Cryptography-Digest Digest #548, Volume #10 Thu, 11 Nov 99 19:13:02 EST
Contents:
Re: Password Policy (Johnny Bravo)
Re: Build your own one-on-one compressor (Mike McCarty)
Re: Proposal: Inexpensive Method of "True Random Data" Generation ("james d. hunter")
call for identification of some crypto devices ("Chr. Schulzki-Haddouti")
Re: Signals From Intelligent Space Aliens? Forget About It. (Anthony Stephen Szopa)
Re: Proposal: Inexpensive Method of "True Random Data" Generation (Coen Visser)
Re: S/MIME plug-in for Eudora? Strong Encryption (Andrew Starr)
Re: Build your own one-on-one compressor (Don Taylor)
Re: CRYPTNOTES 3.02 CRACKED ! (JPeschel)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: Password Policy
Date: Thu, 11 Nov 1999 15:28:36 GMT
On Thu, 11 Nov 1999 04:40:35 -1000, Boaz Lopez <[EMAIL PROTECTED]>
wrote:
>I have 8 passwords to remember. So a Password Policy
>was created to prepare for the day when I forget
>my password.
>
>Policy Draft
>
>1 Use one passphrase as a master key to decrypt a list
>of all other passwords.
>
>2 Keep the encrypted list of passwords on a public website
>so it can be accessed from anywhere in the world.
>
>3 On the website, put a hint page to remind one about
>the master passphrase.
>
>It is easier to remember one master passphrase than 8 passwords.
This is the basis of Password Safe, though it would be very easy to
just write your own program to encrypt the password list in a very
short time (depending on your coding skills) using RC4.
Best Wishes,
Johnny Bravo
------------------------------
From: [EMAIL PROTECTED] (Mike McCarty)
Crossposted-To: comp.compression
Subject: Re: Build your own one-on-one compressor
Date: 11 Nov 1999 20:41:23 GMT
Basic English (as proposed in the early 60s) has an 800 word vocabulary.
It is not a pidgin.
In article <[EMAIL PROTECTED]>,
Trevor Jackson, III <[EMAIL PROTECTED]> wrote:
)Mok-Kong Shen wrote:
)
)> I know, though not exactly, that there is a pidgin English
)> consisting of some 500(?) words that are assumed to be a 'minimal'
)> vocabulary for communicating in the language. You might be
)> interested in that.
)
)I've heard the number 800 used as the minimal vocabulary required. I.e., with
)the selected vocabulary one can live a normal life.
)
--
----
char *p="char *p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
I don't speak for Alcatel <- They make me say that.
------------------------------
From: "james d. hunter" <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Thu, 11 Nov 1999 15:39:57 -0500
Reply-To: [EMAIL PROTECTED]
Richard Herring wrote:
>
> In article <[EMAIL PROTECTED]>, Douglas A. Gwyn ([EMAIL PROTECTED]) wrote:
> > "james d. hunter" wrote:
> > > That's one criterion that's used for a pseudo-random sequence.
> > > "Scientists" call them pseudo-random sequences for the same
> > > reason that they call some forces, "pseudo" forces. They are
> > > just basically clueless, clueless, clueless about the universe.
> > and
> > > But, the statistical tests for randomness are subject to the
> > > whims of the statistitians.
>
> > He's wrong on both counts.
>
> He's some sort of engineer with a scientist complex.
No reason to get insulting. If I had "scientist" complex
I won't know anything probabilty theory. But since I'm
an engineer, I do something about probabilty and statistics.
------------------------------
From: "Chr. Schulzki-Haddouti" <[EMAIL PROTECTED]>
Subject: call for identification of some crypto devices
Date: Thu, 11 Nov 1999 21:44:15 +0100
Reply-To: [EMAIL PROTECTED]
I am looking for help to identify following three crypto devices, which
were presumably used by NATO and Eastern Countries. You can have a look
here:
http://members.aol.com/infowelt/kdevice.htm
At the moment I am preparing an article for the German computer magazine
c't (www.heise.de/ct/) on hardware crypto in the 20th century. If you
know how they were called, who used them, how they were used or at which
time they were used, please contact me. I will publish the results at
the same URL.
thank you,
Christiane Schulzki-Haddouti
------------------------------
From: Anthony Stephen Szopa <[EMAIL PROTECTED]>
Subject: Re: Signals From Intelligent Space Aliens? Forget About It.
Date: Thu, 11 Nov 1999 12:55:58 -0800
Reply-To: [EMAIL PROTECTED]
"SCOTT19U.ZIP_GUY" wrote:
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
> >"Douglas A. Gwyn" wrote:
> >
> >> "SCOTT19U.ZIP_GUY" wrote:
> >> > While don't just tease us what distance did you come up with?
> >>
> >> I don't have my notes with me right now and don't want to
> >> spend time recomputing it. I'll try to look it up at home
> >> and post a follow-up with the info.
> >
> >Actually, I believe the professor said a slightly higher percentage of
> >the speed of light but I cannot remember exactly what it was but I do
> >remember it was in excess of 90%.
> >
> >But my comment about surviving the voyage was referring to the
> >expansion of mass as one increasingly achieves speeds closer and
> >closer to that of light.
> >
> >This mass expansion seemed to me to be dangerous and I believe I
> >communicated this concern to the professor. I believe he understood
> >what I was concerned about and I believe his reply was meant to
> >answer my question with regard to my concern.
> >
>
> The mass that you think would be dangerous is not.
> If you where in a rocket without windows feeling an accleration of 1.1 G's you
> would never even be able to tell if your going 1% the speed of light or 99.99%
> the speed of light. Your concerns of the problem are false.
>
> David A. Scott
> --
>
> SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
> http://www.jim.com/jamesd/Kong/scott19u.zip
>
> Scott famous encryption website NOT FOR WIMPS
> http://members.xoom.com/ecil/index.htm
>
> Scott rejected paper for the ACM
> http://members.xoom.com/ecil/dspaper.htm
>
> Scott famous Compression Page WIMPS allowed
> http://members.xoom.com/ecil/compress.htm
>
> **NOTE EMAIL address is for SPAMERS***
If you did not know it, as mass approaches the speed of light,
the mass increases.
When they accelerate electrons at a high energy particle physics
lab, the mass of the electrons increase 10,000 times as they are
accelerated near to the speed of light.
Similarly, this effect might take a few inches off your height,
me thinks. You might end up a flat mass of mush.
We are not talking about relativistic clocks and measurements here.
We are talking about mass of the human body and its radical
crease. I think my concern for the safety of a human under these
conditions is reasonable.
Of course if you know of a logical reason that supports your
assertion that this MASS increase will not be of concern, like your
analogy asserts, let us know.
You have confused relativistic time perceptions with this very real
effect on mass as it approaches the speed of light.
------------------------------
From: Coen Visser <[EMAIL PROTECTED]>
Crossposted-To: sci.math,sci.misc,sci.physics
Subject: Re: Proposal: Inexpensive Method of "True Random Data" Generation
Date: Thu, 11 Nov 1999 21:17:59 +0000
Mike McCarty wrote:
> No individual string can be random. A string is or is not compressible,
It is a definition: call a string random when it is incompressible.
I am talking about (all) finite strings, using a fixed Universal Turing
Machine, compressibility defined + O(1).
> and is compressible to some degree or less, is not an absolute
> statement. It depends on the universe of strings from which it is
> drawn. If a process generates one of two strings, each of which is 10
> billion elements long, but only one of those two, then each of those 10
> billion element strings is compressible to a single bit. OTOH, if the
> universe of output is all possible strings of 10 billion elements, and
> if individual elements occur equiprobably, then not any of the strings
> is compressible.
You are talking about Shannon's information theory, I am talking about
Kolmogorov Complexity. Both are solid theories with their own strengths,
weaknesses and applications.
> You seem to be trying to decompose a single event, i.e. the generation
> of a string, into multiple events, i.e. the generation of each string
> element (or equivalently, generation of strings of length one element
> each), and then use the randomness or non-randomness of the latter
> events considered as a stochastic process as a means for determining
> the randomness of the single event of generation of the entire string.
Ah, that was not what I meant. I was trying to make a point (badly)
about the inevitable occurence of regular patterns in random strings.
Regards,
Coen Visser
------------------------------
From: Andrew Starr <[EMAIL PROTECTED]>
Crossposted-To:
comp.security.misc,comp.security.pgp.tech,alt.security.pgp,comp.mail.eudora.ms-windows
Subject: Re: S/MIME plug-in for Eudora? Strong Encryption
Date: Thu, 11 Nov 1999 14:45:54 -0600
[[ This message was both posted and mailed: see
the "To," "Cc," and "Newsgroups" headers for details. ]]
In article <[EMAIL PROTECTED]>, SkinD
<[EMAIL PROTECTED]> wrote:
> X-no-archive: yes
>
> This message was headed
> WorldSecure Client Ver3.0 - To REGISTERED users, Help
> but I got no reply. Perhaps unsurprising really but here's one final
> try.
> --------
>
> This is a bit of a shot in the dark but here goes.
> I have an un-registered evaluation copy of WorldSecure Client so that
> I can send signed or encrypted email from Eudora Pro. I use it for
> non-commercial purposes. I know that MS Outlook or Netscape
> Communicator will enable me to send S/MIME email free or charge but I
> do not want to change my email program.
> I have telephoned WorldTalk to purchase WorldSecure Client so that I
> can enter a Registration Name and Registration Number to enable me to
> use the program beyond the 30 day limit. I telephoned the number
> listed on the registration page within the program (800) 454 4674, But
> they WILL NOT sell it to me. They used to sell it but they are now
> only interested in selling multiple-site licences for a minimum of 20
> users. The helpful person at their sales dept said he'd like to sell
> it but his employers are no longer even interested in individual
> users.
> This leaves me with an email program I will not change and an S/MIME
> plug-in which works great but I cannot buy the plug-in.
> This is frankly ridiculous.
> Is there any registered user out there who would be prepared to email
> me a valid Reg Name and Reg Number? I know this breaks the 'rules'
> but if I could pay WorldTalk I would gladly do so. They don't want to
> know.
> I ask this as someone having used the internet for 4 years and having
> frequently registered and paid for shareware. I have always been more
> than happy to play by the rules but this time I am stumped. I have
> tried to be honest!
>
> PS: I know about the S/MIME Everywhere initiative under which I can
> get a 'crippled' copy of the program free or charge but I don't want
> to be stuck with a 'crippled' version.
What about Entrust or MailSecure? See
http://www.emailman.com/security/smime.html
--
Andrew Starr is eMailman(sm): http://www.emailman.com
NewsReaders.com: http://www.newsreaders.com
[unofficial] Eudora site: http://www.emailman.com/eudora
------------------------------
From: Don Taylor <[EMAIL PROTECTED]>
Subject: Re: Build your own one-on-one compressor
Crossposted-To: comp.compression
Date: 11 Nov 1999 15:36:25 -0600
A proposal follows:
In comp.compression Tim Tyler <[EMAIL PROTECTED]> wrote:
> In sci.crypt Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> : Tim Tyler wrote:
> :> In sci.crypt Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> :> : As I said previously, for such numerical coding the compression is
> :> : already so good that one need not (at least in the first
> :> : experimental phase) consider the aspect of word freqeucies.
> :>
> :> I doubt this. I expect non-dictionary words will typically bulk up the
> :> messages by a larger factor than they are compressed by, for (say) email
> :> messages.
> :>
> :> It may be possible to develop a scheme that (roughly) breaks even on the
> :> compression stakes - but I doubt good compression ratios will ever be
> :> obtained - except on obscure or contrived types of text.
> : Just try to roughly compute the compression ratio of your paragraph
> : above (noting that each word is translated to 16 bits) and
> : you'll see that you get something that is probably better than
> : what you expect from a normal compression of ASCII text.
> If you design your dectionary for my message I don't doubt you can perform
> excellent compression.
> Will the 65536 words in your dictionary contain all the words I used?
...
> It's not a walk-over, though. Unless you choose your dictionary carefully,
> more bulking-up than slimming down will occur - as all rogue non-disctionary
> symbols get expanded up from one to two bytes.
...
> The scheme under discussion fails this - if X is an odd number of bytes long.
I will make use of a suggestion by Mr. Scott, using case of letters here.
A specific precise tangible testable proposal:
There is a fixed shared dictionary to be used for this compression.
The dictionary consists of item pairs, lower case word and code number.
lower case word found in dictionary <---> corresponding word code
There are 2^15 plus approximately 2^13 pairs in this dictionary. These
are code numbered in two different ranges, in binary 1bbb bbbb,bbbb bbbb
and approximately 010b bbbb,bbbb bbbb.
To explain this, these codes are pairs of bytes. The first range
consists of byte pairs with the top bit, of the first byte, set. This
gives 2^15 possible codes. The second range consists of byte pairs
where the first byte has a value that would normally be a lower case
ascii character and the second byte of this pair may be any value.
This gives a little less than 2^13 possible codes.
Every word in a message that is to be found in the dictionary shall be
followed by a space. Thus
'hello there '
translates into
hello-code there-code
which will be two adjacent two-byte codes in the compressed file.
Another way to say this could be that ALL words in the dictionary have
a trailing space, thus to find a match for your word you would have to
find that trailing space in your uncompressed text.
Note: This thus mandates A solution to the prefix/suffix/infix debate.
There is an additional pairing outside of this dictionary process.
NON-lower case char in 0...2^7-1 range <---> that char
And, as a concession to those concerned with odd byte length files.
first byte of a word code followed by EOF <---> that byte followed by EOF
Now I claim, hoping that I have not made a mistake here, that this is
one-to-one. And having that annoying mathematical habit, I am making
a distinction between a 1-1 function and an onto function and a total
function, etc. I claim the function is one-to-one *over its domain*.
Thus I should say some things about that domain.
For the uncompressed side:
The individual who is dealing with the uncompressed side is constrained
to look up words in the dictionary. Words that are in the dictionary are
lower case. Any lower case letters in a potential message that are not
to be found as a word in the dictionary must be translated into upper
case or this system simply does not apply. Every word that is to be
found in the dictionary is to be followed by a space. That trailing
space is part of the matching process. Additional/other punctuation,
etc are left as is.
Thus the constraint is that the case of letters is mandated for this
process. If the user doesn't wish to do this then find another method.
If the input doesn't match these picky rules then no claims are made.
So the input on the uncompressed side consists of "words" that are
found in the dictionary, non-word characters, and a final special case.
On the uncompressed side the user is ALLOWED to include a final single
SPECIAL character in a message, IF they so choose. That character will
be in the range 2^7...2^8-1 but if they include such a character it will
be the last character in the file.
These make up the restrictions that apply to messages presented to be
compressed.
For the compressed side:
The individual who is dealing with the compressed side is free to submit
any sequence of bytes of any values.
It seems reasonable to place fewer constraints on him, for he is
supposedly unaware of the compression process and is probing the
behavior of the system by submitting a variety of test messages and
observing whether they are returned as identical messages after
uncompressing and recompressing.
If he submits a two byte word code it will uncompress to the word
followed by a space and when compressed will return the same two byte
word code.
If he submits a one byte letter code it will uncompress to the same
letter and will then recompress to the same one byte letter code.
If he submits the first half of a two byte word code as the last byte
of a file then this will uncompress to that same byte and will then
recompress to that same byte. This is the only case where a two byte
word code can be "broken" and a following byte will not be available
to represent some entry in the dictionary. And thus I added this
patch to cover this case.
Claims: if the above constraints are accepted.
The system is one-to-one.
No file expands when compressed.
If the folklore for american english is correct and "the average
word length is 5 characters", not counting the trailing space, then
the trailing space makes the average "word length" 6 characters and
these words will compress to two bytes, assuming that we can live
with a dictionary of about 40,000 words. And those words that are
not found in the dictionary do not grow in length, they are
"compressed" with characters that make up the word and are the same size.
Even and odd byte length files are supported.
End of claims.
I would be happy to have any errors pointed out in this.
don
The following paragraph is OUTSIDE the current discussion.
If you want a similar 3x compression for shorter words too, and
you are willing to accept a somewhat smaller vocabulary, and you
want even greater compression for words that repeat several times
within the document and you are willing to incorporate some
adaptive behavior in the compressor... then I have this marvelous
modification of this scheme which, the margin of this screen is
too small in which to fit the description. But I would have to
again think about that very carefully for a while to make certain
that I had not broken the one-to-one condition placed on this.
-----------== Posted via Newsfeeds.Com, Uncensored Usenet News ==----------
http://www.newsfeeds.com The Largest Usenet Servers in the World!
======== Over 73,000 Newsgroups = Including Dedicated Binaries Servers =======
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Subject: Re: CRYPTNOTES 3.02 CRACKED !
Date: 11 Nov 1999 22:16:49 GMT
"Alexander PUKALL" [EMAIL PROTECTED] writes:
>Cryptnotes encrypts and decrypts messages without the need for cumbersome
>cut and paste. The initial password is "sample" without the quotes. File
>size is small at 120 kb installed which makes it ideal for sending to
>friends. Messages can be anywhere on your drives even floppies which means
>it can even be an email attachment sent to you. Just click it to open and
>enter the correct password to decrypt.
>
>
>The soft can be found here :
>
>http://members.xoom.com/jet4home/
>
>It's NOT encryption !!!
>
>The password only prevent to execute the soft without the right password,
>the encryption is substitution with UNIQUE alphabet ( CESAR cipher )
>
>for example with password : 'pass'
>The text : AAAAAAAAAA HELLO
>gives : EEEEEEEEEE$LIPPS
>
>And with the password : 'snake-oil'
>The text : AAAAAAAAAA HELLO
>gives : EEEEEEEEEE$LIPPS
Haven't looked at the software, but, yup, this one looks cracked to me.
J
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
