Cryptography-Digest Digest #580, Volume #10 Wed, 17 Nov 99 12:13:02 EST
Contents:
Re: AES cyphers leak information like sieves ([EMAIL PROTECTED])
Re: S/MIME plug-in for Eudora? Strong Encryption (Michael =?iso-8859-1?Q?Str=F6der?=)
Re: SAFER for the 6811? (Matthias Bruestle)
Re: The DVD Hack: What Next? ([EMAIL PROTECTED])
Re: AES cyphers leak information like sieves (Volker Hetzer)
RSA Cryptography Today FAQ (1/1) ([EMAIL PROTECTED])
Bruce Schneier's paper on slow memory devices... (Volker Hetzer)
Re: AES cyphers leak information like sieves (Tom St Denis)
Re: AES cyphers leak information like sieves ("Trevor Jackson, III")
Help on security requirements for PKI ([EMAIL PROTECTED])
Re: AES cyphers leak information like sieves (SCOTT19U.ZIP_GUY)
Re: AES cyphers leak information like sieves ("Gary")
Re: AES cyphers leak information like sieves (Bob Silverman)
Re: New Scottish Crypto System (SCOTT19U.ZIP_GUY)
Re:SCOTT16U SOLUTION ON THE WEB (SCOTT19U.ZIP_GUY)
Re: PALM PILOT PGP found here (Keith A Monahan)
Re: AES cyphers leak information like sieves (SCOTT19U.ZIP_GUY)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED]
Subject: Re: AES cyphers leak information like sieves
Date: 17 Nov 1999 07:05:08 GMT
Reply-To: [EMAIL PROTECTED]
>In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> After reading the recent contributions to the "SCOTT16U SOLUTION ON THE
> WEB" thread in this forum, I was disturbed to find that a number of
> Snip....
Seems that the only thing needing protection is the location X not the whole
map. The two angles (in nanoradians) could be packed into 64 bits giving
the X location to better than an inch. Even DES would be good enough
'cause about 2^52 of 2^56 keys would result in a place you COULD dig.
-will- :@)
CAUTION: Do not look into laser beam with remaining eye....
------------------------------
From: Michael =?iso-8859-1?Q?Str=F6der?= <[EMAIL PROTECTED]>
Crossposted-To:
comp.security.misc,comp.security.pgp.tech,alt.security.pgp,comp.mail.eudora.ms-windows
Subject: Re: S/MIME plug-in for Eudora? Strong Encryption
Date: Wed, 17 Nov 1999 09:18:56 +0100
Lincoln Yeoh wrote:
>
> But the morons still have to get the certs, and the certs still expire.
> To
> morons that would still be difficult to understand. Remember keyword is
> morons.
If you're not educating your users you have no chance deploying
encrypted/signed e-mails. No matter what crypto protocol you're using.
Period.
> True. But can S/MIME do it _now_?
Yes.
> If I want to sign/encrypt a file or ANY bit of text, I can do it easily
> with PGP. I can use PGP with Yahoomail or any webmail.
E.g. the freemail service of web.de uses S/MIME.
> PGP stuff is more mature with clearer thinking behind it. S/MIME wasn't
> up to it, and it probably still isn't.
This is your personal opinion. And I guess you never worked with S/MIME
up to now.
> Go try explaining to your GM why his
> S/MIME signatures are sometimes good and sometimes bad.
Netscape Communicator tells him because I setup my PKI before. My users
are educated enough to push the button and read the text. If they have a
problem they will ask and learn something more.
> In the commandline days/world, PGP was designed to work flexibly with
> commandline stuff.
So what? http://www.openssl.org/ contains basic S/MIME command-line
tools.
> In the GUI world, PGP was designed to work flexibly with
> GUI stuff. Whereas 90% of the S/MIME stuff out there just attempts to
> work with email.
Flexibility means being too complicated.
> Also if I want to write an email PGP app, it's not too difficult. And I
> don't even have to spend any money, fill out forms, or write my own
> S/MIME app from scratch to do it. I can just get on with it.
There are libs available. You just have to look out for them.
> S/MIME is like the appendix. It's got a large installed base, but most
> people don't actually use it.
Well, I am actually changing this. Like others do. And there are a lot
of people who are really interested in switching on S/MIME in their
existent software. You will see.
Ciao, Michael.
------------------------------
From: [EMAIL PROTECTED] (Matthias Bruestle)
Subject: Re: SAFER for the 6811?
Date: Mon, 15 Nov 1999 23:21:28 GMT
Mahlzeit
[EMAIL PROTECTED] wrote:
> Since I am a strong believer in code reuse, plus I'm also a little lazy,
> I'd be interested in knowing if someone has already implemented it for
> the 6811 (or a processor that has a similar instruction set).
I don't know, if it helps you, but I have implemented SAFER in
assembler for the PDP-11.
Mahlzeit
endergone Zwiebeltuete
--
PGP: SIG:C379A331 ENC:F47FA83D I LOVE MY PDP-11/34A, M70 and MicroVAXII!
--
The Elder Gods and me have an agreement: I don't annoy them, and they do
whatever the hell they want.
-- Stuart Woolford
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: The DVD Hack: What Next?
Date: Wed, 17 Nov 1999 09:03:05 GMT
Mark,
Here is a copy of a posting a I made to a couple of USENET groups that
you might not have read. It is the solution to the problem you have
observed.
ORIGINAL SUBJECT: DeCSS DVD Ripping and OnStream Tape
If you've been reading much of the press coverage over DeCss and the DVD
ripping that is going on, you'll notice at least one thread of sameness.
That is that DVD ripping is no threat to Hollywood because it simply is
not practical due to the sheer size of DVDs and the difficulty/loss of
quality in converting it to VCD.
Well, I must be the only person in the world who has stumbled upon the
solution. OnStream's line of high performance, drive letter access tape
drives are the last bit of enabling technology that we have all been
waiting for. I typically can store anywhere from 4 to 6, full quality,
bit for bit unprotected copies of DVD's on one OnStream tape. No more
flipping disk, no more shuffling through menus, no more region codes,
just hit play on my Software DVD player and away it goes!
It doesn't make any difference if you use a SCSI or an IDE OnStream
drive, video playback is perfect, even when using a software only player
like PowerDVD. The rule of thumb is that if you can play the video from
your hard disk, you won't see a difference when watching it off the
OnStream tape drive.
The drives themselves have a sticker shock of $299, probably the same as
many of the early DVD buyers paid for the DVD-ROMS! With the OnStream
drive, you don't need no DVD-RAM. When you rent a DVD at BlockBusters,
a 30 minute rip with DeCSS directly to tape and you have the CHOICE of
keeping it for a later viewing!
I know I'm ranting a bit, but I have been reading too many articles that
leave out this last ingredient to the DVD ripping scene. I hope you all
find this info to be of some value.
In article <80s21s$50a$[EMAIL PROTECTED]>,
"Mark Keiper" <[EMAIL PROTECTED]> wrote:
> Ken Lee <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > They said the instructions of coping DVD was posted on the Internet,
> anyone
> > knows what the url is?
> >
>
> I had just finished reading about it when I came across the DVD ripper
in
> (of all places!) www.download.com
>
> Was looking for a totally unrelated PD application when this sprouted
up (I
> apparently was the first to DL it according to download.com stats).
>
> file name: decss121b.zip
>
> One thing though- the ripping process requires buttloads of disk space
(5 to
> 10 gigs) for average sized movies according to the article I read.
>
> Mark Keiper
> [EMAIL PROTECTED]
>
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Re: AES cyphers leak information like sieves
Date: Wed, 17 Nov 1999 11:04:36 +0100
Tim Tyler wrote:
>
> After reading the recent contributions to the "SCOTT16U SOLUTION ON THE
> WEB" thread in this forum, I was disturbed to find that a number of
> sci.crypt subscribers were /still/ towing the party line that the AES
> block cyphers might have some security value - *despite* the efforts of
> David Scott to explain exactly why they should be considered insecure.
>
> The problem is simple: the AES cyphers are fixed 128-bit block cyphers.
> The encode identical blocks in the same way. For certain types of
> message, this is a complete security disaster.
Congratulations! You just found out why people use chaining modes. You're
the first one this week.
Seriously, if you want disguide patterns forward, use CBC.
If you want to disguise patterns forward and backward, use CBC twice (in
both directions).
Greetings!
Volker
--
Hi! I'm a signature virus! Copy me into your signature file to help me spread!
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To:
talk.politics.crypto,alt.security.ripem,sci.answers,talk.answers,alt.answers,news.answers
Subject: RSA Cryptography Today FAQ (1/1)
Date: 17 Nov 1999 11:48:27 GMT
Reply-To: [EMAIL PROTECTED]
Archive-name: cryptography-faq/rsa/part1
Last-modified: 1997/05/21
An old version of the RSA Labs' publication "Answers to Frequently Asked
Questions about Today's Cryptography" used to be posted here until May
1997. These postings were not sponsored or updated by RSA Labs, and
for some time we were unable to stop them. While we hope the information
in our FAQ is useful, the version that was being posted here was quite
outdated. The latest version of the FAQ is more complete and up-to-date.
Unfortunately, our FAQ is no longer available in ASCII due to its
mathematical content. Please visit our website at
http://www.rsa.com/rsalabs/ to view the new version of the FAQ with your
browser or download it in the Adobe Acrobat (.pdf) format.
RSA Labs FAQ Editor
[EMAIL PROTECTED]
------------------------------
From: Volker Hetzer <[EMAIL PROTECTED]>
Subject: Bruce Schneier's paper on slow memory devices...
Date: Wed, 17 Nov 1999 11:33:33 +0100
Hi!
Perhaps I missed the thread, but I think I found a problem in there.
At page 3 last paragrabh of section 3.1 Bruce writes that it takes
100 INEFFECTUAL transactions to enable the reader to fake authentications.
I think this is wrong.
A terminal gets requests for adresses. Now, it can ask the token for
n values. Say, x token are already known by the reader. Then it has to
ask for n-x values. Since the customer expects n requests, the reader can
compose the value request of x values (to prepare an attack) and n-x values
requested by the trusted device. After that the reader has learned n new values.
It therefore takes 100 SUCCESSFUL transactions for an untrusted reader to
learn enough about the token to attack.
Greetings!
Volker
--
Hi! I'm a signature virus! Copy me into your signature file to help me spread!
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: AES cyphers leak information like sieves
Date: Wed, 17 Nov 1999 13:11:15 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (John Savard) wrote:
> Tim Tyler <[EMAIL PROTECTED]> wrote, in part:
>
> >That block cyphers allow recovery from errors in single blocks is a
> >*pathetic* excuse for leaking this type of information to analysts
on such
> >a dramatic scale.
>
> ECB mode is *not* recommended for normal encryption use, and only ECB
> mode has the specific problem you outline. (Note, of course, that if
> the map had any background coloring on the island that varied, the
> problem wouldn't arise.)
>
> The commonest mode, used in PGP, is CBC, Cipher Block Chaining.
I thought PGP used IDEA [originally] in CFB mode?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Wed, 17 Nov 1999 09:18:39 -0500
From: "Trevor Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: AES cyphers leak information like sieves
David,
You were not paying attention. Read his message carefully. He was not talking about
the strength of
the various chaining modes. He was talking about higher level issues such as the
ability to keep up
with a data source that is shoving data at you so fast you can barely keep up with it.
In that case
security may in fact be weakened by the need for throughput.
Strength of security is only one issue. Other issues are sometimes more important.
Here's an example
in which security is useful, but the strength has exactly zero importance: Answers to
puzzles.
Is it your position that ROT-13 needs WPCBC? Be honest. You aren't *that* dense.
SCOTT19U.ZIP_GUY wrote:
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>(Jerry Coffin) wrote:
> >In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
> >
> >[ ... ]
> >
> >> I still hold the opinion that performing the main component of the
> >> encryption while the data is divided into non-interacting relatively
> >> small chunks is not a good foundation on which to design a sensible
> >> cypher-machine, though.
> >
> >You're ignoring reality: there are multiple chaining modes for a
> >reason: in some situations, ECB is perfectly acceptable, and it allows
> >(for example) using multiple encryptors in parallel, each encrypting
> >independent of the others to produce higher throughput. In other
> >situations, CBC works well: on one hand, it makes later blocks
> >dependent on earlier blocks (and on the IV) but at the same time, it
> >allows recovery from bursts of noise that affect single blocks, making
> >only a small part of the message unreadable. No one chaining mode is
> >best for all situations. This is why intelligent people keep the
> >chaining separate from the encryption algorithm: you need to match
> >EACH to your intended purpose, and picking a particular algorithm
> >doesn't imply that one particular chaining mode is right for your
> >situation.
> >
> You sir are ignoring reality. If you do the test I showed you.
> You will see that all you pet modes are an illusion. They do
> not spread the information though the file. But either you
> don't understand or are to lazy to test. Think why are they
> are this way. Could it be of use to the NSA. Look even
> PGP use a weak chaing mode with compression. Most
> people don't have the software to recover the real file
> if a change occurred in the middle of the compressed encrypted
> text. So what fuckin good does this error recovery do anyone
> who depends on PGP. It does them no fucking good it can
> only be of use to a dedicated attacker.
>
> That is also way intelligent people should have the option
> of using something like "wrapped PCBC" when they want
> a far higher degree of security than the NSA 3 letter blessed
> mods that you foolish think is safe.
>
> David A. Scott
> --
>
> SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
> http://www.jim.com/jamesd/Kong/scott19u.zip
>
> Scott famous encryption website NOT FOR WIMPS
> http://members.xoom.com/ecil/index.htm
>
> Scott rejected paper for the ACM
> http://members.xoom.com/ecil/dspaper.htm
>
> Scott famous Compression Page WIMPS allowed
> http://members.xoom.com/ecil/compress.htm
>
> **NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED]
Subject: Help on security requirements for PKI
Date: Wed, 17 Nov 1999 14:12:39 GMT
Dear all,
I need some info/links to sources that will provide me with material on
the security requirements for CA's and RA's within a PKI.
All help is tremendously appriciated.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: AES cyphers leak information like sieves
Date: Wed, 17 Nov 1999 15:11:03 GMT
In article <[EMAIL PROTECTED]>, Volker Hetzer
<[EMAIL PROTECTED]> wrote:
>Tim Tyler wrote:
>>
>> After reading the recent contributions to the "SCOTT16U SOLUTION ON THE
>> WEB" thread in this forum, I was disturbed to find that a number of
>> sci.crypt subscribers were /still/ towing the party line that the AES
>> block cyphers might have some security value - *despite* the efforts of
>> David Scott to explain exactly why they should be considered insecure.
>>
>> The problem is simple: the AES cyphers are fixed 128-bit block cyphers.
>> The encode identical blocks in the same way. For certain types of
>> message, this is a complete security disaster.
>Congratulations! You just found out why people use chaining modes. You're
>the first one this week.
>Seriously, if you want disguide patterns forward, use CBC.
>If you want to disguise patterns forward and backward, use CBC twice (in
>both directions).
Actuall when I first got interest in Ciphers many years ago. I did try
double CBC and using CBC as two direction passes. But what I found
out was that when one does either of the 2 methods and you hex edit
the encrypted file only a few blocks of plain text are messed up. So
that the information is not really spread throught the file. That is when
I took a deeper look at all the 3 letter modes. The only mod with real
promise was PCBC which has weakness too as the kerpos( bad spelling)
found out. After much experimentaion I came up with several modes that
could be of use by eliminating the "error recovery" "self schronizing"
or "NSA backdoor" what ever you want to call it. The mode that I use
the most is built in to my code scott16u and scott19u but it could be used
with any encryption. Or it could be used as a whiting pass on the data
to be encrypted. That mode I call "wrapped PCBC"
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: "Gary" <[EMAIL PROTECTED]>
Subject: Re: AES cyphers leak information like sieves
Date: Wed, 17 Nov 1999 14:28:16 -0000
Internet packets don't necessarily use a guaranteed delivery protocol.
SCOTT19U.ZIP_GUY wrote in message <80sv3h$13co$[EMAIL PROTECTED]>...
>The system protocol of the internet should keep your messages intact.
>
>David A. Scott
------------------------------
From: Bob Silverman <[EMAIL PROTECTED]>
Subject: Re: AES cyphers leak information like sieves
Date: Wed, 17 Nov 1999 14:26:28 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> DJohn37050 <[EMAIL PROTECTED]> wrote:
>
> : The break is expected to occur at the square root of the block
size, due to
> : birthday paradox. For a 128-bit block, this is a LOT.
>
> sqrt(128) ~= 11 bits - less than 1.5 bytes.
There is a saying:
It is better to keep one's mouth closed and be thought a fool than to
open it and remove all doubt.
I suggest you go back to grade school and learn how to do arithmetic.
You obviously did not learn while you were there.
Birthday Attack on an 128 bit block length ~ sqrt(2^128) = 2^64.
Do us all a favor. Go study this subject before making further
pronouncements. You do not know what you are talking about.
<rest of nonsense deleted...>
Bob Silverman
"You can lead a horse's ass to knowledge, but you can't make him think"
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: New Scottish Crypto System
Date: Wed, 17 Nov 1999 15:34:26 GMT
In article <[EMAIL PROTECTED]>, albert <[EMAIL PROTECTED]> wrote:
>http://cryptome.org/flannery-cp.htm
>
>Has details.
>
>Albert
>
>Gordon Talge wrote:
This is the best article I have seen on the method. To bad the punch line
was that it is BROKEN.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re:SCOTT16U SOLUTION ON THE WEB
Date: Wed, 17 Nov 1999 15:50:03 GMT
In article <80sfn2$i9o$[EMAIL PROTECTED]>, Tom St Denis <[EMAIL PROTECTED]> wrote:
>In article <80rpvu$2dac$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
>>
>> Tom if your too stupid to understand that if a small fragment of a
>file
>> has enough info to allow an expert to have the information to test for
>> a whole break is not less secure than another method where an attacker
>> must have the whole file to even have enough info to attack the system
>> then why do you waste our time in this group. You don't even have
>enough
>> understading to comprehend simple things.
>
>First off from a naive brute force point of view WPCBC is conceptually
>just as easy as CBC.
No this is not ture. It prevents certain types of plain text attackes.
Also forcing the attacker to look at the whole file rather than allowing
the attacker to concentrate his attack on the portion of the file that he
wants. If this was not ture you might as well argure for 8 bit blocks
instead of 128 bits. The thing is longer block sizes offer more security
and using the whole file as a block is the best one can do.
>
>Second your primitive in wpcbc is still a block cipher. so if CBC is
>easy to break, wpcbc can only make the problem LINEARLY harder [see
>multiple encryptions for further details why].
What is your porblem Tom yes my "wrapped PCBC" is for block
ciphers. But you don't understand how to use it. And yes for certain
types of attack which may not be reasonable to carry out in the first
place it would add complications in a LINEAR fashion. That does not
mean that all attacks of various forms would add LINEARLTY so you
don't understand crypto.
>
>I agree that your wpcbc proposal is a good idea for short messages. It
>makes the entire message dependant. However you can't tell me that
>it's good on multi-meg files and the sort [or live audio]. I don't
>think that our current ciphers are in a state that any tractable
>cryptanalysis can determine the plaintext simply by looking at a few
>hundread blocks anyways.
While it is not meant for everything. You seem to be under the illusion
that if it is not good for every case then it is not good. Yet when I show
cases where the other is bad you but blinders on. Nothing is good for
everything so don't use the CBC or 3 letter crap for everything either.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (Keith A Monahan)
Crossposted-To: comp.sys.palmtops.pilot
Subject: Re: PALM PILOT PGP found here
Date: 17 Nov 1999 14:52:01 GMT
Peter,
I haven't seen that yet, thanks for posting. I'll take a look at it.
Keith
Peter W ([EMAIL PROTECTED]) wrote:
: Has anyone tried Paul Gargan's PalmOS PGP?
: http://www.compapp.dcu.ie/Projects/1999/pgarga.ca4/funcspec.html
: It sounds very promising, but also appears to need a bit of work. Perhaps
: somebody outside the black hole of the US & Canada could take a look at the
: buggy and unimplemented parts?
: -Peter
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: AES cyphers leak information like sieves
Date: Wed, 17 Nov 1999 16:24:15 GMT
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(wtshaw) wrote:
>In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] wrote:
>
>> David Wagner <[EMAIL PROTECTED]> wrote:
>>
>> : You seem to be confused. You write about flaws if a block cipher is
>> : used without any chaining (what is typically known as ECB mode), but
>> : those flaws are extremely well-known (taught in Crypto 101a). If you
>> : use a block cipher properly, these issues don't come up.
>>
>> The use of block chaining certainly improves things. It is the employment
>> of methods of diffusing information over a large area of the cyphertext
>> that I am advocating.
>>
>> Block chaining strikes me as a crude hack, though. It only propagates
>> information through the file in one direction, and will /still/ expose
>> some weaknesses at random if repeated blocks and repeated data should
>> coincide by chance.
>>
>> The use of a proper diffusion technique would avoid this ever happening.
>
>It might, but whenever you tie too much of a message into an interlocking
>structure, its survivability as information becomes more fragile. The
>other extreme, having simple blocks is also bad. If this were such a one
>dimensional problem defined as effective block size, it would appear that
>there is not better answer, but it isn't and there is.
True but the purpose of some encryption is to make the data as hard as
possible for the attacker to recover. So you can add security by hiding the
information through out the whole file. Standard 3 letter chaining methods
give a false since of security by giving the illusion of hiding data through
out the whole file.
As my procedure shows. When you edit a file that uses block encyption
with standard 3 letter chaining even if you do several passes of CBC when
you decrypt the modifed file only a small set of blocks come bach with errors.
This is prood that the information is not spread through the file.
I can see that when security is not of a high concern or if communications
are weak that one could use weak chaining but this is hardly a reason to use
weak stuff for when one really wants secure information.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
