Cryptography-Digest Digest #268, Volume #11 Mon, 6 Mar 00 19:13:01 EST
Contents:
Re: are self-shredding files possible? (Nikita Borisov)
So the U.S. government program has tried to convert me observably since ("Markku J.
Saarelainen")
Meni vaan vahan USA valtion kanssa yhteistyohon ... ("Markku J. Saarelainen")
Re: The Voynich manuscript (Mok-Kong Shen)
Re: The Voynich manuscript (Mok-Kong Shen)
Re: The Voynich manuscript (Mok-Kong Shen)
Re: online-Banking: 128-Bit SSL or Java-Applet ? (Nikita Borisov)
Re: Passwords secure against dictionary attacks? (Paul Koning)
Re: Key escrow and echelon (Nikita Borisov)
Re: ascii to binary (wtshaw)
Re: PGP for AS/400?? (Don)
Re: The Voynich manuscript (John Savard)
Re: The Voynich manuscript (John Savard)
Re: Vahan meni sinne Federal Building ...... :) ("Markku J. Saarelainen")
Re: The Voynich manuscript (Mok-Kong Shen)
Re: 'Free' services with tokens/puzzles (Adam Back)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (Nikita Borisov)
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: are self-shredding files possible?
Date: 6 Mar 2000 22:16:29 GMT
In article <uyvUqbvh$GA.247@cpmsnbbsa04>,
Joseph Ashwood <[EMAIL PROTECTED]> wrote:
>To consider such is an excercise in faith, to practice such
>is foolishness. You have no way of stopping an individual
>from taking your code, and debugging it. From there it is a
>simple matter to grab the key, or create an altered client
>that will permanently store the keys.
Disappearing Inc.'s threat model is that both the sender and the
receiver of a message are not malicious (or at least that's what they
claimed last time I talked to them). The expected usage is two parties
who want their business communications via email to have non-permanence
properties similar to phone conversations (modulo the 30-day expiration
period). Claiming protection against non-cooperative sender or receiver
is indeed foolish, but last time I checked, Disappering Inc. wasn't
doing that.
- Nikita
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,soc.culture.russian,soc.culture.ukrainian,soc.culture.nordic,soc.culture.europe,soc.culture.british,soc.culture.soviet,soc.culture.baltic,alt.security
Subject: So the U.S. government program has tried to convert me observably since
Date: Mon, 06 Mar 2000 22:18:54 GMT
So the U.S. government program has tried to convert me observably since the
end of 1996 as I have told before, but there have been many other incidents
before that (as I have told).
See my notes and diaries.
Yours,
Markku
"Markku J. Saarelainen" wrote:
> Actually, this training session in the Federal Building (Atlanta) as I
> recall was one of Al Gore initiatives for human resource management ... I
> mean how low can the USA government go ...? .. can you go lower ... ? The
> training was in the first part of 1999.
>
> "Markku J. Saarelainen" wrote:
>
> > Oh .. I forgot to mentioned .. my close one in 1999 went to the Federal
> > Bulding in Atlanta to get some training for some HR management ..
> > hhmmmmm .. isn't this very interesting .. you know what has been going
> > and ... :)
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,soc.culture.russian,soc.culture.ukrainian,soc.culture.nordic,soc.culture.europe,soc.culture.british,soc.culture.soviet,soc.culture.baltic,alt.security
Subject: Meni vaan vahan USA valtion kanssa yhteistyohon ...
Date: Mon, 06 Mar 2000 22:34:49 GMT
"Markku J. Saarelainen" wrote:
> So the U.S. government program has tried to convert me observably since the
> end of 1996 as I have told before, but there have been many other incidents
> before that (as I have told).
>
> See my notes and diaries.
>
> Yours,
>
> Markku
>
> "Markku J. Saarelainen" wrote:
>
> > Actually, this training session in the Federal Building (Atlanta) as I
> > recall was one of Al Gore initiatives for human resource management ... I
> > mean how low can the USA government go ...? .. can you go lower ... ? The
> > training was in the first part of 1999.
> >
> > "Markku J. Saarelainen" wrote:
> >
> > > Oh .. I forgot to mentioned .. my close one in 1999 went to the Federal
> > > Bulding in Atlanta to get some training for some HR management ..
> > > hhmmmmm .. isn't this very interesting .. you know what has been going
> > > and ... :)
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: The Voynich manuscript
Date: Mon, 06 Mar 2000 23:46:33 +0100
Douglas A. Gwyn schrieb:
>
> [EMAIL PROTECTED] wrote:
> > Conclusion
> > The terms of the Voynich manuscript are built from synthetic
> > rules which exclude the assumption from the use of a natural
> > language for its writing.
>
> From the detailed article, it appears that you merely fit a
> statistical model to the Voynich text, abstracted a few rules
> from the result, then applied the rules *yourself* to generate
> synthetic text. The same could be done for any body of text
> written in any natural language, so you have *not* shown that
> the VMS cannot be using a natural language.
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: The Voynich manuscript
Date: Mon, 06 Mar 2000 23:48:29 +0100
Sorry, the post was a mistake due to a wrong mause click.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: The Voynich manuscript
Date: Mon, 06 Mar 2000 23:46:10 +0100
[EMAIL PROTECTED] wrote:
>
> RULES IN THE Voynich MANUSCRIPT
> by
> Antoine CASANOVA
Your meterial is probably way beyond the level of my humble
knowledge, hence I haven't attempted to read it in detail.
But I like nonetheless to pose a few general dumb questions.
1. You use the term 'universal language'. What is the
definition of that? Are natural languages universal?
If not, why?
2. Is 'synthetic language' synonym of 'artificial language'?
Can an artificial language be universal? If yes, under
which conditions?
3. Are you determining (or have you determined) the structure of
the grammar used in the text? If not, how do you know that you
have identified any language in which the text is written?
4. What is a 'term' and a 'dimension'? Are these synonyms of
'word' and 'length'?
Thanks.
M. K. Shen
------------------------------
From: [EMAIL PROTECTED] (Nikita Borisov)
Subject: Re: online-Banking: 128-Bit SSL or Java-Applet ?
Date: 6 Mar 2000 22:48:08 GMT
In article <[EMAIL PROTECTED]>, Phil <[EMAIL PROTECTED]> wrote:
>As developer of ecommerce-applications (online-banking related) I have to
>evaluate the best method of SECURE TRANSMISSION and USER AUTHENTIFICATION.
>
>The 2 most realistic Alternatives are:
>
>No 1: Java Applet solution with 128-Bit encryption (maybe with port-hopping)
>No 2: 128-Bit Browsers (now available even outside of the US.)
Note that to achieve security in case No. 1, you would need to
authenticate the Java applet when it's downloaded from the server. The
traditional method to do this is to use SSL. And if you're using SSL
already, it probably doesn't make sense to introduce another system that
will provide secure transmission and manage authentication and digital
certificates. SSL has already been designed, built, deployed, and
analyzed; I would stick with it unless you have a good reason not to use
it.
- Nikita
------------------------------
From: Paul Koning <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,alt.security.pgp
Subject: Re: Passwords secure against dictionary attacks?
Date: Mon, 06 Mar 2000 17:30:09 -0500
JCA wrote:
>
> I have myself used for years the initial letter approach, whereby I come
> up with a passphrase and construct my password by using the first letter
> of each word, and any punctuation signs in the sentence. There are three
> advantages to this:
>
> 1) The resulting password looks satisfactorily random (if somewhat
> overabundant in lowercase letters,)
>
> 2) Very long passwords can be easily concocted,
>
> 3) One can easily assign a reminder to it that can be kept public.
>
> For instance, choosing "This is just an example, and not such a good one,
> of a Password Reminder(TM)" my password would be "Tijae,ansago,oaPR(TM)",
> and the reminder something like "Example of password reminder".
>
> I have yet to come across a technique more satisfactory than this.
Pretty nice. Of course, a decent system would accept passwords
(passphrases) of any length, so you could type the whole phrase.
If you're a good typist, that may take about the same time as
reconstructing the initial letters in your head and typing those.
I'm not entirely comfortable with the notion of keeping the
"reminder" public.
paul
------------------------------
From: [EMAIL PROTECTED] (Nikita Borisov)
Subject: Re: Key escrow and echelon
Date: 6 Mar 2000 23:12:20 GMT
In article <89tkch$t3e$[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> wrote:
>Paul, sorry to disappoint you, but some of the biggest PKI names are so
>centralised and into key escrow..it is scarey..I had a discusion with
>one such big name recently in a conference..."Entrust"...
>Not only do they generate your secret and public key pairs for you,
>they also have a FULL history log of all your previous keys on the
>server...a full backup....it is so centralised, unimaginable....
In Entrust, the admin server stores backups of the decryption keys.
This admin server is typically located and maintained on site by your
company. This is done in responce to the company's business need to be
able to decrypt their employees' files. My understanding is that
most companies are happy about this feature, but I haven't talked to
them in person. A three letter agency would have to explicity negotiate
with your company or use other covert techniques to get access to that
server in order to monitor your communications.
I agree that it's questionable whether you want your company to have a
copy of your decryption keys, Certainly for personal communications you
want to use something else, like Entrust/Solo (a client not directly
connected to a PKI), PGP, or whatnot. If you are a company and would
like your employees to retain full control of their keys, you can
possibly ask Entrust to make key recovery a configurable option (I can't
recall at the moment whether it is). One thing that Entrust did get
right is that they don't keep a copy of your signature keys -- there's
no valid reason for anyone else to have a backup of those.
>I agree..but they are doing it..would you recommed to a customer a PKI
>system that generates secret keys ?????????????????????????????????
FWIW, the keys are generated on the client machine, and then a copy of
the public keys and the private decryption key is sent to the server
(over a secure channel).
- Nikita
------------------------------
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: ascii to binary
Date: Mon, 06 Mar 2000 16:37:41 -0600
In article <8a0rme$q1s$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Vernon Schryver) wrote:
>
> Didn't cards have 12 rows and 80 columns for decades before the 96-column
> cards arrived in the 1970's? Weren't the twelve holes on the classic
> punched cards labeled 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, + and - (at least
> by how you would punch individual holes to generate non-standard
> combinations).
I saved some of the blanks when I disposed of the boxes and boxes of cards
long ago. In fact a couple are under my desk top. No, just ten rows and
eighty columns. Punching too many holes tended to cause the cards to
self-distruct.
>
...
>
> I also don't agree that paper tape had only 7 useful bits. Using a
> computer talking to Model 33, 35, and 35 ASR TTY's as well as Western
> Electric and other paper tape punches, I've punched many cases of rolls
> of paper (as well as paper-mylar and mylar) tape with 8-bit bytes.
> Sometimes the 8th bit was merely parity, but most of the time each frame
> carried 8 full bits of data, with a longitudinal checksum of some kind
> before and/or after a block of frames.
>
My old 1620 Books describes the tape device and has pictures.
--
Imagine an internet on an up and up basis, where there are no subversive techniques to
rob a person of their privacy or computer
functionality, no hidden schemes used to defraud anyone. :>)
------------------------------
From: Don <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp,comp.sys.ibm.as400.misc
Subject: Re: PGP for AS/400??
Date: Mon, 06 Mar 2000 18:27:15 -0500
Reply-To: [EMAIL PROTECTED]
Walt,
Actually, it's not been ported probably because nobody's had the time to do
it and
to do the ascii/ebcdic concerns as well...also, keep in mind that on a 400,
you've got fun things
like packed, binary, and date type fields that make for a interesting
buggaboo when doing
data type conversions...unless you expand the record to a full character
(zoned data) format then convert
and PGP it...oy!
As for the closedness of the database, depends on your definition of
"closed". EBCDIC is about as standard as
ASCII....please explain what you mean by "closed". ...and a flat file is a
flat file in either architecture...
There's a few of us that have given it some thought, but we're just up to
our asses in client projects right
now... But the idea of a ebcdic version of PGP is very viable...but your
target would also have to be a ebcidic
box or you'll have to go through the same kinda data type translations that
the PKZIP/400 guys are doing.
Also, since most of the C code is readily available, this should be easier
than going from scratch...but, thought has
also been given to writing it in MI....and this may also come up at the MI
BOF at Common next week...
I WOULD be nice if IBM would make it part of the cipher instruct and support
it....but, oh well..:)
Don
=============================
Walter wrote:
> > Is PGP available for AS/400's?
>
> Depends on the data type you store.
>
> In the DB/400 database: no. It's a closed system like Oracle and others
> with it's own encryption and authority system, which by the way has not
> been hacked since 10 years on half a million AS/400s.
>
> In the server part it works like on every NT, Novell, or Unix server: It
> holds files as you put them in from your PC, open or PGP encryted.
>
> Walter
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: The Voynich manuscript
Date: Mon, 06 Mar 2000 16:31:09 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote, in part:
>1. You use the term 'universal language'. What is the
> definition of that? Are natural languages universal?
> If not, why?
Natural languages are associated with the particular ethnic group
among whose members they are spoken. Many artificial languages have
universality as one of their aims.
Some artificial languages, instead of merely being constructed from
mixtures of natural languages (like Esperanto) with some
regularization of grammar and spelling, instead are designed so that
even the individual letters are associated with meanings; thus, in
English, 'cat' and 'dog' are the names of animals, and 'chair' and
'desk' are the names of pieces of furniture - in an artificial
language of this kind, the word for cat might be kaman, the word for
tiger might be kamap, the word for dog might be kapeg, and the word
for chair might be temog and the word for table might be temul. Think
of the Dewey Decimal system. It is an artificial language of this type
that the paper is claiming might be the source for the text of the
Voynich manuscript.
>4. What is a 'term' and a 'dimension'? Are these synonyms of
> 'word' and 'length'?
I believe you are correct, except that the length of a word is the
number of dimensions it has, and a single dimension is a particular
letter position in the word.
Probably, 'term' was used instead of 'word' to avoid assuming the
conclusion that the Voynich manuscript is genuinely a cryptogram with
spaces at word divisions for any language, natural or artificial.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: The Voynich manuscript
Date: Mon, 06 Mar 2000 16:33:21 GMT
[EMAIL PROTECTED] (John Savard) wrote, in part:
>thus, in
>English, 'cat' and 'dog' are the names of animals, and 'chair' and
>'desk' are the names of pieces of furniture - in an artificial
>language of this kind, the word for cat might be kaman, the word for
>tiger might be kamap, the word for dog might be kapeg, and the word
>for chair might be temog and the word for table might be temul.
Note that this means that such a language, as opposed to a natural
language, is more susceptible to confusion arising as the result of
small changes in a transmitted text. With a natural language, the fact
that words for closely similar items may be quite different means that
context can more effectively be used as a means of error detection and
correction.
John Savard (jsavard<at>ecn<dot>ab<dot>ca)
http://www.ecn.ab.ca/~jsavard/crypto.htm
------------------------------
From: "Markku J. Saarelainen" <[EMAIL PROTECTED]>
Crossposted-To:
alt.politics.org.cia,soc.culture.russian,soc.culture.ukrainian,soc.culture.nordic,soc.culture.europe,soc.culture.british,soc.culture.soviet,soc.culture.baltic,alt.security
Subject: Re: Vahan meni sinne Federal Building ...... :)
Date: Mon, 06 Mar 2000 23:32:30 GMT
"Markku J. Saarelainen" wrote:
> "Markku J. Saarelainen" wrote:
>
> > So the U.S. government program has tried to convert me observably since the
> > end of 1996 as I have told before, but there have been many other incidents
> > before that (as I have told).
> >
> > See my notes and diaries.
> >
> > Yours,
> >
> > Markku
> >
> > "Markku J. Saarelainen" wrote:
> >
> > > Actually, this training session in the Federal Building (Atlanta) as I
> > > recall was one of Al Gore initiatives for human resource management ... I
> > > mean how low can the USA government go ...? .. can you go lower ... ? The
> > > training was in the first part of 1999.
> > >
> > > "Markku J. Saarelainen" wrote:
> > >
> > > > Oh .. I forgot to mentioned .. my close one in 1999 went to the Federal
> > > > Bulding in Atlanta to get some training for some HR management ..
> > > > hhmmmmm .. isn't this very interesting .. you know what has been going
> > > > and ... :)
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: The Voynich manuscript
Date: Tue, 07 Mar 2000 01:05:24 +0100
John Savard wrote:
>
> Natural languages are associated with the particular ethnic group
> among whose members they are spoken. Many artificial languages have
> universality as one of their aims.
But the criteria of a language being 'universal' need to be
stated, I suppose. A tiny artificial language presumably wouldn't
be called universal. But what exactly qualifies an artificil language
to be universal?
As I said, I am very ignorant in the field concerned and I have
only read superficially the original post. But I think that one has
to somehow postulate a grammar and show that the text is in that
language.
M. K. Shen
------------------------------
From: Adam Back <[EMAIL PROTECTED]>
Subject: Re: 'Free' services with tokens/puzzles
Date: Mon, 06 Mar 2000 19:04:49 -0500
Joseph Ashwood wrote:
> You'd need to modify the approach. I've been thinking on
> just such a problem. So far the solution is as follows. When
> a challenge block is needed, send it to several systems, if
> your network has minority corruption you can use a simple
> majority, which is likely to be a rather extreme majority in
> most circumstances.
Hmmm. Client puzzles or cost functions [1], [3] or hashcash [2] as other
earlier authors discussing this approach have referred to them are cheap to
verify. Therefore there is no need to ask the same question to multiple
people. The mutually distrusting 'ask the same question multiple times to
detect cheaters' approach is only used for keysearching where there is no way
to efficiently verify that the client actually did the computation.
In fact you don't even need the server to set challenges: the client can
choose and solve it's own puzzle, as is done in hashcash[2]. RSA chose to
use a server chosen puzzle because they were trying to force the attacker to
be able to receive the reply -- this is the same principle as used by
syn-cookies defense against SYN flood attacks.
Adam
ps. I am not sure why the RSA authors chose to rename cost functions 'client
puzzles'; Dwork and Naor already looked at essentially the same types of
functions in 1992 using the term 'cost function'. The RSA authors reference
Dwork and Naor.
[1]
@inproceedings(Dwork:1992:junkmail,
author = "Cynthia Dwork and Moni Naor",
title = "Pricing via Processing or Combatting Junk Mail",
year = "1992",
month = "mar"
)
[2]
@misc(Back:1997:hashcash,
author = "Adam Back",
title = "HashCash",
year = "1997",
month = "mar",
howpublished = "http://www.cypherspace.org/~adam/hashcash/"
)
[3]
@inproceedings(Franklin:1997:metering,
author = "Matt Franklin and Dalia Malkhi",
title = "Auditable metering with lightweight security",
booktitle = "Financial Cryptography",
year = "1997",
pages = "151--160"
)
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
