Cryptography-Digest Digest #738, Volume #12 Fri, 22 Sep 00 07:13:01 EDT
Contents:
Re: Software patents are evil. (David Rush)
Re: Again a topic of disappearing e-mail? (Runu Knips)
Re: t ("Trevor L. Jackson, III")
Re: What am I missing? (Sagie)
Re: PGP 6.5.8 source code published ([EMAIL PROTECTED])
Re: CDMA tracking (was Re: GSM tracking) (Sagie)
Re: Maximal security for a resources-limited microcontroller (Sagie)
Re: Maximal security for a resources-limited microcontroller (Sagie)
Re: Tying Up Loose Ends - Correction (Tim Tyler)
Re: Maximal security for a resources-limited microcontroller (Paul Rubin)
----------------------------------------------------------------------------
From: David Rush <[EMAIL PROTECTED]>
Subject: Re: Software patents are evil.
Date: 22 Sep 2000 10:23:19 +0100
"Trevor L. Jackson, III" <[EMAIL PROTECTED]> writes:
> Bill Unruh wrote:
> > In <[EMAIL PROTECTED]> "Trevor L. Jackson, III"
> > <[EMAIL PROTECTED]> writes:
> > Patents had has almost nothing to do with software until
> > recently. Yet, you could not say that software has suffered in the
> > US.
>
> Devil's advocate position. Resolved: that the low quality of US
> software is due to the lack of an effective protection for
> intellectual property.
Oooh. I feel the first rumblings of a paradigm shift.
> dominated by cost differences. So a company that prices its
> software higher than the competition to cover serious development
I've been there. My first startup, back in 1985 had this problem. That
was when I concluded that the American myth of the better mousetrap
was false, and that better salesman were the ones who truly get
rewarded. u$oft has only confirmed my suspicions.
> Effective IP would restore the balance between quality and cost and
> reduce the domination of the first-to-market mentality.
Actually, you could easily extend your argument to say that the
open source movement has come about due to that first-to-market
mentality. I know for myself, that If I'm looking for high-quality
software I'll take a mature open source project any day of the week.
And I work on open source because I *can* produce good work without
having to deal with the 'first is better than best' reality of the
software marketplace.
Of course this also implies that Richard Stallman has propagated more
evil than Bill Gates...
> Conclusion: I can say that software has suffered in the US if low
> quality counts as suffering.
I am definitely feeling some rumblings in my paradigm.
david rush
--
Next to the right of liberty, the right of property is the most
important individual right ... and ... has contributed more to the
growth of civilization than any other institution established by the
human race.
-- Popular Government (William Howard Taft)
------------------------------
Date: Fri, 22 Sep 2000 11:30:32 +0200
From: Runu Knips <[EMAIL PROTECTED]>
Subject: Re: Again a topic of disappearing e-mail?
Mok-Kong Shen wrote:
> Email users will soon be able to erase the messages they send
> from the recipient's hard drive using software called SafeMessage
> that a company called AbsoluteFuture is releasing today.
> SafeMessage destroys messages within a certain amount of time
> after the recipient opens them, erasing all footprints on PC
> hard drives and computer servers, says AbsoluteFuture CEO Graham
> Andrews. Law enforcement officials worry that criminals and
> terrorists will use SafeMessage to conceal their communications,
> arguing that fighting crime effectively in the digital age
> requires email tracing. Meanwhile, privacy advocates applaud
> the new software. One oil executive says he uses a beta version
> of SafeMessage to prevent rivals from accessing his messages.
> http://www.usatoday.com/usatonline/20000920/2662888s.htm
Pfft as if this is something noticeable. Using PGP and removing
the email by hand has the same effect, doesn't it ?
------------------------------
Date: Fri, 22 Sep 2000 05:43:19 -0400
From: "Trevor L. Jackson, III" <[EMAIL PROTECTED]>
Subject: Re: t
John Savard wrote:
> On Thu, 21 Sep 2000 16:34:39 GMT, "John R."
> <[EMAIL PROTECTED]> wrote, in part:
>
> >> But the plot is cliched. I can guess how the book begins. Something
> >> like:
>
> >> T
> >> NNT
> >> NF
> >> TOT
> >> TOF
> >> FOT
> >> TIT
> >> FIT
> >> FIF
> >> TET
> >> FEF
> >> TAT
> >> LTR
> >> LNNTR
> >> LNFR
> >> LTOTR
> >> LTOFR
> >> LFOTR
> >> LTITR
> >> LFITR
> >> LFIFR
> >> LTETR
> >> LFEFR
> >> LTATR
> >> TALFOTR
> >> NLLTAFROTR
> >> NLFOFR
> >> NLTIFR
> >> NLTEFR
> >> NLFETR
> >> NLTAFR
> >> NLFATR
> >> NLFAFR
>
> >Now, I am new to all this, and was wondering if someone could explain,
> >or point me in the direction to understand it.
>
> Each of these lines of text is a true statement. They're designed to
> make it possible to figure out what the characters mean.
>
> Thus, the original part
>
> T
> NNT
> NF
>
> makes sense if T stands for true, F stands for false, and N stands for
> negation, as represented by ~ in Boolean algebra.
>
> I then went on to introduce the basic operators: A for AND, O for OR,
> I for implication, and E for equivalence (not XOR).
>
> However, one can't really do much of consequence without parentheses,
> and so I denoted ( and ) by L and R respectively.
>
> So after the quoted part, I defined A, O, I, and E by showing all the
> cases where they produced a true result. Then, I repeated everything I
> said so far, but with parentheses around it, showing that nothing is
> changed by them.
>
> Then, I indicated what parentheses are for by showing that the two
> statements
>
> True and ( False or True )
>
> and
>
> not ( ( True and False ) or True )
>
> ... whoops.
>
> Should have been
>
> True or ( True and False )
>
> and
>
> not ( ( True or True ) and False )
>
> instead:
>
> TOLTAFR
> NLLTOTRAFR
>
> are both true.
>
> Finally, with parentheses, I listed the false cases of the truth
> tables for A, O, I, and E.
>
> John Savard
> http://home.ecn.ab.ca/~jsavard/crypto.htm
Given the size of the thread that the original message generated, perhaps
there was some form of super compression in the original single character.
;-)
------------------------------
From: Sagie <[EMAIL PROTECTED]>
Subject: Re: What am I missing?
Date: Fri, 22 Sep 2000 09:43:32 GMT
No, no, you got it all wrong...
SDMI is a *WATERMARK*, it is not an encrypted format. Ryan was right in
his observation -- SDMI's efforts are futile, because people can still
listen to the music using "old" unprotected players, whatever the
actual format is.
Ryan -- using an audio editor (e.g. Cool Edit, Sound Forge), try
to "subtract" the original wave from the watermarked wave. This will
allow you to see the actual watermarking signal and analyse it.
In article <8qeaol$1dij$[EMAIL PROTECTED]>,
"David C. Barber" <[EMAIL PROTECTED]> wrote:
> I believe that SDMI is a new encryption method that is supposed to
only
> unlock the file for playing, and not for conversion to
other "unprotected"
> formats. The hope is that the watermark would survive translation to
other
> formats, and as SDMI compliant players replace "older software" which
won't
> play SDMI songs (so they are trying to force you to upgrade), they
will
> refuse to play songs that the watermark says were copied, regardless
of
> format. That's what I think they intend to do.
>
> They want SDMI to replace MP3 as the format for distribution, and the
> watermark to tell the players when not to copy or convert, even if a
prior
> conversion was successfully made.
>
> *David Barber*
>
> "Ryan Phillips" <[EMAIL PROTECTED]> wrote in message
> news:39caa4d5$[EMAIL PROTECTED]...
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > I D/Led some of the zip files provided on the site ( I still think
> > the contest is unfair, because they don't mention the algorithm for
> > the watermark, but anyhow... ) The three wave files provided from
> > TechnologyA play perfectly fine under Winamp 2.64. And they convert
> > nicely into Mp3s (256 kb) with AudioGrabber 1.62. Does the
> > watermarking technique only protect audio on the new SDMI devices.
> > If this is the case, won't people just use the old software to
> > rip/play songs?
> >
> > regards,
> > ryan phillips
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP 7.0
> >
> > iQA/AwUBOcqlZ6wUALWQ09HEEQJYbgCeNvvQsks6ISt3E6iTHYptkjmbzicAn1Ub
> > jCx/GoT9JcV+WezEgnNAPp/j
> > =vj+6
> > -----END PGP SIGNATURE-----
> >
> >
> >
> >
> >
> > -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
> > http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
> > -----== Over 80,000 Newsgroups - 16 Different Servers! =-----
>
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: PGP 6.5.8 source code published
Date: Fri, 22 Sep 2000 09:48:07 GMT
Can you post the website address for this please.
Thanks
ajd
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Steve) wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> PGP 6.5.8 source code is available at the MIT
download site.
>
> It's not mentioned on the "outer" pages, but
it's on the actual
> download page past the click-through export
control page.
>
> That's a relief...
>
> :o)
>
> Steve
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
>
>
iQEVAwUBOcqzW8XTOLlJEtXlAQFS7wf/cPbWRBvh7LPPTjV92K
7rlhN7KMhx+Vqn
>
Qyg5klj3es8BYQ3kBIcuyugf3zSQQia6N6AiDaU2pNU6TlOddy
un0kuzdGxZNzrG
>
pe2vZn5aPNcoEcVe0jr1eRmzxTCtCvZzqVpl5m1ZkQET8Dk8lk
Z4fvdQgmeJGXzk
>
EGRsG1ihDYbNQFRRiPYqOupgiYxY4Tv197fBsW9xutRbLT2ARa
/t01ahUiSRBA+o
>
OVzgh1uC1G+OftHjoyvEypg1NJdzjPUbJr0GKNtzZCLBNJSoEh
Se4SCq9oe0ArKz
>
GkqBLBpk4bydvJVezmc/C7awFjSH5QYCQHuR8gATFMrGHGYkGG
Esrg==
> =UE3m
> -----END PGP SIGNATURE-----
>
> ---Support privacy and freedom of speech with---
> http://www.eff.org/ http://www.epic.org/
> http://www.cdt.org/
> My current keys are
> RSA - 0x4912D5E5
> DH/DSS - 0xBFCE18A9
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Sagie <[EMAIL PROTECTED]>
Subject: Re: CDMA tracking (was Re: GSM tracking)
Date: Fri, 22 Sep 2000 10:10:20 GMT
You can try to send an urgent SMS to the phone while off. Urgent
messages seem to turn on most CDMA phones.
Your tests seem to have a bit odd results to me... Are you sure the
substance the safe is made from is conductive? Is there a sufficient
contact between the safe's sides? Did you close the safe's door? Does
the door have sufficient contact with the rest of the safe?
I have no doubt that if the safe was a sufficient Faraday's cage, the
pager would not have received messages -- ground or no ground.
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (Mack) wrote:
> >I believe the aluminum briefcase is more than enough for a CDMA
cellphone,
> >due to the following reasons:
> > 1. While off, the cellphone does not transmit -- it only
receives. It
> >will only transmit when told to do so, which requires the phone to
receive
> >that message from the network. The briefcase is enough to block phone
> >reception from any cellular system.
> > 2. Keep in mind that CDMA is based on spread-spectrum. This
makes the
> >actual power-per-frequency rating much lower than any other cellular
system,
> >and therefore the briefcase should not have any problem defeating the
> >phone's transmission. The signal-to-noise level outside the
briefcase would
> >be so low that the original signal could never be reconstructed (or
sensed,
> >for that matter).
> > 3. The aluminium briefcase is much bigger than the phone, and is
> >therefore a sufficient ground space (compared to the phone's tiny
ground
> >space).
> >
> >
> >Sagie.
> >
>
> I will test this ... since I don't have a small metal briefcase I
will use a
> small
> safe and let you know how it turns out.
>
> Tested with pager and cell phone. Both receive when in an ungrounded
> metal safe. The pager recieved beeps. The cell phone maintained
signal.
> Since I don't have a way of testing the response when it is off I
can't
> judge that.
>
> For a faraday cage to work properly it should be grounded
> in one of the reference frames. ie. with respect to either the phone
or the
> cell tower but now that I think about it the charging plug would
provide
> an adequate ground with respect to the phone.
>
> Now to figure out how to do that without shorting the phone out ....
> Which one of those connectors is supposed to be ground?
>
> >
> >"H. Ellenberger" <[EMAIL PROTECTED]> wrote in message
> >news:[EMAIL PROTECTED]...
> >> Mack wrote:
> >>
> >> > >If you are concerned about your phone being
> >> > >trackable when it is off, why not just put
> >> > >it in an aluminum briefcase ?
> >>
> >> > Not terribly effective at attenuating signals.
> >> > It must be properly grounded. The 50 foot of ground
> >> > cable limits the effective range of the phone.
> >>
> >> Completely wrong, no ground cable is required.
> >> If the metal briefcase should leak too much rf power,
> >> just put it into a small and tight metallic box.
> >>
> >> HE
> >>
> >>
>
> Mack
> Remove njunk123 from name to reply by e-mail
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Sagie <[EMAIL PROTECTED]>
Subject: Re: Maximal security for a resources-limited microcontroller
Date: Fri, 22 Sep 2000 10:38:30 GMT
Okay, thank you both.
The link Paul provided took me to an implementation for the
microcontroller I'm using (Microchip PIC)... Thanks a lot!
I was a bit disappointed from the execution time ratings (2600
cycles!), though, but I guess security comes with a price tag... Plus,
I might be able to get the cycle rating down by some hardcore
optimization.
So thanks again for both of you,
Sagie.
In article <[EMAIL PROTECTED]>,
Paul Rubin <[EMAIL PROTECTED]> wrote:
> "Sagie" <[EMAIL PROTECTED]> writes:
> > I'm in need of a symmetric (secret key) encryption process for
one of my
> > projects. I would love to use one of the popular schemes, such as
blowfish
> > and DES, but the cipher has to be implemented in a teeny-weeny
> > microcontroller with very limited resources. The cipher's program
footprint,
> > memory footprint and execution time must therefore be as small as
possible,
> > while maintaining the highest security possible (I was thinking
about a
> > process that will take no more than 150 RISC cycles per byte, and a
program
> > footprint of no more than 384 words). Plus I'm also quite a novice
in these
> > issues.
>
> If you can stand around 350 cycles/byte, try Skipjack, which should
> be at least as good as DES, but smaller. See
>
> http://www.brouhaha.com/~eric/crypto/#skipjack
>
> for a sample microcontroller implementation. Program size is around
> 320 words if you want to encrypt *or* decrypt; close to your 384 if
> you want to do both. It needs only 3 bytes of temporary ram, plus
> the 8-byte data block plus the 10-byte key.
>
> Another alternative is to use the RC4 stream cipher, which needs less
> code space but which needs around 260 bytes of RAM. It will run a lot
> faster than Skipjack but imposes some special key management
constraints
> since it is a stream cipher.
>
> > What I had in mind was to implement a non-linear 4-bit or 8-bit
lookup
> > table (8-bit lookup table is as far as I can go -- and it must be
used for
> > both encryption and decryption, which is not a big deal because I
can decide
> > that incoming messages will be encrypted with the decryption key),
along
> > with maybe some bit splicing.
> >
> > The last line of defence I was thinking of is somehow making the
> > encryption of every byte dependant of the encryption result of the
last
> > byte. But this raises question as for implementing the decryption
process...
>
> This gives no security at all.
>
> Re general references: get the book _Applied Cryptography_ by Bruce
Schneier.
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Sagie <[EMAIL PROTECTED]>
Subject: Re: Maximal security for a resources-limited microcontroller
Date: Fri, 22 Sep 2000 10:54:26 GMT
One more question:
When selecting a key for the SkipJack algorithm, should I use a big
prime or may I use any random 80-bit constant? Is there any difference?
TIA,
Sagie.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tim Tyler <[EMAIL PROTECTED]>
Subject: Re: Tying Up Loose Ends - Correction
Reply-To: [EMAIL PROTECTED]
Date: Fri, 22 Sep 2000 10:54:10 GMT
SCOTT19U.ZIP_GUY <[EMAIL PROTECTED]> wrote:
: [EMAIL PROTECTED] (Benjamin Goldberg) wrote:
:>SCOTT19U.ZIP_GUY wrote:
:>> [EMAIL PROTECTED] (Mok-Kong Shen) wrote:
:>> >Tim Tyler wrote:
:>> >> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
:>> >> : If my message is over one hundred bytes, do you think
:>> >> : that I need to care about wasting 5 bits?? [...]
:>> >>
:>> >> At worst, this can reduce the size of keyspace by a factor of 32.
:>> >
:>> >Sorry, I don't understand. What do you mean by 'keyspace'
:>> >here? This is the message space. The message gets longer
:>> >by 5 bits. There is no information in the above of how
:>> >big the key is. [...]
:>>
:>> I thought we are talking about compressing then ecnrypting.
:>> If you always add 5 zeros or any other fixed amount of bits
:>> after a compressed string or any file for that matter which is
:>> then encrypted. The attacker know what the last few bits are
:>> and throws out keys that don't match. So if the last five bits
:>> of a file are known then it means you reduce your key space by
:>> 5 bits.
:>
:>Reducing the message space by x bits does *not* reduce the keyspace by x
:>bits... How much the keyspace is reduced depends on the unicity
:>distance.
: There was nothing in the previous message to suggest what you
: claimed. What was in the message was if you know what certain bits
: are. Then that can reduce the key space.
If one was *replacing* five bits at the end of the message by 0s,
the effect would depend on the unicity distance [because those
bits might have been known already].
That's not what David was talking about. David is discussing the
effect of adding an additional section of known plaintext to the
end of the file. This normally has the effect of decreasing the
keyspace by almost exactly five bits - provided the effective
keyspace doesn't go negative, of course.
[This may not necessarily reduce the difficulty of searching the
keyspace, but does allow certain automated rejection of many keys.]
--
__________ Lotus Artificial Life http://alife.co.uk/ [EMAIL PROTECTED]
|im |yler The Mandala Centre http://mandala.co.uk/ Namaste.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: Maximal security for a resources-limited microcontroller
Date: 22 Sep 2000 04:09:39 -0700
Sagie <[EMAIL PROTECTED]> writes:
> One more question:
> When selecting a key for the SkipJack algorithm, should I use a big
> prime or may I use any random 80-bit constant? Is there any difference?
Do you mean for the key?! Prime numbers have nothing to do with
Skipjack. The key should just be some structureless bunch of bits.
What do you mean by constant though? You're not planning to use the
same key in multiple chips across some big system, are you? You are
doomed if you do that.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
