED]>
Subject: Re: Americans abroad/Encryption rules?
Date: Fri, 06 Aug 1999 08:01:59 -0600
fungus wrote:
>
> "David C. Oshel" wrote:
> >
> > You can represent binary numbers in a base 355 system, which you then
> > represent in a base 113 system, which is a real kick when you store the
> > output in a binary computer file -- one way to "expand" a file to disguise
> > its length.
> >
>
> I found the secret code!
>
> 355/113 = 3.141592.....
>
> What do I win?
LOL! How about banana cream ...
(Kudos - I didn't even notice the actual numbers when I
read David's post).
BTW, does anyone know who first discovered this representation
of pi? I think I read once that it was the Chinese (centuries
ago), but it's pretty fuzzy. When my father took electrical
engineering back in the slide-rule days, 22/7 was commonly used;
I have always thought it a shame that 355/113 wasn't better
known. The mnemonic sequence 113355 makes it really easy.
Of course, usually machines do our arithmetic now...
John M.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Questions regarding elliptic curve cryptography.
Date: Fri, 06 Aug 1999 14:09:40 GMT
In article <[EMAIL PROTECTED]>,
Teh Yong Wei <[EMAIL PROTECTED]> wrote:
> Me again. Sorry for posting so many "simple" questions to all of U.
But,
> I myself am new in this field, so there is a lot of things that I am
> quite uncertain and don't understand. Here are some questions
regarding
> ECC:
>
> 1) How to determine a curve is a good curve?
This is a matter of some debate. Some people, for example, believe
it is OK to use Koblitz curves provided that they have the right
properties (which I don't enumerate here). I believe that "good"
curves have as little inherent structure as can be managed, i.e. that
special curves, such as Koblitz curves, should be considered "suspect".
But this is an *opinion* and there is no proven mathematics behind it.
It is just the general belief that the more algebraic structure a
curve has, the more likely it is that some attack (even if currently
undiscovered) can exploit the structure.
However, that said, the only fundamental property that a good curve
should have is that for the field over which it is defined it have
prime or nearly-prime order. (To avoid Pohlig-Hellman attacks)
> 2) How to choose a and b in the ECC equation?
Generally speaking, randomly is best, unless using a special curve
such as a Koblitz curve. It is a matter of some debate as to whether
curves having complex multiplication qualify as special. I mention
this because for such curves the choice of (a,b) is constrained.
> 3) Do we need to know all the points on a curve?
No. In fact, for the curve to be secure, it should be impossible
to know all the points because there should be too many of them.
> 4) Who will generate the curve? The sender or the receiver?
Either. Or they can jointly agree. Or use a standardized (e.g. NIST)
curve.
> 5) Why we need to "convert" the message to a pair of integer?
Because we need to encode the message in such a way that becomes
a point on the curve. Points are pairs of integers.
> 6) How to make public key as short as possible?
This depends on the level of security you require. It's really a
question only you can answer. Make it big enough to just suit your
needs.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "Lassi Hippeläinen" <[EMAIL PROTECTED]>
Subject: Re: Challenge: mental authentication
Date: Fri, 06 Aug 1999 16:31:18 +0300
Robert Scott wrote:
<...>
> If you are going to tackle this problem, my advice is to avoid
> traditional computer-based algorithms.
Exactly.
I once had a need to do similar things. In those days the user interface
was just a teletype. The way to protect a password was to write first
half a dozen times some garbage on the same spot of the paper and then
type the password on the resulting smugde.
But then came the glass teletypes (so now you know how long I have been
fooling around with crackers...) that couldn't overwrite to produce that
smudge. When you typed the password, it was visible on the screen.
So I had a requirement: design a password system, whose password may be
seen. The result was a simple one-time password that wasn't based on a
list. It just printed a challenge and the response continued from there
on. It worked with both kinds of terminals. Even in a paper copy you
couldn't tell where the challenge ended and response began.
The trick was in designing that response algorithm. It didn't calculate
anything, really. It was based on digits. The response was just the
positions in the challenge of those digits that were smaller than the
preceding digit. Just to annoy crackers, also alphabets could be thrown
in, but they were discarded before analysis.
Of course the system was pretty much based on security by obscurity, but
it worked. During several years nobody guessed the trick, even though
they saw me logging in many after many times.
Since the human brain is better adapted to visual processing than
mathematics, use that power!
-- Lassi
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: beginner question re. MD5 and one-way hashes
Date: Fri, 06 Aug 1999 14:17:10 GMT
In article <7oc6q3$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Muharem Hrnjadovic) wrote:
> I need a one-way function in order to generate hash key values
> for a piece of software that is caching objects i.e. when I come
> across an object the second time the function should generate the
> same hash key so I know that I have seen that object already.
>
> I tried MD5 but the value generated is too long for my purposes;
> I would like something that generates a 4 byte sequence ideally.
>
> I experimented with MD5 by taking only one quarter of the signature
> it supplies but after a test with ca. 160.000 objects I obtained
> identical values for different objects (which is not MD5's fault
> since I took only 25% of the sequence it calculated).
>
> Can you recommend any other one-way-hash or message digest functions
> that are possibly simpler and generate shorter values?
Most of the time hashing is used to reduce linear search time in symbol
tables. What you do is have say N linear (linked) lists. You hash the
object down to a number (0 to N-1) and pick one of the lists. This way
instead of having one large list of 200,000 objects you have 1000 lists
of 200 objects. Since most hashes are quick (if it's quicker then
searching 200 objects or M/N (M = number of objects total) then it's
worth it) finding an object is faster overall. The linked lists do
take memory but no more then storing in one large list.
I can send you a mini-example of hashing if you want. It's in C./
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "John E. Kuslich" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: Microsoft Word 97
Date: Fri, 06 Aug 1999 07:34:04 -0700
Well now. That' is a lie!
http://www.crak.com
JK
pwrecover wrote:
>
> You can find help with your Word 97 password recovery problem at
> Password Crackers, Inc. check out http://www.pwcrack.com/ for more
> information. They offer the only absolute Word 97 cracking guaranteed
> for any length password in 10 business days.
>
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > I lost the password for a Microsoft Word 97 document.
> > Help me !!!
> > Thank's
> > NPW
> >
> >
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
--
CRAK Software (Password Recovery Software)
Http://www.crak.com
[EMAIL PROTECTED]
602 863 9274 or 1 800 505 2725 In the USA
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Prime number.
Date: Fri, 06 Aug 1999 13:36:55 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Bob Silverman wrote:
> >
> > In article <[EMAIL PROTECTED]>,
> > [EMAIL PROTECTED] (John
McDonald, Jr.)
<snip>
> >
> > This isn't about people skills, it's about responsibility.
> >
> > Do you react this way to your boss (or professors) when (s)he tells
> > you that you made a mistake?
> > >
> ---------------------
> Do you react this way to your boss (or professors) when (s)he makes a
> mistake?
Everyone makes mistakes. I make far too many of them.
However, there is a big difference between making a mistake and
blatantly making an *uninformed* assertion. They are not the same,
yet you seem to think they are.
When my boss or (former) professor makes a mistaken pronouncement in
public, they have at least *studied* the subject they are discussing
or they have checked sources.
Mr. McDonald did neither. Further, he not only make an incorrect
assertion, he **shouted** it. Look at the original post. He put
the words THE ONLY in all capitals when he said trial division
was THE ONLY way one could prove primality.
And before you ask, allow me to state that I do not believe everyone has
the right to an opinion. I do believe everyone has the right to an
informed opinion.
One has a responsibility in a public forum to check references or to
be knowledgeable about a subject before making pronouncements.
If everyone in this newgroup did this, we would have far fewer
nonsensical posts and the signal/noise ratio would improve.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: Questions regarding elliptic curve cryptography.
Date: Fri, 06 Aug 1999 13:49:25 GMT
In article <[EMAIL PROTECTED]>,
Teh Yong Wei <[EMAIL PROTECTED]> wrote:
> Me again. Sorry for posting so many "simple" questions to all of U.
But,
> I myself am new in this field, so there is a lot of things that I am
> quite uncertain and don't understand. Here are some questions
regarding
> ECC:
>
> 1) How to determine a curve is a good curve?
This is a matter of some debate. Some people, for example, believe
it is OK to use Koblitz curves provided that they have the right
properties (which I don't enumerate here). I believe that "good"
curves have as little inherent structure as can be managed, i.e. that
special curves, such as Koblitz curves, should be considered "suspect".
But this is an *opinion* and there is no proven mathematics behind it.
It is just the general belief that the more algebraic structure a
curve has, the more likely it is that some attack (even if currently
undiscovered) can exploit the structure.
However, that said, the only fundamental property that a good curve
should have is that for the field over which it is defined it have
prime or nearly-prime order. (To avoid Pohlig-Hellman attacks)
> 2) How to choose a and b in the ECC equation?
Generally speaking, randomly is best, unless using a special curve
such as a Koblitz curve. It is a matter of some debate as to whether
curves having complex multiplication qualify as special. I mention
this because for such curves the choice of (a,b) is constrained.
> 3) Do we need to know all the points on a curve?
No. In fact, for the curve to be secure, it should be impossible
to know all the points because there should be too many of them.
> 4) Who will generate the curve? The sender or the receiver?
Either. Or they can jointly agree. Or use a standardized (e.g. NIST)
curve.
> 5) Why we need to "convert" the message to a pair of integer?
Because we need to encode the message in such a way that becomes
a point on the curve. Points are pairs of integers.
> 6) How to make public key as short as possible?
This depends on the level of security you require. It's really a
question only you can answer. Make it big enough to just suit your
needs.
--
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (John McDonald, Jr.)
Subject: Re: frequency of prime numbers?
Date: Fri, 06 Aug 1999 14:21:09 GMT
On Fri, 06 Aug 99 00:39:30 GMT, [EMAIL PROTECTED] (Ian Gay) wrote:
>Hmmm... Might be better to define prime as only divisible by 1 and itself.
>Otherwise, you get, e.g.
>{3, 5} = putative set of all primes
See, but you skipped 2 in the definition, see below...
If we define a prime to be all numbers greater than 1 such that they
are indivisble by any lesser prime, then here's what we should get...
{}
{2}
{2, 3}
{2, 3, 5}
{2, 3, 5, 7}
{2, 3, 5, 7, 11}
Etc.
Doesn't this allow primes to be an infinite set while maintaining the
correct numbers?
And furthermore, isn't it this definition that allows us to use Sieves
to find prime numbers extremely quickly? (As was so quickly pointed
out to me in another thread?)
After all, if this wasn't another definition that described primes and
only primes, then wouldn't divisibility be the only way to find prime
numbers?
[-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-]
John K. McDonald, Jr. Alcatel, USA
[EMAIL PROTECTED]
please remove -delete- for responses.
--
"I speak for me and not this company"
TO SPAMMERS:
Please view the definitions for
"telephone facsimile machine,"
"unsolicted advertisement," and the
prohibition and penalty for sending
unsolicited faxes before sending Un-
solicited Commercial E-mail to the
above address. Violators WILL BE
PROSECUTED. These can be found
in:
The Telephone Consumer Protection Act
of 1991, Title 47, Chapter 5,
Subchapter II, Section 227.
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: Pencil-and-paper compression algorithms [Re: Between Silk and Cyanide]
Date: Fri, 06 Aug 1999 10:40:41 -0600
In article <20h$[EMAIL PROTECTED]>, Paul
<[EMAIL PROTECTED]> wrote:
> In article <[EMAIL PROTECTED]>, wtshaw
> <[EMAIL PROTECTED]> writes
>
> [on compression and morse code...]
> >
> >I will take the time to post the full list of characters with their
> >variable trit values if asked, mostly given historic values.
>
> In case no one else has done so (yet) please consider yourself asked!
OK
There are lots of language dependent codes. The are mostly from what I am
used to. Sometimes an obscure code will bring the OM's out of a pileup.
There have been official and unoffical changes over the years, and I add a
very few here for interests of completion. For efficiency's sake, lots of
the longer strings could be replaced with unassigned shorter ones. I
believe that the ACA list of some of them uses a few obsolete punctuation
forms, changed since WWII.
I hope I did not make a mistake in transcribing the list, but leave that
possibility open.
FIRST GROUP--2 to 5 TRITS (all possibilities)
00 = blank or space -- trits only
000 = a sternlight -- trits only
10 = E
110 = I
1110 = S
11110 = H
11120 = V
112 = U
11210 = F
11220 = *
120 = A
1210 = R
12110 = L
12120 = @
1220 = W
12210 = P
12220 = J
20 = T
210 = N
2110 = D
21110 = B
21120 = X
2120 = K
21210 = C
21220 = Y
220 = M
2210 = G
22110 = Z
22120 = Q
2220 = O the letter
22210 = !
22220 = #
SECOND GROUP--SIX TRITS
111110 = 5
111120 = 4
111210 = attention!, or, you acknowlege
111220 = 3
112120 = reply
112220 = 2
121110 = wait
121210 = end of message
122220 = 1
211110 = 6
211120 = = equals
211210 = /
212210 = ( left para
221110 = 7
222110 = 8
222210 = 9
222220 = 0 zero
THIRD GROUP--SEVEN TRITS or EIGHT TRITS
1111220 = you quit now!
11121120 = $ dollar sign
1121120 = priority
1122110 = ? question mark
1122120 = _ base line
1211210 = " double quote
1212110 = ¶ paragraph
1212120 = . period
12121210 = + plus
1222210 = ' single quote
2111120 = - dash
2121210 = ; semicolon
2122120 = ) right para
2211220 = , comma
MORE THAN EIGHT TRITS
1112221110 = distress on water
1121121120 = relay distress
2212121121121 = distress on land (old)
--
Sometimes you have to punt, and hope for the best.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: AES finalists to be announced
Date: Fri, 06 Aug 1999 16:33:20 GMT
In article <7oelll$3qm$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
>
> > > So shove that in your pipe and smoke it.
> > >
> > > Tom
> >
> > When are you goning to crack fortom.cpt
> > oh genios??? Its easy.
>
> Because you are sending ciphertext only to me I know you don't know
the
> purpose of cryptography or scrutiny.
>
> My point in that thread was that it's not only the algorithm that
makes
> it secure. Why you are sending currupted binaries to me is beyond me.
>
You dont know much that file is not currupted it is simple to crack but
beyond you. Its now in seperate thread just for you oh little one.
--
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Subject: Re: frequency of prime numbers?
Date: Fri, 6 Aug 1999 10:14:31 -0700
Bob Silverman <[EMAIL PROTECTED]> wrote in message
news:7oeihc$1of$[EMAIL PROTECTED]...
> In article <7od7bi$9ee$[EMAIL PROTECTED]>,
> No. The "correction" mis-defines the term "prime number"
> by (in effect) saying: A prime number is defined to be a member
> of some pre-specified finite set, rather than defining it by its
> divisibility properties and then assuming they form a finite set.
>
>
> The proof is:
>
> Definition: A prime number is a positive integer, greater than 1
> which is divisible only by 1 and itself.
(...)
> Whereas the attempted correction starts by saying:
>
> Definition: A prime number is a member of the following finite
> set: {p1, p2, p3, ..... pn}
>
> See the difference???
No, there is no difference. You have to take BOTH at once. It doesn't
matter which comes first. Karl M
------------------------------
From: fungus <[EMAIL PROTECTED]>
Subject: Re: What is "the best" file cryptography program out there?
Date: Fri, 06 Aug 1999 17:22:31 +0200
[EMAIL PROTECTED] wrote:
>
> The only real flaw with PK algorithms is trusting the public key you
> have is from the person who supposedly created it. It's something we
> have to inheriantly trust. I think burning them into publicly
> avaialble cd-roms or roms would be a good method. You could just check
> your key on your computer against the CD-rom (which is suppose to be
> identical to everyone elses) and raise hell if it's not.
>
A CD-ROM couldn't hold enough keys to be worthwhile, and it would change
too frequently to be useful. The only way to really do this is via the
Internet.
> Which brings me to another idea. Wouldn't that be cool to have some
> form of registration where 1024-bit keys (to be safe) are created and
> registered
By the government, maybe??
Seriously though, Internet public-key servers have been around for a
long time, but seem to have escaped Tom's attention.
eg. http://pgp5.ai.mit.edu/
--
<\___/>
/ O O \
\_____/ FTB.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: What is "the best" file cryptography program out there?
Date: Fri, 06 Aug 1999 16:47:29 GMT
In article <[EMAIL PROTECTED]>,
fungus <[EMAIL PROTECTED]> wrote:
> A CD-ROM couldn't hold enough keys to be worthwhile, and it would
change
> too frequently to be useful. The only way to really do this is via the
> Internet.
I know... just an idea. For companies it would work though. You could
have each employee make a key. Store it in a ROM somewhere and use
that as a 'server' that way keys can only be changed by authorized
personal. A ROM is simple to make and a 128kb rom could hold 873 keys
(assuming about 150 bytes per key). Put 20 of them on a board and you
can store 17500 keys ... Not really expensive.
> Seriously though, Internet public-key servers have been around for a
> long time, but seem to have escaped Tom's attention.
>
> eg. http://pgp5.ai.mit.edu/
And you seem to not realize how insecure key servers are. they are
just as secure as trusting a key on someones site but more convient.
Bruce S. said he has a key on a server that is not his ... keeps coming
back.
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: AES finalists to be announced
Date: Fri, 06 Aug 1999 17:03:56 GMT
In article <7of2og$dv6$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> You dont know much that file is not currupted it is simple to crack
but
> beyond you. Its now in seperate thread just for you oh little one.
Do I care?
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: What is "the best" file cryptography program out there?
Date: Fri, 06 Aug 1999 17:00:48 GMT
In article <[EMAIL PROTECTED]>,
"Thomas J. Boschloo" <[EMAIL PROTECTED]> wrote:
> I want the data to be secure for a lifetime (106 years = maximum
> lifespan of a human, maybe 200, taking into acount some great medical
> advances).
> I want it to be secure starting at some random point in the near or
far
> future in a universe with about the same rules as scientists
understand
> for our universe now.
> My data is worth my life, the buget for a computer would only be
limited
> by the number of particals in our solar system (without upsetting the
> orbits of our planets to much) and this machine may take any number of
> eons to construct and plug in.
>
> I think 170 bits would definitely be enough (calculated that myself
with
> some highschool math in
> <http://x23.deja.com/[ST_rn=ps]/getdoc.xp?AN=397603286>, don't bother
to
> read it), whilst I could perhaps imagine a machine that would crack
128
> bits (not too sure about this).
>
> Do you guys have any believes on these key lenghts? (yes, *strong*
> crypto that can only be brute forced, or whatever)
It's not always about key lengths! Doesn't anyone understand that? A
keylength 'suggests' (at best) an upper bound on security. It doesn't
mean you have to try half of the 128-bit keys to break 128-bit
ciphers. If a cipher is vulnerable to iterative attacks with a modest
amount of knowledge it could be weaker (note: FEAL at four rounds). If
your key generation is weak ...
The brute force ability depends on the algorithm. Blowfish for example
is much harder to brute force then DES simply because of the key
schedule. Assuming every is equal though...
it takes 7 hours max against DES, the same machine would break a 64-bit
key in 74 days. A 80-bit key in 13406 years, and a 128-bit key in
3,773,580,522,841,040,695 years. This assumes you use the DES cracker
model. Some algorithms with newer technology might be faster.
Assuming you can find a DES key in 1 minute, finding a 64-bit key would
take 4.2 hours. Finding a 80-bit key would take 485 years, finding a
128-bit key would take 8,984,715,530,573,906 years. This is testing
rate of 1,200,959,900,632,132 (2^50.09) keys a second which is
uncomprehendable for 99% of all people (meaning their computers can't
even come close). Against the RC5 challenge my machine did 500,000
keys a second (2^18.93).
Clearly 64-bit keys are on the lower bound. I would still think they
are secure against 99% of all adversaries (note: the NSA is not always
against you). 80-bit keys are still secure for any seeable future, and
128-bit keys will most likely never become too short in our lifetime.
Btw my timings are the upper bound. Divide them by two to find the
average. Even still you are looking at a lot of time.
Tom
--
PGP 6.0.2i Key
http://mypage.goplay.com/tomstdenis/key.pgp
PGP 2.6.2 Key
http://mypage.goplay.com/tomstdenis/key_rsa.pgp
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
Subject: Re: new PGP key and test
From: Malcolm Dew-Jones <[EMAIL PROTECTED]>
Date: Fri, 06 Aug 1999 10:30:49 -0700
Reply-To: [EMAIL PROTECTED]
A classic book is
"Repelling the wily hacker"
by ?
It discusses how to prevent such neferiousnous, which is the flip side
of your question. At least two published magazines discuss these
things, and (most important) provide pointers to more. One may be
called "Phrack"
and there's always Usenet newsgroups:
•alt.security
•alt.hacking
•alt.2600
•alt.cyberpunk
•comp.security.misc
[EMAIL PROTECTED] wrote:
>
> > Here is a question though. My key is at an FTP site of
> >
> > ftp://ftp.goplay.com/tomstdenis
> >
> > What would be the steps for 'hacking' the key at that site? Are there
> > any pointers online? Basically I want to know how someone from
> outside
> > of goplay (the FTP provider) would hack the key and thus fake being me
> > (well [EMAIL PROTECTED])
>
> I am willing to divulge more personal habits (say about the times when
> I use goplay) in private email. I seriously want to know how someone
> might steal/change the key at my site.
>
> BTW I got pgp 2.6.2 and I think it's much easier and funner to use then
> pgp 6.0.2. I have a 768 bit RSA key (see my .sig).
>
> Tom
> --
> PGP 6.0.2i Key
> http://mypage.goplay.com/tomstdenis/key.pgp
> PGP 2.6.2 Key
> http://mypage.goplay.com/tomstdenis/key_rsa.pgp
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
