Cryptography-Digest Digest #626, Volume #12 Wed, 6 Sep 00 23:13:00 EDT
Contents:
Re: <no subject> ("Paul Pires")
Re: RSA Patent. (JD)
Re: RSA Patent Dead Today ("Paul Pires")
Re: RSA Patent. ("Paul Pires")
Re: RSA patent expiration party still on for the 20th (No User)
Re: Losing AES Candidates Could Be a Good Bet? ([EMAIL PROTECTED])
Re: bent vectors ([EMAIL PROTECTED])
PKZIP (deflate) not a random number tester? ([EMAIL PROTECTED])
Diffie-Hellman C-sample? ("Verd")
Re: RSA in public domain (Charles Blair)
Re: PKZIP (deflate) not a random number tester? (S. T. L.)
Re: RSA in public domain (Paul Rubin)
Re: Carnivore article in October CACM _Inside_Risks (-m-)
Re: PKZIP (deflate) not a random number tester? ([EMAIL PROTECTED])
Re: Diffie-Hellman C-sample? ([EMAIL PROTECTED])
Re: Carnivore article in October CACM _Inside_Risks (-m-)
----------------------------------------------------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: <no subject>
Date: Wed, 6 Sep 2000 17:12:22 -0700
I think you just did.
Next time, put in a subject before posting.
Paul
Ali Salah-eddine <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> How can I post messages?
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Mail - Free email you can access from anywhere!
> http://mail.yahoo.com/
>
> --
> Posted from web110.yahoomail.com [205.180.60.80]
> via Mailgate.ORG Server - http://www.Mailgate.ORG
------------------------------
From: JD <[EMAIL PROTECTED]>
Subject: Re: RSA Patent.
Date: Thu, 07 Sep 2000 00:06:36 GMT
In article <[EMAIL PROTECTED]>,
Roger Schlafly <[EMAIL PROTECTED]> wrote:
> DJohn37050 wrote:
> > You are wrong about RSA not being trademarked, I think. See RSA
Security web
> > page for more info.
>
> From this page, it appears RSA is now claiming some sort of
> trademark on RSA:
> http://www.rsasecurity.com/brandweb/stratpartners/trademark.html
>
> However, you were there when RSA representatives stood up before
> the IEEE P1363 committee and disclaimed any trademark on "RSA",
> and said that anyone was free to use "RSA" to describe the
> Rivest-Shamir-Adleman algorithm.
A quick search of the USPTO trademark database at http://www.uspto.gov
shows that RSA Security, Inc. has registered "RSA" as used to describe
"Computer software to integrate cryptographic security features into
software applications" (Reg. No. 2335885). There is no trademark on
"RSA" as used to refer to the algorithm itself.
--JD
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: RSA Patent Dead Today
Date: Wed, 6 Sep 2000 17:24:23 -0700
Trevor L. Jackson, III <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Shellac wrote:
>
> > According to a press release at:
> >
> > http://www.rsasecurity.com/news/pr/000906-1.html (hope that's correct)
> >
> > RSA has been released into the public domain. Odd terminology, that,
> > given that it _was_ in the public domain. From what follows it looks
> > like they've relaxed their attitude to patent enfringement. Since
> > there's only 2 weeks left on the patent, it seems a bit odd, but
> > welcome nonetheless.
>
> Perfectly understandable -- any excuse for a press release. Remember "I
> don't care what you say so long as you spell my name right."
>
Maybe sneakier than that. Here comes an opinion. The press release
wasn't targeted to effect the goodwill of the crypto community, to make
RSA look good or to seem magnanimous. They have a perception
problem and they are playing poker. Customers, partners and licensee's
are evaluating their relationship with RSA in light of this event and RSA
is posturing. "See, we're not afraid" "You still need us and we know it."
But it could just turn out to be whistling in the dark...
Paul
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: RSA Patent.
Date: Wed, 6 Sep 2000 17:29:23 -0700
JD <[EMAIL PROTECTED]> wrote in message news:8p6m60$sip$[EMAIL PROTECTED]...
> In article <[EMAIL PROTECTED]>,
> Roger Schlafly <[EMAIL PROTECTED]> wrote:
> > DJohn37050 wrote:
> > > You are wrong about RSA not being trademarked, I think. See RSA
> Security web
> > > page for more info.
> >
> > From this page, it appears RSA is now claiming some sort of
> > trademark on RSA:
> > http://www.rsasecurity.com/brandweb/stratpartners/trademark.html
> >
> > However, you were there when RSA representatives stood up before
> > the IEEE P1363 committee and disclaimed any trademark on "RSA",
> > and said that anyone was free to use "RSA" to describe the
> > Rivest-Shamir-Adleman algorithm.
>
> A quick search of the USPTO trademark database at http://www.uspto.gov
> shows that RSA Security, Inc. has registered "RSA" as used to describe
> "Computer software to integrate cryptographic security features into
> software applications" (Reg. No. 2335885). There is no trademark on
> "RSA" as used to refer to the algorithm itself.
>
> --JD
Let's see if I get it. You can release software called "Dead dog" that "Uses
the RSA algorithm" But you can't call it "Dead dog RSA software"
Pretty subtle.
Paul
>
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
Date: Wed, 6 Sep 2000 18:34:38 -0500
From: No User <[EMAIL PROTECTED]>
Subject: Re: RSA patent expiration party still on for the 20th
[Disclaimer: I am not a lawyer; do not rely on statements made here
without consulting a qualified intellectual property attorney]
[EMAIL PROTECTED] (Bill Unruh) wrote:
>I read "their own" as refereing to the "anyone". Ie, anyone may code
>up RSA and use it in any product. They may not use RSA Security code
>(eg BSAFE, RSAREF,...) as those are still copyright and they are not
>giving those up. You would only be able to use RSA after Sept 20 on
>stuff that was not developed befor that date either. You would have
>violated the patent if you had used ( developed) before that date.
>This gives you an extra two weeks.
I stand corrected about the reference of "their" to "anyone." You are
right that RSASI appears to be granting a free, non-exclusive
sublicense to any software developer who wants to create a new RSA
application over the balance of the patent term.
However, making a new RSA application is only one dimension of the
patent rights. You'll note that RSASI's generosity doesn't appear to
extend to the sale or use of such newly-created applications; it only
applies to "development activities." It seems that anyone rushing to
take advantage of the two weeks won't be able to do much with their
new creations during this period.
Furthermore, RSA applications that were developed before the 6th
(which includes applications that were legally developed outside the
United States, like PGP v2.6.3i) are not covered by this two-week
grace period at all; as I understand the law and RSASI's announcement,
(read the disclaimer above!), it is still illegal to use them within
the United States before the patent expires. That's reason enough to
delay the party until the 20th.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Losing AES Candidates Could Be a Good Bet?
Date: Thu, 07 Sep 2000 00:35:16 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> [EMAIL PROTECTED] (David C. Barber) wrote in
<8p6c2h$1pl$[EMAIL PROTECTED]>:
>
> >I was wondering if a losing AES candidate might prove a better
security
> >bet. Consider:
> >
> >None of the AES finalists is too weak, given the scrutiny that all
have
> >survived to get to this point.
> >
> >The winning candidate will continue to be subjected to analysis and
> >attack for years to come, while the also-rans will likely quickly
drop
> >off the radar screens of most people.
> >
> >Call it: Security Through Lack of Interest. :^)
> >
> > *David Barber*
> >
> >
> >
>
> Actually the losing candidates would most likely be a bad beat.
> Becasue they most likely would have never gotten in front of the
> public unless the NSA precieved them as weak. You are correct
> that the so called winning candidate we be subjected to analysis
> which may see the light of public some day. But I feel is is only
> makes sense to use something other than any of the AES candiates
> if you want security.
> One of the main problems with any of the methods is the small
> key size and the small block size. If you want more security
> with your files you should use methods capable of treating the
> whole file as a single block. If you are forced to use such
> weak methods as the AES candidates. You can at least compress with
> a bijective compressor and then reverse the byte order and run
> through a bijective compressor again. The resulting file could be
> encrypted with some small block size encryption method. Since if
> done correctly the enemy would ve forced to a least to do a whole
> pass through the file to test any key.
Duh I'm the captain, my name is David.
Now that you have ranted for about two years (that I know of) about the
NSA and the stupid small key ciphers would you care to indulge us in
anything remotely like PROOF of these claims.
Of course I could use Scottu19 which has already been attacked by the
NSA, but that would be stupid.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: bent vectors
Date: Thu, 07 Sep 2000 00:37:30 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Mack) wrote:
> >Doh, I feel really stupid, of course I was wrong. Geez I should have
> >seen that. The definition |F(w)| = 1 for all 'w' doesn't hold for
the
> >balanced 4x4 sbox as in my example.
> >
> >Sorry guys.
> >
> >Tom
> >
> >
> >Sent via Deja.com http://www.deja.com/
> >Before you buy.
>
> Sincere congradulations and compliments to
> you. It takes a lot of guts to admit a mistake.
Thanks, I hope I didn't peeve anyone. I guess I am a bit stubborn with
new facts :)
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: PKZIP (deflate) not a random number tester?
Date: Thu, 07 Sep 2000 01:07:00 GMT
On my website at http://www.geocities.com/tomstdenis/ I posted source
(near the bottom of the home page) of a program that deterministically
outputs data that will not under any circumstances be compress by
deflate (never ever ever!).
This just proves that PKZIP/INFOZIP/ARJ/LHA/BZIP/GZIP/LZOP/RAR/... are
not good random number testers!
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: "Verd" <[EMAIL PROTECTED]>
Subject: Diffie-Hellman C-sample?
Date: Thu, 07 Sep 2000 01:22:04 GMT
Dear all,
Right now I'm looking for some materials on Diffie-Hellman implementation on
C language.
Could anyone of you recommend me some samples, or materials?
It's not easy to implement that algorithm if there is enough time, but I
have
only 48 hours or so.
I hope your helps.
Thanks
With best wishes...
Gogh..
P.S.: I hope this is the correct n/g to ask such a question, if it turns
out the other way round, pls let me know ;)
------------------------------
Subject: Re: RSA in public domain
From: [EMAIL PROTECTED] (Charles Blair)
Date: Thu, 07 Sep 2000 01:25:22 GMT
>> Can anybody recommend a good on-line tutorial or clear document
>> disclosing the released RSA algorithm?
I have some ``Notes on Cryptography,'' in LaTeX and postscript
form, (sorry, no pdf) on my web site
http://www.staff.uiuc.edu/~c-blair
Look under ``papers''.
------------------------------
From: [EMAIL PROTECTED] (S. T. L.)
Subject: Re: PKZIP (deflate) not a random number tester?
Date: 07 Sep 2000 01:56:09 GMT
/*I posted source
(near the bottom of the home page) of a program that deterministically
outputs data that will not under any circumstances be compress by
deflate (never ever ever!).*/
SHA-1 hashing a 160-bit counter that starts at 0 is good enough for that.
(Boring...)
-*---*-------
S.T.L. My Quotes Page: http://quote.cjb.net
Book Reviews Page: http://sciencebook.cjb.net
Turbo-nifty interlaced interpolated PNG demo: http://interpng.cjb.net
Optimized pngcrush exectuable now on my site! Long live pngcrush!
------------------------------
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: RSA in public domain
Date: 7 Sep 2000 02:04:22 GMT
Future Beacon <[EMAIL PROTECTED]> wrote:
>Thank you for this wonderful explanation.
>
>On the line I have marked with ************************
>you say "d is from de = 1 mod(p-1)(q-1)."
>
>What is the apparently special meaning of de? Does one
>need to know about it? It doesn't seem necessary to the
>algorithm, so it must be a term everybody knows about. No?
Jim, this is very elementary stuff. If you're interested in
implementing or using RSA (and it's great if you are), I suggest
you read a book on the subject or talk to a consultant, rather
than have a drawn-out question-and-answer session in the newsgroup.
Applied Cryptography (2nd ed.), by Bruce Schneier, is always a good
place to start.
------------------------------
From: -m- <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,alt.security,talk.politics.crypto
Subject: Re: Carnivore article in October CACM _Inside_Risks
Date: Wed, 06 Sep 2000 22:28:10 -0400
Paul Rubin wrote:
>
> In article <[EMAIL PROTECTED]>, -m- <[EMAIL PROTECTED]> wrote:
> >If a system is compromised the data departing that system MUST be
> >suspect. If there is a single soul here who can tell me how I can
> >authenticate the identity of a server which has been compromised I
> >will be surprised. You see a compromised OS holds NO secrets and can
> >be manipulated in strange and mysterious ways by processes invisible
> >to the admin. The very fact that the FBI chose an OS which is not
> >certified as B2 trusted indicates the engineers who built the damn
> >thing dropped the ball.
>
> Put a hardware authentication token in the box?
As I understand it microprocessors have serial numbers embedded in the
silicon. I was very much against that idea a year or two ago. It looks
better and better every day -- IF AND ONLY IF we get rid of some of the
other methods of information gathering such as Cookies... and browser
history.
--
If children don't know why their grandparents did what they did, how
shall
those children know what is worth preserving and what needs to
change?
Public Key at http://pgpkeys.mit.edu:11371
Public Key Encryption? http://www.cryptography.org/getpgp.htm
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: PKZIP (deflate) not a random number tester?
Date: Thu, 07 Sep 2000 02:35:54 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (S. T. L.) wrote:
> /*I posted source
> (near the bottom of the home page) of a program that deterministically
> outputs data that will not under any circumstances be compress by
> deflate (never ever ever!).*/
>
> SHA-1 hashing a 160-bit counter that starts at 0 is good enough for
that.
> (Boring...)
It's possible some of that does compress. In my case "none" of it
compresses because I take advantage of the structure in deflate....
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Diffie-Hellman C-sample?
Date: Thu, 07 Sep 2000 02:37:01 GMT
In article <05Ct5.8796$[EMAIL PROTECTED]>,
"Verd" <[EMAIL PROTECTED]> wrote:
> Dear all,
>
> Right now I'm looking for some materials on Diffie-Hellman
implementation on
> C language.
> Could anyone of you recommend me some samples, or materials?
> It's not easy to implement that algorithm if there is enough time,
but I
> have
> only 48 hours or so.
> I hope your helps.
> Thanks
>
> With best wishes...
> Gogh..
>
> P.S.: I hope this is the correct n/g to ask such a question, if it
turns
> out the other way round, pls let me know ;)
What exactly do you want? I can wip up some C code that uses MPI if
you like ... Perhaps during the weekend. If you need it in 2 days send
300$ my way :) hehehehe...
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: -m- <[EMAIL PROTECTED]>
Crossposted-To: comp.security.misc,alt.security,talk.politics.crypto
Subject: Re: Carnivore article in October CACM _Inside_Risks
Date: Wed, 06 Sep 2000 22:41:26 -0400
Barry Margolin wrote:
>
> In article <[EMAIL PROTECTED]>, -m- <[EMAIL PROTECTED]> wrote:
> >If it turns out that the unit can be spoofed... then every conviction
> >obtained with the help of carnivore should be in jepardy.
>
> Most electronic evidence can be faked. But just because something *can* be
> spoofed doesn't mean it was, and the defense would have to convince the
> jury that there's a reasonable chance it was.
Compromises are dangerous when dealing with peoples liberties.
>
> Traditional written signatures can also be forged pretty easily, but that
> hasn't put most verdicts that depend on signatures in jeopardy, either.
>
> >I believe you should think more deeply about this issue. Go and read
> >RFC 1097. Come back and tell me if you think THAT was a good idea.
>
> You realize RFC 1097 was an April Fool's Day joke, don't you?
>
No I didn't but I am pleased -- if somewhat embarrassed to hear it...
I did check it again and it appears that you are correct. Nice joke.
The egg is on my face on that one. Sorry to trouble you. Ah, well,
I guess I'll have to go back to the old escape sequences in the VT-100
to do that then... Here I thought I had an easier way to write that
code.
> >As to Carnivore, it is too little and too late. It is a sniffer and
> >a sniffer picks up every packet on the wire in order to sift thru and
> >find the ones which meet the target criteria. One thing a sniffer CAN
> >NOT DO WITH CERTAINTY is be positive the packet came from the address
> >that it claims to have come from... Don't waste your breath telling
> >me about MAC addresses. MAC's can be changed by the Administrator of
> >the system.
>
> Someone would have to do that intentionally, which would require that they
> know they're being monitored.
No sir, it would require that they knew what they were doing and
intended
to confuse the issues. A professional would change it up front AND
attach
an unused IP to it so that some of the arp watchers would not notice the
change. Packets would have bogus MAC's and bogus IP's right from the
start.
A professional does not discover he is under surveillance... he assumes
it
from the start.
I do find the April Fool's joke funny.
-m-
>
> --
> Barry Margolin, [EMAIL PROTECTED]
> Genuity, Burlington, MA
> *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
> Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
--
If children don't know why their grandparents did what they did, how
shall
those children know what is worth preserving and what needs to
change?
Public Key at http://pgpkeys.mit.edu:11371
Public Key Encryption? http://www.cryptography.org/getpgp.htm
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
