Cryptography-Digest Digest #553, Volume #12 Mon, 28 Aug 00 04:13:01 EDT
Contents:
A more secure alternative to ADK for legitimate key recovery (David Hopwood)
Re: DeCSS ruling -- More (David Hopwood)
Re: An interesting cryptographic problem (David Hopwood)
Re: SSL protocol and unencrypted random info (David Hopwood)
Re: DeCSS ruling -- More ("Stou Sandalski")
Looking for Book Recommendations ([EMAIL PROTECTED])
Re: Pencil and paper cipher (Scott Contini)
Re: Steganography vs. Security through Obscurity (Runu Knips)
Re: UNIX Passwords (Runu Knips)
Re: My encryption algorithm (Runu Knips)
Re: SHA-1 program, wrongo ! (S. T. L.)
Re: Patent, Patent is a nightmare, all software patent shuld not be allowed (Paul
Rubin)
Re: Serious PGP v5 & v6 bug! ([EMAIL PROTECTED])
Fly ball in left field... (Greggy)
----------------------------------------------------------------------------
Date: Mon, 28 Aug 2000 07:15:55 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: A more secure alternative to ADK for legitimate key recovery
=====BEGIN PGP SIGNED MESSAGE=====
"Ron B." wrote:
> On Thu, 24 Aug 2000 13:33:30 GMT, "JL" <[EMAIL PROTECTED]> wrote:
> >"Ron B." <[EMAIL PROTECTED]> a =E9crit dans le message news:
> >[EMAIL PROTECTED]
> >
> >> If a business requires this then Jane may have no choice in her
> >> business communications.
> >
> >Then her company shouldn't complain if sensible information is
> >compromised. If you don't trust your employees you shouldn't hire
> >them in the first place.
> =
> This may not be a matter of personal trust. The company may see Jane
> as the perfect employee. If Jane is has a heart attack, has a fatal
> accident or for other reasons beyond her control is not available to
> decrypt important data, the company may have legitmate reasons to
> have access to her messages.
Which is why received messages should be reencrypted *by the recipient*
to the recipient organisation's public key designated for that purpose,
and the ciphertext stored locally. Similarly, sent messages should
be additionally encrypted by the sender to the sender organisation's
public key. In neither case does anything that allows the message to be
recovered go over a public network, in contrast to the ADK design.
Now if Jane has a heart attack, her logs of sent and received messages
can be decrypted (the ciphertext will have been backed up by the
organisation's normal backup procedures). New messages cannot be
decrypted, so they must be bounced, but that is exactly as it should
be: the sender then has the opportunity to decide whether he wants to
resend the message to Jane's coworkers, rather than to Jane specifically.=
- -- =
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 0=
1
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has b=
een
seized under the Regulation of Investigatory Powers Act; see www.fipr.org=
/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOaoAezkCAxeYt5gVAQEsRggAx/FF01RBowS/GIjoW+N0MIrqKSfKKAV1
3zFMuIA53LqjlCk6oOmRh57MU+J4BadITw9HAeY+M96wBkq0i8SzdzaBVT9vYxkj
fviPe6s+zV+PqrY6B18PpMDk5XZW6YzXPFi2iVwowGub5DbtLOkQDndF7hTpHbyb
F5LtL0jyFMlEWoLaXBtPfePo3mKu/nH03qQ3sB+UdVAphHVDePHSq4JAlAxussR2
KXL5yK7NfeImi8YgeCD4vFuSQ7fKyx++BtkE+dqvR/N0/jeo3UJ8FIEIn9mpdQ59
9+nekApKSpE0G36NbsAyJ+2RbKiWWR6CkTGgNi8IgmtFuwO1vj+DQw=3D=3D
=3DWCfx
=====END PGP SIGNATURE=====
------------------------------
Date: Mon, 28 Aug 2000 07:16:43 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: DeCSS ruling -- More
=====BEGIN PGP SIGNED MESSAGE=====
Stou Sandalski wrote:
>
> I don't quite agree here, although I see your point. I don't know what they
> did with PGP... but NAI's PGP has a plug in for MS outlook which is very
> easy to use...
PGP won't be commonly used unless or until it is bundled with the most
common email clients, and set up to generate key pairs by default; plug-ins
that have to be separately downloaded won't make any substantial difference.
(Unfortunately the common email clients are hopelessly insecure in other
ways, but that's a separate issue.) At least the export restriction obstacle
to bundling PGP with mail clients has mostly gone away now.
> Their argument is that it will allow "pirates" to copy DVDs....
That's their public argument. They don't actually believe it; they know as
well as anyone here that commercial pirates don't need to use anything
like DeCSS.
The primary purpose of CSS is and always was to support the anti-competetive
practice of region coding, i.e. to reduce the incidence of trading of
*legitimately purchased* DVDs between regions with different pricing regimes,
which would force down prices (especially outside the US). Note that the
region coding mechanisms don't have to be completely effective from a
technical point of view, for it to be cost-effective for the recording and
movie industry to pursue this case.
OTOH, it appears in practice as though region coding isn't effective at all,
given that both hardware and software players are routinely and openly
advertised (at least in the UK, and I hear this is also true in other
countries) with the fact that region restrictions can be bypassed as a
selling point. The MPAA have won a battle in this court case, but they've
lost the war.
Unfortunately, the EFF et al have also lost an important opportunity to limit
the applicability of the DMCA, despite being in a strong position to do so :-(
Presumably there will be an appeal?
[...]
> the MPAA is pissed because they make money from the licensing of the crypto
> algorithm in various software players...
That's just a side issue, the amount of money involved with that is not
large enough for them to be as pissed off about it as they are about the
region coding issue.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOanzzTkCAxeYt5gVAQEnSQgAw4ECqELKpd2P+w/bMuqvjanKPGqJOtaV
r5Cc6eDIAR2TlDJOZeCl2kl+PynEwfoZHTjdwRAP5FoalwW45FteliAqP4YfG/we
yMZ/QkJrPgc/uLrmANpwaxeaLpPsrxhXTlUY30fCF4rPbwq6PrHE72sskvW9snlQ
Cm9fHE0xzfcTdVJMlgDZuKFIvvtiZ6XF4aRGjrFCCyC5mgprVW+h5iJ8DDhAUboS
lwkaTs6L9W4Fa8O+bSZVFSrotC1VOH62UWGzyfObfpl9E8jfF+PA0jnui9Adrjns
pNJw7GbBbBxgIk8Ws3rsORFCb/8j5sFfZVGLH3wC6CVcNwkgEfGwLg==
=Sqgw
=====END PGP SIGNATURE=====
------------------------------
Date: Mon, 28 Aug 2000 07:17:17 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: An interesting cryptographic problem
=====BEGIN PGP SIGNED MESSAGE=====
[EMAIL PROTECTED] wrote:
> In article <8o091n$24v$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> [see original posting]
>
> Many thanks for your helpful responses.
>
> Unfortunately the suggested approaches of encrypting the database
> information or using stored procedures to implement access control are
> not especially easy to implement given that it is extremely desirable
> to layer this security system on top of an existing application with
> minimal changes to the application code or tables.
Run copies of the existing application on a server in a physically secure
location that is trusted by the database admin, and provide access to them
by some remote windowing protocol, over an encrypted authenticated
connection.
(Unfortunately many of the existing remote windowing protocols such as
X-Windows introduce their own security problems, but that's a solvable
problem.)
> At present the approach I am considering (invented yesterday afternoon)
> works as follows:-
>
> There is an authentication server running on a machine somewhere which
> is reachable via TCP/IP. This server accepts authentication requests on
> behalf of clients.
>
> The encryption algorithm is DES in Cipher Feedback Mode. [...]
You're concentrating too much on the details rather than the architecture.
Providing a secured connection isn't the problem, that can be done with
SSL or a number of other "off-the-shelf" protocols.
The bottom line is that trying to hide any secret keys in an application
binary that is accessible to untrusted users is not secure. Therefore, the
binary that directly accesses the database must not be accessible to users.
Of course although it's necessary to have an extra layer of software
between the client and the database that cannot be modified by users, it's
not sufficient - that layer also has to be carefully designed in such a way
as to limit the user to actions that should be allowed according to the
security requirements, and to provide support for auditing, etc.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOancazkCAxeYt5gVAQEX4wgAkbXvDq/rfaPGXBQKQfU7LzAdsLZscWVB
uV3UT1HVUFDcLAS1ud1to4sd5wKKvD7bwaVZae4MK/8kqqUFtTJ3FcMA652KaCGL
bHuT+NRMrsgvpejAQYhkZ7eNpFWbuc3nRtGsSyvXNsKFYjW7t9VxAsril4KspIYZ
70Vrs3TsaTkaX+nOL7MMwTmSP6wmPrsRRKrXHIU0uO/AvRnai0zzbr2KFeGeKYAa
mo1jvJhjfYbDuxxdqvXkqFJL4ilFmuuMb33Vv7ZD62nAeK0CwMsY1115rONQpwXm
vK/6cqxF7iEGIhCz2CeQkHBqYa72lZbDONKuvOdBn1+M8zf5lBpTDw==
=iid4
=====END PGP SIGNATURE=====
------------------------------
Date: Mon, 28 Aug 2000 07:17:59 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: SSL protocol and unencrypted random info
=====BEGIN PGP SIGNED MESSAGE=====
[EMAIL PROTECTED] wrote:
> I noticed that in the SSL 3 protocol, both the client and the server
> send unencrypted random data to each other. This data, along with the
> client-generated pre-master-key is used to generate the master key. The
> pre-master-key is sent using the server's public key.
>
> My question is why aren't the random data sent encrypted using the
> server's public key?
Because the client and server random values are a part of the protocol
that is independent of the key exchange algorithm (in fact the client
random is sent before the key exchange algorithm has been negotiated,
and before the client knows the server's public key, in general).
The purpose of these values is to ensure "freshness". For example, in
cases where the ServerKeyExchange message is used [*], the presence
of the ClientHello.random in the signature tells the client that the
signature must have been produced for this session, not replayed from
a previous session.
[*] it is not used in the RSA_WITH_* ciphersuites.
> Doesn't this mean that the security of the master-key is determined
> solely by the strength of the randomness of the pre-master-key only?
Yes, but that's plenty large enough.
> The only reason I can think of is that the pre-master-key is large
> enough such that it doesn't matter that the client and server random
> data goes through cleartext. Perhaps this random data is used as a salt
> so that it prevents replay attacks.
Exactly.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOanTfDkCAxeYt5gVAQGXfAf/W7HdfxHbhegvihvwxOUGvgdo+/D+hTrq
mr/8dpzyipCE+HLtNokf9MiLxNZB25a/mDBFt4U+UVXZ+RYyFbz4I4Lf5KWjAZ4H
pRx5Far3k+QFjQaeOOM+/QeTc5yZRAsbxt0/2Qb70/8CcJVGHQhLsfqZZ0aNwBRx
x1I3LsVI2/IszdP/Cy6MkSmdCP28M4HKzrlH0iF5UejY8VaL8K9De04is7PA9Mrs
7eeVkX0pc1qWDfu/JH3AtTblNxKSIUTJ99HCrXqvgV9kJFIDVxGBHwdWFYShzS2X
o0nMOyAOHtqz84MPKu3crXje1hTbGaoNMEowCbRzJ79fLUjSvXEDEA==
=b27Q
=====END PGP SIGNATURE=====
------------------------------
From: "Stou Sandalski" <tangui [EMAIL PROTECTED]>
Subject: Re: DeCSS ruling -- More
Date: Sun, 27 Aug 2000 23:38:59 -0700
Yea ok, I get what you are saying now... I still don't know if I agree that
those are their goals but I do understand your point... and now to think of
it hehe noone really uses PGP or at least noone I know... even thought it is
easy to use... but I think that has to do with more of the fact that noone
really needs it and using it is pointless... at least thats how people view
it
Stou
"Eric Lee Green" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
<snip>
> program named "DeCSS" off of every mirror on the planet, as long as
> folks can't go to Fry's Electronics or Tucows.com and get an easy-to-use
> version of it.
>
> I do not personally know (in "real life") any person who uses PGP to
> encrypt their EMAIL. If they can accomplish for DVD what the Federal
> government accomplished for encryption via their persecution of Phil
> Zimmerman, the DVD CSS Forum and MPAA shall be VERY happy.
>
> --
> Eric Lee Green There is No Conspiracy
> [EMAIL PROTECTED] http://www.badtux.org
------------------------------
From: [EMAIL PROTECTED]
Subject: Looking for Book Recommendations
Date: Mon, 28 Aug 2000 06:40:01 GMT
Hello,
I would like to ask for advice on books about
number theory, abstract algebra and elliptic
curve cryptography.
I'm currently working my way through "A Course in
Number Theory and Cryptography" by Neil Koblitz,
which I think is an excellent book, however I
would like a more detailed reference on the
number theory/abstract algebra material in
chapters 1 and 2, because I'm coming from an
engineering background.
Some searching in the bibliography and on the web
revealed the following books, but I don't know if
they are really what I need:
"Elementary Number Theory" by G.A Jones and J.M.
Jones
"Elementary Number Theory and its Applications"
by K.H. Rosen
"Abstract Algebra" by Israel N. Herstein
"Topics in Algebra" by Israel N. Herstein
"A Classical Introduction to Modern Number
Theory" by Ireland and Rosen
Do these provide a good background for the
material in the Koblitz bookor does anybody have
any other recommendations?
I'm also interested in reading more about
ECC. "Elliptic Curve Public Key Cryptosystems" by
Alfred Menezes seems to be the standard text, but
he recommends against buying it on his web page.
How does it compare to "Elliptic Curves in
Cryptography" by G. Seroussi, Nigel P. Smart, Ian
F. Blake?
Anthony Mulcahy
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Scott Contini)
Subject: Re: Pencil and paper cipher
Date: 28 Aug 2000 06:56:10 GMT
In article <[EMAIL PROTECTED]>, Jim Gillogly <[EMAIL PROTECTED]> wrote:
>Benjamin Goldberg wrote:
>> Split the alphabet into 4 words, length 3, 5, 7, 11:
>> AFN GTJIK DOSPEQB ULVHWMXRYCZ
>>
>> Now, multi-encipher the message using Vernam's method, using each string
>> as a seperate key:
>>
>> ThisI sTheP laint extIH opeTh atItI sUnde ciphe rable
>> AFNAF NAFNA FNAFN AFNAF NAFNA FNAFN AFNAF NAFNA FNAFN
>> GTJIK GTJIK GTJIK GTJIK GTJIK GTJIK GTJIK GTJIK GTJIK
>> DOSPE QBDOS PEQBD OSPEQ BDOSP EQBDO SPEQB DOSPE QBDOS
>> ULVHW MXRYC ZULVH WMXRY CZULV HWMXR YCZUL VHWMX RYCZU
>> -----------------------------------------------------
>> QLDAM WCXMS GYEJV TPKKS TPKML CUOLQ DDXGW IBNAG KTYIC
>>
>> How would one break this cipher, and is a computer needed?
>
>A known plaintext attack would need no more than 26 letters:
>express each ciphertext letter as the sum of the 3 letters
>in each column and the plaintext, and you have 26 independent
>equations in 26 unknowns. I didn't check to see if you're
>changing it based on upper/lower case, but that's just a few
>more known plaintext letters. Should be dead simple.
>
>If you really use words for your key, then a dictionary search
>also works.
also: if your key is words (not random), then the fourth word
of the modified key is likely to be of the form:
U?V?W?X?Y?Z
which can simplify the attack (i.e. for these weak keys you need
less than 26 letters).
Scott
------------------------------
Date: Mon, 28 Aug 2000 09:08:15 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Steganography vs. Security through Obscurity
[EMAIL PROTECTED] wrote:
> I recently had a discussion concerning the differences between
> cryptography and steganography.
>
> I maintained that one of the differences between the two is that
> strong cryptography doesn't need obscurity. However, every system
> I've seen for steganography requires some obscurity. If the algorithm
> is known, then the steganography can be defeated.
>
> In other words, security through obscurity is a requirement for
> steganography.
No.
Using Stenography without cryptography is crap, because you can
simply check the data according to the stenographical scheme,
and if you get a meaningful message, you've cracked the system.
But if you apply the stenographical scheme and only get random
bits, you can't know if (a) there is no message or (b) there
is an encrypted message.
So stenography does NOT require obscurity. It only hides the
fact if there is an encrypted message OR if there is random
data.
------------------------------
Date: Mon, 28 Aug 2000 09:15:37 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: UNIX Passwords
Martin 'SirDystic' Wolters wrote:
> Is there a description available, how UNIX encrypts (or hashes)
> its Passwords?
Depends upon the actual system. Most of them use a modified variant
of DES, but OpenBSD, for example, might also use Blowfish (and some
other functions).
In fact one may use any oneway hash function one wishes.
------------------------------
Date: Mon, 28 Aug 2000 09:18:28 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: My encryption algorithm
The funnier part is that I miss the previous posting of the one I'm
now answering, while all postings I've written friday didn't
appeared on my server.
DAMNED.
I would really like to have a newsserver which WORKS :-((((
I have no problems like this in ANY other newsgroup !!!!! :-(((((
"Slava K." wrote:
>
> The funny part is that I have no idea what a Vinegere cipher is.
>
> <[EMAIL PROTECTED]> wrote in message news:8o5s3u$h59$[EMAIL PROTECTED]...
> > In article <8o4ij6$eub$[EMAIL PROTECTED]>,
> > "Slava K." <[EMAIL PROTECTED]> wrote:
> > > I have designed a new encryption algorithm, and would like comments
> > about
> > > it's security. The following is a specification of the algorithm in
> > general
> > > programming terms. Tell me what you think. EMail me your comments
> > > ([EMAIL PROTECTED]).
> > >
> > > · A password of any size is inputted (K). If K is the length of zero
> > or one,
> > > and error is reported.
> > > · A counter – N1 is set to the first character of the password. N2 is
> > set to
> > > the second.
> > > · The two password character (Respective to N1 and N2. They may be
> > converted
> > > to integers or bytes if required by the language) are XORed together
> > (X).
> > > · A character is read from the input file (P. This can again be
> > converted
> > > into an integer or a byte if required) and XORed with X.
> > > · The result is written to the output file.
> > > · If N1 equals the size of K, it is set to 1. Otherwise, N1 equals N1
> > + 1.
> > > · If N2 equals the size of K, it is set to 1. Otherwise, N2 equals N2
> > + 1.
> > > · The process is repeated if there are any characters left to encrypt.
> > >
> >
> > Wow a modification of a Vinegere Cipher (I think). Righto.
> >
> > Tom
> >
> >
> > Sent via Deja.com http://www.deja.com/
> > Before you buy.
------------------------------
From: [EMAIL PROTECTED] (S. T. L.)
Date: 28 Aug 2000 07:38:25 GMT
Subject: Re: SHA-1 program, wrongo !
<<doesn't your environment support stat or fstat?>>
My sole C resource to this date has been K&R2. I don't know anything about
DOS. :-P Rather ironic, if you will. Anyways, I've modified my program to
only read the file once. Imagine my surprise when I discovered that I already
had that capability in my program due to the way I wrote getpad()! I love
getting things for free. :-P I'm working on some new stuff, so I forget which
version of SHA1.EXE I last uploaded. I'm on v0.32b right now.
-*---*-------
S.T.L. My Quotes Page * http://quote.cjb.net * leads to my NEW site.
My upgraded Book Reviews Page: * http://sciencebook.cjb.net *
Optimized pngcrush executable now on my Download page!
Long live pngcrush! :->
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Patent, Patent is a nightmare, all software patent shuld not be allowed
Date: 28 Aug 2000 07:45:14 GMT
In article <8oce2c$kkn$[EMAIL PROTECTED]>, qun ying <[EMAIL PROTECTED]> wrote:
>Hi All,
>
>I just encountered this patent while surfing the net. How can the
>patent office issue a patent on such fundamental things? Anyone has
>some knowledge of PKI system will come out on this as a solutions. And
>PGP has long history of using public key to encrypted symmetric key for
>e-mail, document transferred, long before the so call patent. Any one
>has comments on this issue?
There are lots of bogus patents and it's good to post about them. But
please, always include the patent number. What is the patent number
of this one?
------------------------------
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
From: [EMAIL PROTECTED]
Subject: Re: Serious PGP v5 & v6 bug!
Date: Mon, 28 Aug 2000 07:42:03 GMT
=====BEGIN PGP SIGNED MESSAGE=====
Hash: SHA1
Nathan Williams wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> I'm not sure I agree with that. There is no need for a "enterprise"
> environment to have to use the ADK system to have a key escrow.
> Company policy could simply require that employees use keys furnished
> by the IT or security departments. They would keep copies of both
> keys and of its passphases. Simple solution that allows for the use
> of PGP without adding the complexity( and therefore the added risk)
> of a an ADK.
this way employer will be able not only read employees messages but also
sing messages in name of employee
== <EOF> ==
Disastry http://i.am/disastry/
http://disastry.dhs.org/pgp.htm <-- PGP half-Plugin for Netscape
remove .NOSPAM.NET for email reply
=====BEGIN PGP SIGNATURE=====
Version: Netscape PGP half-Plugin 0.14 by Disastry / PGPsdk v1.7.1
iQA/AwUBOan7pDBaTVEuJQxkEQJNZQCg2E/Wamb7/unsvXe8W+s3EkStW08An1v4
popsa/0hhiG6ldaBCJKlkJnJ
=Tq2R
=====END PGP SIGNATURE=====
------------------------------
From: Greggy <[EMAIL PROTECTED]>
Subject: Fly ball in left field...
Date: Mon, 28 Aug 2000 07:48:40 GMT
The following coded message:
"Joe is a fly ball out in left field, and must return to first base
ASAP. The third baseman is 6 feet 3 inches tall."
has the following characteristics:
Joe is the code name of a person being referred to.
Fly ball means he is excited.
"in left field" means he is a kook.
first base is a normal state of mind.
The third baseman is the person who issued the coded message and the
height of the third baseman is the signature for the message itself.
The point is that this message can be transfered in just about any form
through any channel and can be authenticated as well.
--
Theories lead to uncertainty.
Facts lead to certainty.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
