Cryptography-Digest Digest #422, Volume #13 Fri, 5 Jan 01 01:13:01 EST
Contents:
Re: Any Ziplip Users Here???? (Wendel)
Re: Simple Sublimibimbimal Exercise (Anonymous Remailer)
Re: Can anyone break these cryptograms? (Richard John Cavell)
Re: Simple Sublimibimbimal Exercise (Steve K)
____MIPS (Where is my problem?) (kctang)
Re: Can anyone break these cryptograms? (Jim Gillogly)
But this is already a problem [Re: "Content Protection for Recordable Media"] (Scott
Craver)
Re: Audio-CD steganography? (Scott Craver)
Re: Audio-CD steganography? (Scott Craver)
Re: But this is already a problem [Re: "Content Protection for Recordable Media"]
(David Eppstein)
Austin Cypherpunks - Tue. Jan. 9, 2001 (Jim Choate)
Re: Any Ziplip Users Here???? (Paul Rubin)
Re: Intel holding back because of security issues! (Scott Craver)
----------------------------------------------------------------------------
From: Wendel <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy.anon-server,alt.privacy
Subject: Re: Any Ziplip Users Here????
Date: Fri, 5 Jan 2001 01:44:40 -0000
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
>
> This story does not check out. It appears to be fiction.
>
Besides Ziplip seemed to be working fine when I visited earlier today.
====== Posted via Newsfeeds.Com, Uncensored Usenet News ======
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
======= Over 80,000 Newsgroups = 16 Different Servers! ======
------------------------------
From: [EMAIL PROTECTED] (Anonymous Remailer)
Date: 5 Jan 2001 03:19:23 -0000
Subject: Re: Simple Sublimibimbimal Exercise
>Whereever there are black areas in a graphic, the same technique is good
Easy, its the NSA charter.
Steganography is a question of familiarity, thats why it is
pointless to have "standard stego". Everyone has to invent
a proprietary stego. This is a nice example, but the fact is
that custom stego is limited to 0.00001 of Net users, the
non-morons, all of which are already highly suspicuos and on
many surveillance lists.
Just use 256-bit crypto ... not Rijndael, of course :-)
--
ExoNet Anonymous Remailer <http://www.exonet.org/remailer/>
------------------------------
From: Richard John Cavell <[EMAIL PROTECTED]>
Crossposted-To: rec.puzzles
Subject: Re: Can anyone break these cryptograms?
Date: Fri, 5 Jan 2001 15:31:06 +1100
Well, come on then!
On Sun, 31 Dec 2000, daniel mcgrath wrote:
> Below are two cipher messages encrypted using the exact same system --
> keys and all. Although the two cryptograms show little resemblance to
> one another, their plaintexts say very similar things, with only a
> slight difference. I would be interested in seeing if any of you on
> rec.puzzles or sci.crypt are able to decipher the messages, or at
> least make hypotheses.
>
> Good luck!
>
> Advth'xance,
> Daniel
>
> Cryptogram #1:
>
> BHNIM GKVIJ USKWG WHKGG HTGKS VIAIU LLAUT USUMU XKUUW ISXUL
> GSSVW BIVJG IGJKW THXKW VUXUU OYIUB OLVDP WTASS YSJKS IGGHU
>
> Cryptogram #2:
>
> BIQHO KHUKG IUSIU GXXUI HGITG KSGXI ILUIZ IUUWW UWWTW TKXTU
> LTUXI XGSWS SKKTB UKKHI KTSKI JVBUW NUXXX VOCIM IOLUC ZQUSK
> USETW HGSHG GKXH
>
> (WARNING: I did not use a computer to encipher these messages, so
> there may be an error or two somewhere. I think they're all right,
> though.)
>
> --------------------------------------------------
> daniel g. mcgrath
> a subscriber to _word ways: the journal of recreational linguistics_
> http://www.wordways.com/
>
>
>
==============
Richard Cavell
Medical Student, Debater, Chess Player, etc.
[EMAIL PROTECTED]
Newsgroups - Please keep any discussion on the group, and copy your
replies to me via email. (Server problems).
Do you want filthy language and abuse sent back to you? Just send me bulk
unsolicited email! Don't say you didn't ask for it!
------------------------------
From: [EMAIL PROTECTED] (Steve K)
Subject: Re: Simple Sublimibimbimal Exercise
Date: Fri, 05 Jan 2001 07:54:12 GMT
=====BEGIN PGP SIGNED MESSAGE=====
On Wed, 03 Jan 2001 19:30:43 -0600, [EMAIL PROTECTED] (wtshaw) wrote:
>Pull up www.radiofreetexas.com/wts/pix/text.GIF.
>
>Save it and see if you can find the process to see the contents. I
>left a few clues to egg you on, the confined spaces is some letters,
>but they could be eliminated.
>
>Whereever there are black areas in a graphic, the same technique is
>good for hiding content and most probably already have what you need
>to read it, the Gates Secret Decoder Ring, otherwise known as MS
>Photo Editor. --
>History repeats itself when given the opportunity.
>Question repeating old mistakes.
>Be certain of the outcome of repeating mistakes.
Well....
I've see "TEMPEST resistant" fonts before, but that one certainly
takes the prize.
:o))
Steve
=====BEGIN PGP SIGNATURE=====
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQEVAwUBOlV9n8XTOLlJEtXlAQG9EQf9HqGW4lQEPfXpOfYtd4aGTgeKYjPn6Kuh
1D8R/NWEcHWcZapCUSsIQ8QSP3II0Luy7qYEhq/mNqRKf+x4ZHBDW9KZp+R8a/Q+
r7vXtng/EIaqzGCV7Jz8+nu6ZVLTmr+S4hyD8DVKaoeacIIGWRiQk8B9QpEcpX+Z
teBaMwOdyGE/L7yuoKdW6thRnVhjLhBUG2f268nscDjv9dgv+XgPvfBJL8X1tzNz
h9A/NSJ/rhUKtJ35o6dtIMW1P+fLaZB3vyllXdyqQWJjDIre5a+uKD70bGUE568T
5d9l6lO7ELp2DER1QS1OfPiYTsPk/N4XU4AxFmaaTXfTaVZATHG6lA==
=6e9K
=====END PGP SIGNATURE=====
---Support privacy and freedom of speech with---
http://www.eff.org/ http://www.epic.org/
http://www.cdt.org/
PGP keys:
RSA - 0x4912D5E5
DH/DSS - 0xBFCE18A9
------------------------------
From: kctang <[EMAIL PROTECTED]>
Crossposted-To: comp.benchmarks
Subject: ____MIPS (Where is my problem?)
Date: Fri, 05 Jan 2001 12:47:46 +0800
==============928184C97FBD90DF4F1DDD5B
Content-Type: text/plain; charset=big5
Content-Transfer-Encoding: 7bit
Bob Silverman wrote:
> kctang wrote:
> > >"All along I thought that MIPS = Meaningless Indicator of Processor
> > Speed"
> >
> > Despite the above statement, may I ask?!!
> >
> > What is the MIPS rating of a Pentium II-400 MHz?
>
> I don't know why this person is asking this question here, since he
> already asked it (and received an answer from me!) in sci.crypt.
>
> Isn't this a violation of netiquette?
The reason that I keep on asking is, in my opinion, rather obvious!
Many papers, journal papers, newspapers or the likes, not long ago,
simply used MIPS.
What I want is to do is to relate their information to my own
PII-400Mhz PC?
Here is the problem: In a Certicom paper dated 1998, we find:
Computing power required to compute elliptic curve logarithms with
the Pollard rho-method:
===================================================================
Size of n in bits sqrt(pi * n/2) MIPS years
================= ============== ==========
160 2^80 9.6 * 10^11
186 2^93 7.9 * 10^15
234 2^117 1.6 * 10^23
354 2^177 1.5 * 10^41
So how can I relate those MIPS years with the computing power of my
Pentium II-400Mhz despite that I don't have 10^10 number of such
PCs?
Daughter Silverman told us not to use MIPS, but in this case, would
just a rough estimate of MIPS of my Pentium II-400 be good enough?
Thanks, kctang
==============928184C97FBD90DF4F1DDD5B
Content-Type: text/html; charset=big5
Content-Transfer-Encoding: 7bit
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
Bob Silverman wrote:
<blockquote TYPE=CITE> kctang wrote:
<br>> >"All along I thought that MIPS = Meaningless Indicator of Processor
<br>> Speed"
<br>>
<br>> Despite the above statement, may I ask?!!
<br>>
<br>> What is the MIPS rating of a Pentium II-400 MHz?
<p>I don't know why this person is asking this question here, since he
<br>already asked it (and received an answer from me!) in sci.crypt.
<p>Isn't this a violation of netiquette?</blockquote>
<tt></tt>
<p><br><tt>The reason that I keep on asking is, in my opinion, rather
</tt>obvious<tt>!</tt><tt></tt>
<p><tt>Many papers, journal papers, newspapers or the likes,
not long ago,</tt>
<br><tt>simply used MIPS.</tt><tt></tt>
<p><tt>What I want is to do is to relate their information to my own</tt>
<br><tt>PII-400Mhz PC?</tt><tt></tt>
<p><tt>Here is the problem: In a Certicom paper dated 1998, we find:</tt><tt></tt>
<p><tt>Computing power required to compute elliptic curve logarithms with</tt>
<br><tt>the Pollard rho-method:</tt>
<br><tt>-------------------------------------------------------------------</tt><tt></tt>
<p><tt>Size of n in bits sqrt(pi * n/2)
MIPS years</tt>
<br><tt>----------------- --------------
==========</tt>
<br><tt>160
2^80
9.6 * 10^11</tt>
<br><tt>186
2^93
7.9 * 10^15</tt>
<br><tt>234
2^117 1.6 *
10^23</tt>
<br><tt>354
2^177 1.5 *
10^41</tt><tt></tt>
<p><tt>So how can I relate those MIPS years with the computing power of
my</tt>
<br><tt>Pentium II-400Mhz despite that I don't have 10^10 number of such</tt>
<br><tt>PCs?</tt><tt></tt>
<p><tt>Daughter Silverman told us not to use MIPS, but in this case, would</tt>
<br><tt>just a rough estimate of MIPS of my Pentium II-400 be good
enough?</tt><tt></tt>
<p><tt> </tt>
<br><tt>Thanks, kctang</tt>
<br><tt> </tt>
<br><tt></tt>
<br><tt></tt>
<br><tt></tt>
<br><tt></tt> </html>
==============928184C97FBD90DF4F1DDD5B==
------------------------------
From: Jim Gillogly <[EMAIL PROTECTED]>
Crossposted-To: rec.puzzles
Subject: Re: Can anyone break these cryptograms?
Date: Thu, 04 Jan 2001 20:57:32 -0800
Richard John Cavell wrote:
>
> Well, come on then!
>
> On Sun, 31 Dec 2000, daniel mcgrath wrote:
>
> > Below are two cipher messages encrypted using the exact same system --
> > keys and all. Although the two cryptograms show little resemblance to
> > one another, their plaintexts say very similar things, with only a
> > slight difference. I would be interested in seeing if any of you on
> > rec.puzzles or sci.crypt are able to decipher the messages, or at
> > least make hypotheses.
> > Cryptogram #1:
> >
> > BHNIM GKVIJ USKWG WHKGG HTGKS VIAIU LLAUT USUMU XKUUW ISXUL
> > GSSVW BIVJG IGJKW THXKW VUXUU OYIUB OLVDP WTASS YSJKS IGGHU
> >
> > Cryptogram #2:
> >
> > BIQHO KHUKG IUSIU GXXUI HGITG KSGXI ILUIZ IUUWW UWWTW TKXTU
> > LTUXI XGSWS SKKTB UKKHI KTSKI JVBUW NUXXX VOCIM IOLUC ZQUSK
> > USETW HGSHG GKXH
At the risk of setting myself up as a target again, I'll make a couple
of observations. First, the IC of these ciphers is high -- in fact, a
little above what one would expect with simple substitution. On the
other hand, neither of them shows long useful repeats, although the
second one repeats UWWUWW near the end of the top line. I'll guess
(without any real conviction) that this came about by chance.
These two taken together suggest that it's a combination of simple
substitution and transposition. If simple substitution is involved,
it could even be a Caesar cipher with offset 7, which results in a
nice-looking English-like distribution, except with a large preponderance
of Q's without a matching number of U's: 7 Q's out of 100 for the first
cryptogram, and 8 Q's out of 114 for the second cryptogram, with 36%
vowels -- very close to the expected 40% vowels. This is sort of
appealing: in the first cryptogram with this offset-7 Caesar the
six unused letters are KLTWYZ -- except for the T, this is a
credible set not to have been used. For the second cryptogram the
unused letters are JLSUXZ. Again, only S is seriously out of place,
as a medium-high-frequency letter. Again, I'm not wedded to this
Caesar idea, but it nearly fits. The excess Q's would be some kind
of marker: perhaps punctuation or padding to fill out the transposition
into suitable-sized blocks, and their appearance would explain the
higher-than-expected IC.
If it really is this type of cipher, I suspect the transposition
isn't just a single columnar transposition, but rather something
messier. Again, if these guesses are right, it would be vulnerable
to the "general solution", i.e. multiple anagramming.
--
Jim Gillogly
Sterday, 14 Afteryule S.R. 2001, 04:38
12.19.7.15.9, 1 Muluc 12 Kankin, Third Lord of Night
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Subject: But this is already a problem [Re: "Content Protection for Recordable Media"]
Date: 31 Dec 2000 07:24:51 GMT
Marc <[EMAIL PROTECTED]> wrote:
>>from my understanding, you can backup the entire drive. only you need
>>to restore to the same drive.
>
>Wow, a backup that doesn't restore when I need it most: when the
>drive fails. Isn't this why we do backups at all?
People objecting to the impossibility of backups under
such a system may not realize that this has already been
thrust upon Windows users, in a limited form.
Microsoft has been selling "medialess" OS distributions
for a while now, meaning that your new computer w/ Windows
pre-installed does not come with the OS on CDs. Rather,
it may come with a "recovery" CD or a pristine copy of
the OS on a separate partition on the hard drive[1].
The idea behind this is that your Windows license is intended
specifically for the machine you bought. If you lost your
computer in a fire and got a new one, but want to use your
purchased copy of Windows; or, more realistically, if your
HD blows up and you need to reinstall on another HD, tough.
When I last checked, MS was aware of these concerns, but
could only say that this is just the way it will be. You
surely can back up your drive, but already we see companies
employing mechanisms which make certain "fair use" backups
impossible[2].
-S
[1] The medialess OS move appears to be an anti-piracy
measure, which in turn appears to be a sign that MS is
preparing itself for what may come: a possible split,
and thus reliance upon OS sales alone.
[2] Note that there is no such thing as "fair use rights."
A software or hardware company can legally make its drive/software
impossible to back up, and in doing so is not infringing on any
right to make "fair use" copies. You can not, for instance,
take them to court as you could if someone violated your
right to freedom of speech. "Fair use" is in actuality a legal
defense rather than a right, something you can invoke if sued
for infringement; and there is nothing to stop a company from
developing a technology, like macrovision, SDMI, or 21 read errors
(remember those?) which may impede your ability to make copies
that would usually be protected under fair use.
in which you are not supposed to be migrating your stuff
to
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Subject: Re: Audio-CD steganography?
Date: 4 Jan 2001 19:29:52 GMT
Dave Rudolf <[EMAIL PROTECTED]> wrote:
>Agreed, although it rather than inserting the occasional "sound sample" of
>hidden data, one could hide data in one bit (or two or probably even 4) from
>each a 16-bit sample, and only golden-eared sound techies would be able to
>distinguish it.
The real risk wouldn't be golden ears, but the more conspicuous
problem of the original being comparable to the burned CD-R (which
would already be suspicious by virtue of being a CD-R.)
-S
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Subject: Re: Audio-CD steganography?
Date: 3 Jan 2001 08:22:18 GMT
Michael Drüing <[EMAIL PROTECTED]> wrote:
>Hi,
>
>does anyone know if it is possible to store user-data (for example jpegs
>etc.) in the subchannels of a normal Audio-CD? I know that there is about
>4megs of empty subchannel-data on each CD. But is there any program that can
>write such data (and, of course, read it back again)??
I'm curious: from where do you get that 4 meg figure?
If you don't care about robustness (i.e., an attacker inflicting
damage upon the data in transit to foil hidden messages---and
in the case of a music CD, this may not be a concern of yours)
you can hide a lot of data just encrypted and placed in LSBs.
Just using one least significant bit per sample, you have about
1/16 of the disk, or a good 40 meg maximum, for your data. You
can try more bits for more space.
If you are willing to write a C program to do it, just write
a program that embeds and reads from WAV files. Then you'd
rip a CD onto your hard drive as WAVs, alter them, and
burn 'em back to a CD. With standard 44100/16-bit stereo WAVs
stored on CDs, here's what you do to read:
/*********************************************************/
char buf[5] = "snuh", output;
FILE * fp, * op;
[ ... etc etc, all other variables, open fp as your input file ]
do{ fread( buf, 4, 1, fp ); } while( strcmp(buf,"data") );
/* That line skips past the header to the "data" */
fread( buf, 4, 1, fp );
filesize = buf[0] + (buf[1]<<8) + (buf[2]<<16) + (buf[3]<<24);
/* filesize is now the number of bytes remaining */
for( i=0, j=6, output=0x00; i<filesize; i+=4 ) {
fread( buf, 4, 1, fp );
twobits=((buf[0]&1)<<1)|(buf[2]&1);
/* LSB taken from left and right sample */
output |= (char)(twobits<<j);
/*packs those two bits into a byte*/
j-=2; if(j==0) {
fwrite( &output,1,1,op );
output=0x00;
j=6;
}
}
if(j<0x40) fwrite( &output,1,1,op ); /* remaining crap */
fclose( fp ); fclose( op );
/*********************************************************/
You can make this more efficient, of course. Modifying
this code to make it write is simple.
>Thanks,
>--Michael
-S
------------------------------
From: David Eppstein <[EMAIL PROTECTED]>
Subject: Re: But this is already a problem [Re: "Content Protection for Recordable
Media"]
Date: Thu, 04 Jan 2001 21:15:26 -0800
In article <92mn03$hm9$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
(Scott Craver) wrote:
> Microsoft has been selling "medialess" OS distributions
> for a while now, meaning that your new computer w/ Windows
> pre-installed does not come with the OS on CDs. Rather,
> it may come with a "recovery" CD or a pristine copy of
> the OS on a separate partition on the hard drive[1].
>
> The idea behind this is that your Windows license is intended
> specifically for the machine you bought. If you lost your
> computer in a fire and got a new one, but want to use your
> purchased copy of Windows; or, more realistically, if your
> HD blows up and you need to reinstall on another HD, tough.
> When I last checked, MS was aware of these concerns, but
> could only say that this is just the way it will be. You
> surely can back up your drive, but already we see companies
> employing mechanisms which make certain "fair use" backups
> impossible[2].
I had a hard drive crash a couple weeks ago, replaced under warranty, and
the new drive came with the OS preinstalled on it again (it needed to be,
or the machine wouldn't boot). So I guess this policy may make you go to a
licenced repair shop rather than buying your own replacement disk and
installing it yourself, but I doubt it will force you to trash the whole
computer (or, horrors, have to run Linux on it) just because your disk died.
And if you're the type to really want to do it yourself, you're probably
already running Linux...
--
David Eppstein UC Irvine Dept. of Information & Computer Science
[EMAIL PROTECTED] http://www.ics.uci.edu/~eppstein/
------------------------------
From: [EMAIL PROTECTED] (Jim Choate)
Subject: Austin Cypherpunks - Tue. Jan. 9, 2001
Date: 4 Jan 2001 23:37:56 -0600
Time: Jan 9, 2001
Second Tuesday of each month
7:00 - 9:00 pm (or later)
Location: Central Market HEB Cafe
38th and N. Lamar
Weather permitting we meet in the un-covered tables.
If it's inclimate but not overly cold we meet in the
outside covered section. Otherwise look for us inside
the buidling proper.
Identification: Look for the group with the "Applied Cryptography"
book. It will have a red cover and is about 2 in. thick.
Contact Info: http://einstein.ssz.com
--
____________________________________________________________________
Before a larger group can see the virtue of an idea, a
smaller group must first understand it.
"Stranger Suns"
George Zebrowski
The Armadillo Group ,::////;::-. James Choate
Austin, Tx /:'///// ``::>/|/ [EMAIL PROTECTED]
www.ssz.com .', |||| `/( e\ 512-451-7087
-====~~mm-'`-```-mm --'-
--------------------------------------------------------------------
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy.anon-server,alt.privacy
Subject: Re: Any Ziplip Users Here????
Date: 04 Jan 2001 21:46:33 -0800
Wendel <[EMAIL PROTECTED]> writes:
> In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> says...
> >
> > This story does not check out. It appears to be fiction.
> >
> Besides Ziplip seemed to be working fine when I visited earlier today.
The story was about Hushmail, not Ziplip. Has the claim morphed to
Ziplip (rather than Hush) being the company having trouble? The
original story was quite specific about it being Hush.
------------------------------
From: [EMAIL PROTECTED] (Scott Craver)
Crossposted-To: comp.sys.laptops
Subject: Re: Intel holding back because of security issues!
Date: 5 Jan 2001 02:00:51 GMT
John Savard <[EMAIL PROTECTED]> wrote:
>>[EMAIL PROTECTED] writes:
>>> Among things that he was told was this gem: "We can't release the Itanium
>>> ( IA-64 ) processor because it can crack 128-bit SSL encryption in less
>>> than a day." LOL. If that's true, that's some sick CPU.
>>> -Boucher
>I think there was a typo, though.
Right. I wonder what smaller number his spell-checker replaced
with "128"?
>John Savard
-S
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
