Cryptography-Digest Digest #620, Volume #10 Wed, 24 Nov 99 05:13:01 EST
Contents:
Re: How ScramDisk will recover >> My test in container file ... (Aman)
Re: What's gpg? <PHILOSOPHY 101> (Tim Tyler)
Re: What part of 'You need the key to know' don't you people get? (Tom)
Re: exchanging tips on code book ([EMAIL PROTECTED])
Re: US stupidity (SCOTT19U.ZIP_GUY)
Re: US stupidity (SCOTT19U.ZIP_GUY)
Re: bits of diffiehellman private key (Scott Fluhrer)
Re: Montgomery Algotrithm (Hideo Shimizu)
Re: Halting condition for brute force cracking ("Lyal Collins")
Re: US stupidity (Tommy the Terrorist)
Re: US stupidity ("Tim Wood")
Re: US stupidity (Johnny Bravo)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Aman)
Crossposted-To:
alt.security.pgp,comp.security.pgp.discuss,alt.security.scramdisk,comp.security.pgp.tech
Subject: Re: How ScramDisk will recover >> My test in container file ...
Date: Wed, 24 Nov 1999 00:03:33 GMT
On Mon, 22 Nov 1999 11:18:49 GMT, [EMAIL PROTECTED] (Johnny Bravo)
wrote:
>On Mon, 22 Nov 1999 05:31:22 -0500, [EMAIL PROTECTED] wrote:
>
>>How Scramdisk will recover from say :
>>
>>PC power down with file/s open in container >> power down with container mounted
>>+ open files in container ?
>
> Works fine, any files in the process of being written to will get
>chopped off as normal. I've had this happen many times (lightning in
>Florida really prone to taking out power for entire blocks for 2-3
>mins, happens about once a month on average). Never had a problem
>remounting the volume.
>
>>My test in container file, by corrupting 1 byte of random data made my container
>>USELESS [ could not mount it + did not recognized password ] >> this makes
>>reliability of container very controversial issue >> corrupting 1 byte affected
>>640 MB of disk space !!!
>
>>The above ratio will theoretically render ScramDisk as useless software, base on
>>immunity to withstand any data corruption. I see the problem in inability to
>>MOUNT container, which lead to ALL CONTAINER disk space lost.
The first 2K(+32Bytes) is the most vulnerable. This data however NEVER
gets written to, apart from at creation time, or when the password is
changed. The disk from sector 20 upwards (boot sector) is no more at
risk than any other windows disk you have.
There is a backup of this data, and in version 3 there is a facility
to use that backup..... Version 3 creates backups, with triple
encryption, so they don't have an exact copy of the data............
>
> This is damage to the actual container file. I've yet to see this
>happen myself, dispite using a 200MB container for over a year (4
>months of that time it was on a doublespaced drive) and having at
>least a dozen unexpected power outages with the drive open and writing
>files to it. I've even run scandisk and defrag on my scramdisk drive
>with no ill effect.
>
> You don't like the risk, don't put all your eggs in the same basket.
>Make backups to tape, split the drive up into 10 files of 64 MB each,
>whatever you need to make you happy with the risk.
>
> While you might not be happy with this, it does not make the
>software useless. There are always tradeoffs, this is one of them
One should always backup.... Hard drives can just croak without
warning....
Regards,
Aman.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: What's gpg? <PHILOSOPHY 101>
Reply-To: [EMAIL PROTECTED]
Date: Tue, 23 Nov 1999 23:56:19 GMT
[EMAIL PROTECTED] wrote:
: Douglas A. Gwyn ([EMAIL PROTECTED]) wrote:
: : There are many historical counterexamples; practically every new
: : crytposystem has been believed uncrackable after many "experts"
: : tried and failed to crack it, but in the end they (nearly) all
: : turned out to be crackable.
: Now, this is interesting. I can't argue with your history, but I have
: tended to think that the microchip revolution has given the defense quite
: an unprecedented advantage over the offence in the area of cryptography
: these days.
True enough - but that doesn't mean modern cyphers are likely to have no
possible breaks...
: In any case, those who haven't listened to Terry Ritter may now listen to
: you, and ponder what it means if nearly all the ciphers we think of as
: secure today might turn out to be crackable.
IMO, they're almost /bound/ to be crackable - in the sense that methods
of finding the plaintext given enough cyphertext will be found eventually
that work faster than brute-forcing the cyphers.
The question seems to me to be not "will a break be found?", but rather
"will a realistic and useful break be found?" - one that needs a sensible
quantity of text, and a practical quantity of time for it to be
implemented.
--
__________
|im |yler The Mandala Centre http://www.mandala.co.uk/ [EMAIL PROTECTED]
If your attack is going well, it's an ambush.
------------------------------
From: [EMAIL PROTECTED] (Tom)
Subject: Re: What part of 'You need the key to know' don't you people get?
Date: Tue, 23 Nov 1999 09:47:55 GMT
Reply-To: [EMAIL PROTECTED]
On Tue, 23 Nov 1999 21:15:19 GMT, Tim Tyler <[EMAIL PROTECTED]> wrote:
>James Felling <[EMAIL PROTECTED]> wrote:
>
>: Ah.. I see my error.
>
>[snip]
>
>: I see your point. Notationally the steps are
>: 1.Encrypt M with K, V is IV.[C=Ek(V,M)]
>: 2. DECRYPT C with K, X is IV.[D=Dk(X, Ek(V, M))]
>
>: The first block out is M[1] XOR V XOR X
>: The second is M[2], and the ith is M[i]
>
>: The IV drops out after block 1.
>
>: I see. Excellent point.
>
>The initial value the message was encoded with is irrelevant to decrypting
>any but the first block of any chunk of the message you might have.
>
>Now we just have to wait to see if Tom St Denis can grasp this.
This was presented about 20 messages ago AND is a function of CBC, not
an accident. The IV does change every block of the file after it, but
that doesn't mean that you need the IV to decrypt any but the first
block. The purpose is so that identical blocks won't encrypt to the
same ciphertext.
This wasn't "discovered" by scott. If it weren't true, you couldn't
recover after errors!
As to this being a weakness - it means you only need two blocks for
brute force. That's unimportant, as far as I can tell. If you have
enough information (i.e. a key) to decrypt a block, you could also
decode the whole file, or just the first two blocks. Spreading the IV
throughout the file wouldn't matter, unless it's secret, and then,
again, you're talking about an encryption algorithm.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: exchanging tips on code book
Date: Wed, 24 Nov 1999 05:41:07 GMT
In article <[EMAIL PROTECTED]>,
I'm also stuck on code 3, and need all the help I can get. If you're
interested, e-mail me at [EMAIL PROTECTED] ([EMAIL PROTECTED] over
Thanksgiving). Thanks alot.
Jeff
[EMAIL PROTECTED] wrote:
>
[EMAIL PROTECTED] wrote:
>
> >Hello. I've successfully cracked #1 #2 #4 challenges cyphers (pretty
> >simple), on the ITALIAN version of the book (maybe different, maybe
> >not). I am stuck on #3. I'd like to exchange tips (not solutions). If
>
> We checked the Swedish and the English version of the book, and only
> cipher #1 differed.
>
> I've done #1,#2 and #4 just as you. I "know" #3 well enough to be able
> to break it if I could only find the perstistence I need, and I've got
> #6 down to "only" having to do trial-and-error on the facts I've got
> out of it (at the moment trying to write a program that'll do it for
> me ;)
>
> I've got some interesting stuff out of #5 also, but since I haven't
> done #3 yet I really don't want to find myself breaking #5 without
> being able to send my answers in ;)
>
> There's a mailinglist at
>
> http://www.onelist.com/community/CipherChallenge
>
> where other's already are discussing the cipher challenge (not giving
> out solutions).
>
> ___/
> _/
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: us.politics,talk.politics.crypto
Subject: Re: US stupidity
Date: Wed, 24 Nov 1999 06:54:30 GMT
In article <[EMAIL PROTECTED]>, "John E. Kuslich" <[EMAIL PROTECTED]> wrote:
>I have really mixed feelings about this. The boy was no threat to
>national security or anything of REAL value.
>
>The lad's act was vandalism, no doubt about that. If you have ever been
>the victim of vandalism, you can appreciate the feelings of the victims
>in this case.
My understanding was no real damage was done. Its not like
he put a virus in the system.
>
>I think the function of the court in any case of vandalism is to see
>that:
>
>1) The victims are reimbursed, that is, to see that justice is done.
>One could hope that the court's estimate of the actual damages in this
>case was accurate. If not, that should be rectified.
>
>2) To apply a punishment severe enough that the perpetrator thinks twice
>about repeating such stupidity and so that any copy cats are deterred
>from committing similar acts.
>
The problen with this kind of punishment is that it only helps
train other kids to be more devious since others we feel he was
wrongly judged. Look at Waco many people belive that lead to
the bombing in Oklahoma. So what good did it do our government
by frying those people that the FBI didn't like.
>In simpler times, if an overly testoserized youth knocked over an
>outhouse, he may have been forced to do yard work and possibly publicly
>humiliated for his transgression. Today everybody goes to jail. It's
>our national industry.
>
Yes when I was a boy the worse thing that could happen was the
sheriif would turn me over to dad. The problem today is that they
would turn dad in if he touched his son.
>It is not relevant that the victim in this case did not use bullet proof
>defense against hackers. If your mother has her handbag stolen while in
>a rough neighborhood, you don't just brush off the crime and chasten
>your mother not carry anything of value when venturing out of the
>house. You go out with your shotgun and kick some ass!! (Ok, you feel
>like doing that).
Obviously you don't live in LA when I went to USC people from the
college who would make the mistake of walking in the neighborhood
that surrounded the place they would get robbed. All the cops would say is
you sould not go into that neighborhood its dumb.
Like wise its plain stupid to make laws to punish people for these
kinds of crimes. I feel that if corparations are to stupid to protect the
computer systems they have then they don't need to be in business.
The should be forced by the hackers to clean there act up. If they
rely on dumb laws. Then what are they going to do when we finally
go to war with a technolgically advanced society that may not
follow our stupid laws. I see the weaking of computer security as
just another favor Clinton is doing for the Red Chinese. He wants
it to be easy for them to shut our systems down.
Or can you think of a better reason to play ostrich with
security problems.
>
>On the other hand, the prison term does seem a little long. Perhaps a
>week or two in the slammer would do the trick.
>
>I just don't think that we should tolerate vandalism in any form. I
>don't care if it is spray painting a wall or defacing a web site. We
>should definitely not reward such behavior in ANY way. Giving this
>arrogant little nimrod a job in computer security is the last thing we
>should do. How could you ever trust someone like that.
>
Well it seems there are a lot of idiots who would not trust Clinton
with there daugthers but they are happy he is president so why
should this make a difference. Hell i know kids that where bullys
when young. Yet they become cops so whats the difference.
>Think about it. Someone breaks into your house some night and deletes
>all your data on your hard drive. So you feel you were stupid enough to
>not have your data backed up, or to not have a stronger lock on your
>door? So it's your fault. I don't think so. Yer gonna kick some ass!!
But if he only used a key and copied my stuff. Thats ok. The kid as far as
I know did no real damage. However if I see the kid in my house and I don't
know him there is a good chance he gets a 45 slug through the brain.
>That's basically what the court did. It just did it with a rocket
>powered, stainless steel jackboot. That smart ass boy is going to have
>a really sore keester for a long, long time.
The sad thing is that some creep of a gaurd will stick him in a
cell with an AIDS infected felon. And then people will bitch that
the kid should have stayed locked up because if it did not hate
our dishonest system of justice when he went in. He sure as
hell will when he gets out.
>
>And, I seriously doubt he will try that again for as long as he lives.
>
You right he will be a hell of lot more violent the next time.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Crossposted-To: us.politics,talk.politics.crypto
Subject: Re: US stupidity
Date: Wed, 24 Nov 1999 06:57:26 GMT
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>"SCOTT19U.ZIP_GUY" wrote:
>> Here is what my country does to its raw talent that could be good with
>> computers.
>
>By analogous reasoning, we should hire armed robbers as guards since
>they're so good with guns and banks.
Well it one time I tried to get a job as a bounty hunter for a guy
in a small town where I lived but they only wanted people that have
actaully killed some one before. I didn't qualify.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE
http://www.jim.com/jamesd/Kong/scott19u.zip
Scott famous encryption website NOT FOR WIMPS
http://members.xoom.com/ecil/index.htm
Scott rejected paper for the ACM
http://members.xoom.com/ecil/dspaper.htm
Scott famous Compression Page WIMPS allowed
http://members.xoom.com/ecil/compress.htm
**NOTE EMAIL address is for SPAMERS***
------------------------------
From: Scott Fluhrer <[EMAIL PROTECTED]>
Subject: Re: bits of diffiehellman private key
Date: Wed, 24 Nov 1999 06:46:35 GMT
In article <81fie1$u71$[EMAIL PROTECTED]>,
Tom St Denis <[EMAIL PROTECTED]> wrote:
>I was told if your modulus P is prime, and if P-1/2 is prime as well
>then G=3 or G=4 would make a 'sub-group' of at least P-1/2. Is this
>not true? "I used this assumption in peekboo......"
If p and (p-1)/2 is prime, then (except for 1, -1 [1]), all elements
create a group of either (p-1)/2 elements or p-1 elements. The ones
that generate a group of (p-1)/2 will be quadratic residues, and so
that's the size of group you'll get for G=4.
This is due to the fact that, for a prime p, the size of a group
formed by any member must be a divisor of p-1. Therefore, if (p-1)/2
is prime, the only possible sizes are:
1
2
(p-1)/2
p-1
And, it is simple to show that the only groups of size 1 and 2 are
the groups {1}, and {1,-1}.
[1] And, although it isn't really a member of the group, 0 to be
completely thorough.
--
poncho
------------------------------
From: Hideo Shimizu <[EMAIL PROTECTED]>
Subject: Re: Montgomery Algotrithm
Date: Wed, 24 Nov 1999 15:50:34 +0900
See 'Handbook of Applied Cryptography Chapter 14 Efficient Implementation'
available at http://cacr.math.uwaterloo.ca/hac/index.html .
Brice wrote:
>
> I am looking for some information on how to implement Montgomery Reduction
> using the Residue Number System to speed it up.
>
> Any idea ?
>
> Regards,
>
> Brice Canvel.
Hideo Shimizu
TAO, Japan
------------------------------
From: "Lyal Collins" <[EMAIL PROTECTED]>
Subject: Re: Halting condition for brute force cracking
Date: Wed, 24 Nov 1999 19:28:32 +1100
>english. Second, you decrypt, and then encrypt with the same key, then
>compare it to what you were originally trying to decrypt, and see if they
>match. If they do, you got the right key, if not, then keep trying.
That will stop one try #1, and #2, and #3 and...
I'm sure you meant something slightly different.
Lyal
------------------------------
From: Tommy the Terrorist <[EMAIL PROTECTED]>
Crossposted-To: us.politics,talk.politics.crypto
Subject: Re: US stupidity
Date: 24 Nov 1999 07:57:37 GMT
In article <81d9ci$1pvo$[EMAIL PROTECTED]> SCOTT19U.ZIP_GUY,
[EMAIL PROTECTED] writes:
> But not in mine. With any luck the kid could make money working
>for the mob. Maybe they can use good computer talent since the
>US government is afraid to fix computers and those who have the
>talent get punished.
You hit the nail on the head there... the reason why they hate hackers
so much is that the spies have their OWN plans for the loopholes they
create.
You think they WANT some pimply-faced kid writing the "Melissa"
virus and revealing that Microsoft has designed its later versions
of Word with the intent that anybody can send you (or intercept
and alter) a "text document" that causes your computer to send
your most confidential documents to a remote site, automatically?
Sure, the NSA had them "fix" it by ensuring the program will now
only do it with "TRUSTED" (!) documents sent from Very Special
third parties, but the point is, it looks bad for them.
Besides, if they can wave a hundred years of prison term over some
hacker it's more likely he'll choose instead to go to work for the
ever expanding crew of bastards taking advantage of such holes.
They don't hate hackers - they just hate that there might be some
hackers whose sole occupation isn't the subversion of every single
computer to their particular purposes.
------------------------------
From: "Tim Wood" <[EMAIL PROTECTED]>
Crossposted-To: us.politics,talk.politics.crypto
Subject: Re: US stupidity
Date: Wed, 24 Nov 1999 10:03:30 -0600
Should this thread be crossposted to sci.crypt?
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Crossposted-To: us.politics,talk.politics.crypto
Subject: Re: US stupidity
Date: Wed, 24 Nov 1999 05:04:16 GMT
On Wed, 24 Nov 1999 06:54:30 GMT, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote:
>In article <[EMAIL PROTECTED]>, "John E. Kuslich" <[EMAIL PROTECTED]> wrote:
>>I have really mixed feelings about this. The boy was no threat to
>>national security or anything of REAL value.
>>
>>The lad's act was vandalism, no doubt about that. If you have ever been
>>the victim of vandalism, you can appreciate the feelings of the victims
>>in this case.
> My understanding was no real damage was done. Its not like
>he put a virus in the system.
So you don't mind if total strangers break into your house and look
around, as long as they don't damage anything or steal something?
Johnny Bravo
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
