Cryptography-Digest Digest #490, Volume #10 Mon, 1 Nov 99 20:13:03 EST
Contents:
Re: announcement: steganography program "steghide" (John Kennedy)
Re: Doesn't Bruce Schneier practice what he preaches? (John Kennedy)
Re: announcement: steganography program "steghide" (John Kennedy)
Re: Doesn't Bruce Schneier practice what he preaches? (John Kennedy)
Re: Doesn't Bruce Schneier practice what he preaches? (John Kennedy)
Re: Doesn't Bruce Schneier practice what he preaches? (John Kennedy)
Re: Renouncing Uncensored-News (was:Biometric Keys are Possible) (John Kennedy)
Re: announcement: steganography program "steghide" (John Kennedy)
Re: Bruce Schneier's Crypto Comments on Slashdot (jerome)
Re: Proposal: Inexpensive Method of "True Random Data" Generation ("james d. hunter")
Re: Proposal: Inexpensive Method of "True Random Data" Generation ("Tony T. Warnock")
Re: Build your own one-on-one compressor (Mok-Kong Shen)
Re: Build your own one-on-one compressor (Mok-Kong Shen)
----------------------------------------------------------------------------
From: John Kennedy <[EMAIL PROTECTED]>
Subject: Re: announcement: steganography program "steghide"
Date: Mon, 01 Nov 1999 17:33:35 -0500
On Fri, 29 Oct 1999 21:10:41 GMT, [EMAIL PROTECTED] (jerome) wrote:
>On Fri, 29 Oct 1999 18:09:31 GMT, Tom St Denis wrote:
>>In article <[EMAIL PROTECTED]>,
>> Stefan Hetzl <[EMAIL PROTECTED]> wrote:
>>> Hello,
>>>
>>> I have written a steganography program called "steghide". It is
>>> designed to be portable and configurable and features hiding data in
>>> bmp, wav and au files, blowfish encryption, MD5 hashing of passphrases
>>> to blowfish keys and pseudo-random distribution of hidden bits in the
>>> cover-data. It is copyrighted under the GNU General Public License.
>>>
>>> Steghide is written in ANSI C so the source code should compile on
>>many
>>> systems. Binaries are available for Windows and Linux. It is available
>>> from: http://www.crosswinds.net/~shetzl/steghide/index.html
>>>
>>> Criticism is welcome.
>>
>>While I couldn't get the binaries off your site (too slow) I will take
>>a peek at the source later. A quick comment or two..
>>
>>1. It's not usefull for general run-of-the-mill daily messaging. You
>>need too many different pictures/sounds to make it usefull.
>
>There are sources of pictures which can be automatically gathered.
>Sex pictures from the news are good for this purpose. The observer
>would probably think that you like to exchange sex picture with
>your friends. If you try to hide it, he would interpret that you
>are ashamed to be a 'pervert'.
As a bonus, this gives you great cover at home for downloading tons of
porn!
"I'm just trying to keep our personal communcations private honey!"
It's a dirty job, but somebody's gotta do it.
>
>If you provide a simple answer, most people doesn't look deeper.
>it is the aim of steganography. The psychologic part, lets say.
>
>By the way these newsgroup is a very efficient way to avoid
>traffic analysis, the sender is identifiable but not the
>receiver (because of the number of readers).
-
John Kennedy
The Wild Shall Wild Remain!
http://members.xoom.com/rational1/wild/
------------------------------
From: John Kennedy <[EMAIL PROTECTED]>
Subject: Re: Doesn't Bruce Schneier practice what he preaches?
Date: Mon, 01 Nov 1999 17:33:39 -0500
On Mon, 1 Nov 1999 13:03:17 GMT, [EMAIL PROTECTED] (Larry
Kilgallen) wrote:
>In article <7vj6c8$5pt$[EMAIL PROTECTED]>, Scott Fluhrer
><[EMAIL PROTECTED]> writes:
>
>> If that's all Schneier meant, then he's wrong. Just knowing the algorithms
>> used is not enough. You have to know that they were put together correctly,
>> for example, that any random number generators used were not chilled, that
>> any keys created were not chosen with malice, that no key bits were being
>> leaked somehow.
>
>If viewing the source is the only basis for your trust, then you
>have to know that you are better able than Bruce Schneier to tell
>what constitutes proper construction of the software.
My personal viewing of the source has little to do with it. What would
be comforting is if the source were in plain view of the entire world,
where there are many talented people who could really make a name for
themselves by finding a security flaw in Counterpane Software.
This is one of the very greatest strenghts of PGP.
>
>If you view malice from Bruce Schneier as a threat, they you have
>to know that you are able to detect such malice better than Bruce
>Schneier is able to hide that malice.
Sorry, this is nonsense. Microsoft sells security too. They don't
publish the implementation details. I wouldn't be at all surprised if
they have far better programmers than me working on it. Should I then
trust their software with my secrets?
Schneier says no.
He's right.
The same holds for Counterpane software.
>I know more about Bruce Schneier than I do about you, and I would
>not be inclined to bet on you in such a competition.
I have no intention of competing against him on those terms.
Should I be confident that Schneier is smarter than the rest of the
world combined?
>
>On the other hand, I know a _lot_ about _myself_, and I would not
>be inclined to bet on myself in your position competing against
>Bruce Schneier.
So you can or should trust Schneier if he's smarter or more skilled
than yourself?
That makes no sense to me.
With PGP I'm not trusting any individual or company, and I'm not
pitting my technical skills against anyone, I'm relying on the entire
community of individuals interested in private communication. Plenty
of them would benefit from being the first one to poke a hole in PGP.
Schneier would do it if he could and so would any other cryptographic
expert in the private sector. On top of that, there are far more
programmers qualified to find *non-cryptographic* security weakness
in the PGP source.
The original issue of this particular piece of software is very minor,
but the principles involved are not.
-
John Kennedy
The Wild Shall Wild Remain!
http://members.xoom.com/rational1/wild/
------------------------------
From: John Kennedy <[EMAIL PROTECTED]>
Subject: Re: announcement: steganography program "steghide"
Date: Mon, 01 Nov 1999 17:33:38 -0500
On Mon, 01 Nov 1999 06:39:19 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote:
>David A Molnar wrote:
>> > {}{}{} Posted via Uncensored-News.Com, http://www.uncensored-news.com {}{}{}
>> > {}{}{}{} Only $8.95 A Month, - The Worlds Uncensored News Source {}{}{}{}
>> > {}{}{}{}{} Five News Servers with a BINARIES ONLY Server {}{}{}{}{}
>> What's this?
>
>As near as I can determine, somebody was *resubmitting* news articles
>after changing the poster's name to the poster's email address and
>adding one hour to the time of posting (presumably to avoid the
>redundant-message check in news software), and appending that ad.
>It is clearly SPAM, let's hope not very successful SPAM.
>The very idea of paying $8.95/mo to receive copies of the same news
>articles that everyone already has access to!
There are a significant number of people who will pay extra for a high
performance uncensored news feed. If you're not moving high volumes of
binaries it's probably of little utility to you. If you're just
reading and typing then clearly the newsfeed on most ISPs will do
fine.
The spam of course is nothing but a pain in the ass.
-
John Kennedy
The Wild Shall Wild Remain!
http://members.xoom.com/rational1/wild/
------------------------------
From: John Kennedy <[EMAIL PROTECTED]>
Subject: Re: Doesn't Bruce Schneier practice what he preaches?
Date: Mon, 01 Nov 1999 17:33:40 -0500
On Mon, 01 Nov 1999 10:21:49 -0500, "Trevor Jackson, III"
<[EMAIL PROTECTED]> wrote:
>Larry Kilgallen wrote:
>
>> In article <7vj6c8$5pt$[EMAIL PROTECTED]>, Scott Fluhrer
><[EMAIL PROTECTED]> writes:
>>
>> > If that's all Schneier meant, then he's wrong. Just knowing the algorithms
>> > used is not enough. You have to know that they were put together correctly,
>> > for example, that any random number generators used were not chilled, that
>> > any keys created were not chosen with malice, that no key bits were being
>> > leaked somehow.
>>
>> If viewing the source is the only basis for your trust, then you
>> have to know that you are better able than Bruce Schneier to tell
>> what constitutes proper construction of the software.
>>
>> If you view malice from Bruce Schneier as a threat, they you have
>> to know that you are able to detect such malice better than Bruce
>> Schneier is able to hide that malice.
>
>No.
>
>On both issues the situtation is not one person vs <adjective> cipher author. The
>situation is
>everyone in the world vs <adjective> cipher author. No matter what superlative(s)
>you choose as
>adjective(s), the house bet is against the cipher author.
>
>This was one of his strongest positions. It is only fair to apply that position to
>his own work for
>consistency. Note that is is probably unreasonable demand perfect consistency.
>Noting the issue is
>probably sufficient response.
Agreed. I intended little more than to note the issue, and use this
piece of software as an example. Nevertheless, the principles involved
are quite important.
>
>>
>>
>> I know more about Bruce Schneier than I do about you, and I would
>> not be inclined to bet on you in such a competition.
>>
>> On the other hand, I know a _lot_ about _myself_, and I would not
>> be inclined to bet on myself in your position competing against
>> Bruce Schneier.
>
>Well, the obvious question is whether you would bet on Mr. Schneier against the rest
>of the world. If
>so you probably are expecting perfection from him, which may not be fair to him or to
>you.
-
John Kennedy
The Wild Shall Wild Remain!
http://members.xoom.com/rational1/wild/
------------------------------
From: John Kennedy <[EMAIL PROTECTED]>
Crossposted-To: alt.security.scramdisk
Subject: Re: Doesn't Bruce Schneier practice what he preaches?
Date: Mon, 01 Nov 1999 17:33:43 -0500
On Mon, 01 Nov 1999 10:17:26 -0700, John Myre <[EMAIL PROTECTED]>
wrote:
>John Kennedy wrote:
>>
>> On 1 Nov 99 05:34:47 GMT, [EMAIL PROTECTED] () wrote:
>>
>> >Roman E. Liky ([EMAIL PROTECTED]) quoted:
>> >: >Here's an example, Counterpane Systems has a nice little freeware
>> >: >utility called Pasword Safe.
>> >
>> >Probably an exception was made here simply because this is intended as a
>> >convenience for users who can't be bothered to memorize passwords, or do
>> >anything else they ought to - of course, using PGP or ScramDisk makes
>> >better sense from a security standpoint, but not everyone will find them
>> >convenient enough to use.
>>
>> They make considerable hay out of the fact that the utility uses
>> Blowfish encryption. The point of Blowfish is security. There's no
>> other reason to care if Blowfish is part of the utility. But what good
>> is Blowfish encryption without open source? It contradicts Schneier's
>> own advice, does it not?
>>
>> I don't mean to make a mountain out of a molehill here, but this is a
>> puzzling contradiction.
>>
>> >
>> >Windows code for a convenient program, as opposed to encryption code, is
>> >harder to release.
>>
>> I see lots of windows code released.
>>
>
>I don't know why Counterpane hasn't released the source code to
>Password Safe but I can think of lots of possible reasons.
>
>First, the only reason in favor of it is publicity, hopefully
>positive, since Counterpane derives no income (directly) from the
>product. How much time (money) is it worth to Counterpane to go
>to the trouble of releasing the source?
Less than it took to write it. And with substantial benefit o the
user, which is presumably a good thing for Counterpane.
>
>What if they started getting a bunch of support calls, slightly
>disguised as technical questions?
The don't have to answer them. Unless someone demonstrates a genuine
security flaw nobody reasonable is going to expect them to support
freeware.
I don't see how releasing the source makes it more likely they will
get such calls anyway, I imagine users are just as likely to make such
calls now.
>
>What if changed versions of the source started showing up, with
>various evil properties? Would they need to spend time defending
>their reputation then?
They face exactly the same problem with every execuatable now. I could
write a program that looks the same but acts differently.
>
>What do they have to do about U.S. export restrictions? Probably
>they would have to (carefully) remove at least the Blowfish source,
>and possibly other parts. That might be easy or it might not,
>depending on what the source is like.
Blowfish is already available on site, right next to Password Safe.
And again, what has source got to do with that? If the source can't be
exported then the executable already faces the exact same issue and
they're dealing with it.
>
>Although the utility itself is free, maybe Counterpane makes
>money on other products derived from the same source.
Which should you trust, open source or reputation?
Schneier has always said open source.
Do they make money on PGP?
PGP refutes all your arguments here.
>
>Still, these communities would be happier if Bruce would in fact
>release the source, and I think Counterpane would be well
>served to do so. Unless, of course, the source code is hacked
>together and sloppy, and embarrassing to publish... ;-)
>
>John M.
-
John Kennedy
The Wild Shall Wild Remain!
http://members.xoom.com/rational1/wild/
------------------------------
From: John Kennedy <[EMAIL PROTECTED]>
Crossposted-To: alt.security.scramdisk
Subject: Re: Doesn't Bruce Schneier practice what he preaches?
Date: Mon, 01 Nov 1999 17:33:42 -0500
On Mon, 01 Nov 1999 16:53:29 GMT, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote:
>In article <[EMAIL PROTECTED]>, John Kennedy
><[EMAIL PROTECTED]> wrote:
>>On 1 Nov 99 05:34:47 GMT, [EMAIL PROTECTED] () wrote:
>>
>>>Roman E. Liky ([EMAIL PROTECTED]) quoted:
>>>: >Here's an example, Counterpane Systems has a nice little freeware
>>>: >utility called Pasword Safe.
>>>
>>>Probably an exception was made here simply because this is intended as a
>>>convenience for users who can't be bothered to memorize passwords, or do
>>>anything else they ought to - of course, using PGP or ScramDisk makes
>>>better sense from a security standpoint, but not everyone will find them
>>>convenient enough to use.
>>
>>They make considerable hay out of the fact that the utility uses
>>Blowfish encryption. The point of Blowfish is security. There's no
>>other reason to care if Blowfish is part of the utility. But what good
>>is Blowfish encryption without open source? It contradicts Schneier's
>>own advice, does it not?
>>
>>I don't mean to make a mountain out of a molehill here, but this is a
>>puzzling contradiction.
>
> It is really not that puzzling you just have to think about it. You may
>come to the same conclusion that I have.
Which is?
-
John Kennedy
The Wild Shall Wild Remain!
http://members.xoom.com/rational1/wild/
------------------------------
From: John Kennedy <[EMAIL PROTECTED]>
Subject: Re: Renouncing Uncensored-News (was:Biometric Keys are Possible)
Date: Mon, 01 Nov 1999 17:33:45 -0500
On Mon, 01 Nov 1999 08:41:08 -0800, Peter Pearson
<[EMAIL PROTECTED]> wrote:
>My posting whose beginning is included below seems to
>have been re-posted with a trailer claiming that I
>posted it through Uncensored-News. I have no connection
>with Uncensored News, and think it's a despicable perversion
>for them to use other's postings as a vehicle for their
>publicity. How can we put a stop to this?
>
I say we get the pickup truck, round up a few of the boys, and go kick
their ass!
-
John Kennedy
The Wild Shall Wild Remain!
http://members.xoom.com/rational1/wild/
------------------------------
From: John Kennedy <[EMAIL PROTECTED]>
Subject: Re: announcement: steganography program "steghide"
Date: Mon, 01 Nov 1999 17:33:37 -0500
On 30 Oct 1999 17:12:59 GMT, David A Molnar <[EMAIL PROTECTED]>
wrote:
>
>jerome <[EMAIL PROTECTED]> wrote:
>
>> By the way these newsgroup is a very efficient way to avoid
>> traffic analysis, the sender is identifiable but not the
>> receiver (because of the number of readers).
>
>Assuming you can guarantee that an adversary who inspects what you're
>sending can't figure out the receiver, of course. :-)
That's not traffic analysis.
-
John Kennedy
The Wild Shall Wild Remain!
http://members.xoom.com/rational1/wild/
------------------------------
From: [EMAIL PROTECTED] (jerome)
Subject: Re: Bruce Schneier's Crypto Comments on Slashdot
Reply-To: [EMAIL PROTECTED]
Date: Mon, 01 Nov 1999 22:38:25 GMT
no, the error is from me.
On Sat, 30 Oct 1999 22:32:48 +0100, David Crick wrote:
>
>Apologies, I pulled out bits on symmetric ciphers only as this is
>still an issue with them. Bruce does say that the exception is
>public key algorithms with RSA, although this is no longer an issue
>as the DH patent has expired. He also talks about protocols as a
>seperate issue. Please see the full interview.
------------------------------
From: "james d. hunter" <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Mon, 01 Nov 1999 17:52:06 -0500
Reply-To: [EMAIL PROTECTED]
Russell Harper wrote:
>
> One of my pet projects is to make a true random number generator: a set of n
> coins, one side dark the other side light, each coin put in a separate tube
> on a pivot. A blast of air underneath lifts and spins the coins, when they
> come down, a sensor determines which side is up and sends the integer k as a
> binary number 0 <= k < 2^n. A cheapo model would require the operator to
> shake the apparatus, and set it down whereupon it sends the number. I'm also
> considering a decimal random number generator using 10-sided dies along
> similar lines. I figure both could give about one random number per second -
> and could be used where regular coin flipping or die throwing is currently
> done (e.g. seeds for random number generators, one time pads for short
> sequences, hard-to-guess passwords, etc.).
Pretty strange method. The best random number generators come from
wideband feedback with distortion. See any Neil Young guitar solo.
------------------------------
From: "Tony T. Warnock" <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Mon, 01 Nov 1999 16:04:22 -0700
Reply-To: [EMAIL PROTECTED]
Russell Harper wrote:
> One of my pet projects is to make a true random number generator: a set of n
> coins, one side dark the other side light, each coin put in a separate tube
> on a pivot. A blast of air underneath lifts and spins the coins, when they
> come down, a sensor determines which side is up and sends the integer k as a
> binary number 0 <= k < 2^n. A cheapo model would require the operator to
> shake the apparatus, and set it down whereupon it sends the number. I'm also
> considering a decimal random number generator using 10-sided dies along
> similar lines. I figure both could give about one random number per second -
> and could be used where regular coin flipping or die throwing is currently
> done (e.g. seeds for random number generators, one time pads for short
> sequences, hard-to-guess passwords, etc.).
>
Take a look at the quincunx. Sometimes under the name Galton's quincunx. Skip
the astrology reference if doing a net search.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.compression
Subject: Re: Build your own one-on-one compressor
Date: Tue, 02 Nov 1999 00:11:17 +0100
Tim Tyler wrote:
>
> However, I am happy to try to look at things using your terms. If your
> algorithm looks up "side2" entries in your dictionary and replaces them by
> the equivalent "side1" entry (when decompressing - and does the reverse
> when compressing), then your dictionary *must* have each entry
> twice, with the second lot of entries reversed (as follows):
>
> Side1 Side 2
> ABCD <-- HG
> HTHN <-- UK
> XYZ <-- PQ
>
> HG <-- ABCD
> UK <-- HTHN
> PQ <-- XYZ
>
> If you fail to do this your system is unlikely to work.
Why on earth MUST a dictionary be of this form (every entry on
one side is also present on the other)? Have you ever seen an
English-French dictionary like that? Note that you have yourself
given an example where on the left side (my side1) are English
alphabets and on the right side (my side2) you exclusively use
/, [, etc. Why MUST your dictionary not ALSO be of this nature?
Quite evidently, there are currently much misunderstanding between
us. For example, I took the verbatim copying rule out of a follow-up
from Scott where he commented on my example. But this you told me is
non-existent in your scheme. Now, to be able to properly do further
arguments and not waste unnecessary time and effort because of
differences in definitions etc., I like to propose that some
fundamental stuffs be thoroughly cleared up. Let me ask you therefore
a few questions (allow me for simplicity to continue to use side1 to
denote the uncompressed side and side2 to denote the compressed side):
(1) Must the symbol sets that appear on both sides of a dictionary
be identical? (I presume not. See your own example.)
(2) If the answer to (1) is no, what does one do in case (when
translating a string from side2 to side1) one encounters
(unexpectedly) a symbol that only appears on side1 of the
dictionary? (Should one do a verbatim copying, issue an error
message to the user, or what?)
(3) MUST a dictionary have the form above or not? Besides the
two criteria that you gave in an earlier post, namely
No string in the tables should contain another such string
as a substring.
No leading symbols in any string should exactly match the
trailing symbols in a different string.
what else exactly must a dictionary also satisfy?
Thank you in advance.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Crossposted-To: comp.compression
Subject: Re: Build your own one-on-one compressor
Date: Tue, 02 Nov 1999 00:11:33 +0100
SCOTT19U.ZIP_GUY wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> >Oh! I thought your conditions are to be applied seperately to each
> >side and not to the two sides put together. Then use simply totally
> >disjoint characters on each side and with appropriate modification
> >of the string on side2 and you are guaranteed to have the same type
> >of problem:
> >
> > Side1 Side2
> > ABCD PQR
> > EF S
> > GHIJ T
> > XYZ UV
> >
> >Now XYZABCDABCD --> UVPQRPQR. A modification gives:
> >UVEFGHIJ --> XYZEFGHIJ --> UVST
> UVEFGHIJ -> XYZST->UVEFGHIJ
> no problem but at leatst you got the strings right.
I 'repeatedly' said that the problem occurs ONLY when the analyst the
very FIRST time attempts to decompress his stuff, say, S1 (obtained
from decryption with a guessed key) to T1 and then compress T1
back to S2 and finds that S2 is not equal to S1. After that, if he
repeats the same process with S2, then that phenomenon ceases to
occur. (If the phenomenon should repeat, that would heve meant
that the compression algorithm itself were in error!!) However, the
fact that S2 unequal to S1 is exactly what you call non-one-to-oneness
and what you always claim to be leaking some useful information to the
analyst. In fact, that's the argument that you constantly used to
advertise your modified Huffman. So now please kindly tell me clearly
whether the above fact that S1 being not equal to S2 leaks information
to the analyst or not. If there is no leak, then the foundation upon
which you have hitherto advertised your modified Huffman vanishes!!
By the way, in the above I have applied a verbatim copying when
no dictionary entry can be found (you told me in a previous post
essentially that, didn't you?). But in a recent post of Tim Tyler,
he said that there is no such thing in his system. Currently in a
response to him I am trying to thoroughly clear up any potential
points of misunderstanding and have explicitly asked him concerning
the issue of what to do in case of non-existence of a proper
dictionary entry.
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
