Cryptography-Digest Digest #924, Volume #13 Sat, 17 Mar 01 05:13:00 EST
Contents:
Re: Random and RSA ("Douglas A. Gwyn")
NTRU, continued... ("Daniel Lieman")
Re: Text of Applied Cryptography .. do not feed the trolls (Paul Crowley)
Re: What do we mean when we say a cipher is broken? (Was Art of Cryptography)
(Paul Crowley)
Re: How to eliminate redondancy? ("Douglas A. Gwyn")
Re: What do we mean when we say a cipher is broken? (Was Art of ("Douglas A. Gwyn")
Re: What do we mean when we say a cipher is broken? (Was Art of ("Douglas A.
Gwyn")
Re: One-time Pad really unbreakable? ("Douglas A. Gwyn")
Re: What do we mean when we say a cipher is broken? (Was Art of ("John A. Malley")
Re: What do we mean when we say a cipher is broken? (Was Art of ("Douglas A.
Gwyn")
Re: Cesar principle ("Douglas A. Gwyn")
Re: Cesar principle ("John A. Malley")
Re: NTRU, continued... (David A Molnar)
Re: SSL secured servers and TEMPEST (Frank Gerlach)
Re: IP (those who know me have no need of my name)
Re: SSL secured servers and TEMPEST (those who know me have no need of my name)
Re: What do we mean when we say a cipher is broken? (Was Art of (Mok-Kong Shen)
Re: Defining a cryptosystem as "broken" (Mok-Kong Shen)
Re: What do we mean when we say a cipher is broken? (Was Art of (Mok-Kong Shen)
Re: What do we mean when we say a cipher is broken? (Was Art of (Mok-Kong Shen)
Re: Factoring RSA (Mok-Kong Shen)
Re: IP (Mok-Kong Shen)
----------------------------------------------------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Random and RSA
Date: Sat, 17 Mar 2001 06:39:25 GMT
br wrote:
> If secure = hard to attack so random = hard to attack
> secure = random
> :))))
> Is it a false deduction?
Yes, it's a false deduction. For one thing, those are
not actual equalities. You might as well say:
man = human and woman = human, so man = woman.
------------------------------
From: "Daniel Lieman" <[EMAIL PROTECTED]>
Subject: NTRU, continued...
Date: Sat, 17 Mar 2001 06:47:44 GMT
Hi all -
Don Johnson recently wrote:
So, ECC has a space advantage and perhaps NTRU has a speed advantage on a
Pentium, if you believe NTRU is strong. I notice that the NTRU sig method
presented at Crypto is no where to be found (anymore) on the NTRU webstie,
instead a new one from fall 2000 is being offered. What happened to the old
one, did someone break it? Do you think this inspires confidence?
I'd like to offer a few comments. Context: I work for NTRU.
1) the NTRU sig method IS still on the web site - click on technology, then
on technical center. This paper has been accepted by EUROCRYPT, and will be
presented (in full) there in May.
2) The answer to Don's second question is "no, no one broke it." Instead,
when the EUROCRYPT paper was updated and the final version was submitted, we
posted that one on the web site.
3) Why does ECC have a space advantage? NTRU is smaller in footprint.
ECC's key *are* smaller, true. But its code is much larger.
4) NTRU has a speed advantage on EVERY platform I've seen, including
constrained devices (ST Microelectronics platforms, Palms, SIM chips, etc.)
as well as larger machines. *Perhaps* NTRU has a speed advantage? I'd call
several orders of magnitude a speed advantage.
5) I'd be more than happy to provide performance data to anyone - comparing
NTRU to ECC and RSA. We're quite pleased with the results. It's somewhat
hard to respond to the vague attempts to spread fear and doubt about NTRU -
such as those above - but we'd be happy to provide a summary of the peer
review NTRU has received (including such authors as Coppersmith, Nguyen,
Shamir, Stern, etc. - I apologize to the many I haven't listed!) to anyone
who is interested.
Daniel Lieman
------------------------------
Subject: Re: Text of Applied Cryptography .. do not feed the trolls
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Sat, 17 Mar 2001 06:33:31 GMT
David Hopwood <[EMAIL PROTECTED]> writes:
> - including the code in a published book played a significant part in
> pointing out the absurdity of the US export restrictions,
> - at the time the first edition was published, free crypto libraries
> weren't available (except an early version of SSLeay, which I think
> was where the DES, GOST and Blowfish code came from?)
I have always assumed the point was largely to make implementations
more readily available despite the export restrictions as you say,
since it's certainly true they're not good for learning from - or even
for getting clarification from!
Brian Gladman's AES implementations are better in every way - clearer,
more consistent, and with more sensible optimisation. If you've just
read the paper describing one, read the Gladman implentation next for
enlightenment and clarification.
--
__ Paul Crowley
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
Subject: Re: What do we mean when we say a cipher is broken? (Was Art of
Cryptography)
From: Paul Crowley <[EMAIL PROTECTED]>
Date: Sat, 17 Mar 2001 06:33:30 GMT
William Hugh Murray <[EMAIL PROTECTED]> writes:
> > A
> > cipher is *not* broken when the messages sent in it actually _cannot_
> > be read.
[snip]
> I hope that you cryptographers have fun with your abstraction but it is not
> particularly useful to security people.
This isn't the definition used by cryptographers in general. For one
thing, cryptographers generally consider a cipher broken if (in very
general terms) it has any properties you could reasonably imagine it
avoiding. The attacker doesn't have to recover plaintext; they just
have to demonstrate that it's not like an "ideal" component of its
type. Stream ciphers are a good example here: if there's a cheaper
way than brute force of detecting that the stream cipher is in use at
all, that's a problem.
There are imprecisions with this statement, but I think the flavour is
correct.
--
__ Paul Crowley
\/ o\ [EMAIL PROTECTED]
/\__/ http://www.cluefactory.org.uk/paul/
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: How to eliminate redondancy?
Date: Sat, 17 Mar 2001 06:54:11 GMT
"Trevor L. Jackson, III" wrote:
> The same complaint can be leveled against any lossless transform.
No, compression really does increase the information per bit.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: What do we mean when we say a cipher is broken? (Was Art of
Date: Sat, 17 Mar 2001 06:55:39 GMT
John Savard wrote:
> Unicity distance is an information-theoretic quantity, and depends
> solely on the size of the key.
WTShaw's point seems to be that that is an overly simplistic measure
and that a better theory is needed for practical purposes.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: What do we mean when we say a cipher is broken? (Was Art of
Date: Sat, 17 Mar 2001 07:10:51 GMT
William Hugh Murray wrote:
> Both history and experience tell me that cryptography is not the
> weak point in my "system" nor is cryptanalysis the most efficient
> attack.
I don't know what "your system" is, but historically that has not
been true for other systems.
> Indeed, cryptography is astronomically stronger than the weakest
> link in my system.
The only way such a claim could be justified is if you *know* that
the protocol of your system is horribly flawed. In which case,
why would you want to use it?
> Everytime the secret group uses the method it risks disclosing
> its presence and its capability.
Nah, not even close.
> As to "super-strong" crypto, I would argue that 3-DES with one
> 112 bit key per object, is so close to "super-strong" as to
> leave little room or necessity for improvement.
That is simply an argument from ignorance. When I looked into
cryptanalyzing DES-like block ciphers a couple of years ago,
there were several promising directions for successful C/A of
such systems. I didn't get very far with the project due to
lack of funding, but the more I learned, the less confidence I
came to have in the strength of such systems.
> ... my reading of history, specifically that of Ultra, tells me
> that it is very expensive, sensitive to compromise through use,
> and depends largely upon flaws in the system rather than upon
> flaws in the algorithm.
That's a misconception. From what is now known about rotor
systems, Enigma-like systems can be cracked with far greater
ease than was actually done with the bombes. However, you're
not going to find the techniques described in the open
literature. This actually supports my point -- if you don't
know how to crack the system, you are apt to place mistaken
trust in its security.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: One-time Pad really unbreakable?
Date: Sat, 17 Mar 2001 07:15:54 GMT
Tim Tyler wrote:
> Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> : The impossibility is a straightforward consequence of *extremely*
> : well verified observed phenomena. One way of looking at it is the
> : nonzero commutator of conjugate operators. That is as reliable as
> : it gets (direct consequence of Fourier theory).
> You seem to be deluded on this issue. It is hubris to believe that you
> know anywhere near enough to claim that such a thing is impossible.
I'll match my physics credentials against yours any time.
> To make such statements about events being impossible, you apparently
> mis-understand the nature of scientic knowledge - which is inherently
> uncertain and open to doubt.
I was a scientist before you were even born. Your problem is not
one of science, it's one of bad philosophy, specifically skepticism,
which I have commented on before.
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: What do we mean when we say a cipher is broken? (Was Art of
Date: Fri, 16 Mar 2001 23:31:00 -0800
John Savard wrote:
>
> On Fri, 16 Mar 2001 13:42:32 -0600, [EMAIL PROTECTED] (wtshaw) wrote,
> in part:
>
> >A more important question to me is what ciphers
> >have a useful unicity distance, and how large are they.
>
> Unicity distance is an information-theoretic quantity, and depends
> solely on the size of the key.
Unicity distance is a function of the size of the key and the redundancy
of the plaintext. (See "The HAC" Section 7.3.5, Cryptanalysis of
classical ciphers, for example.)
Unicity distance is a relationship between the uncertainty of the key
and the redundancy of the plaintext. Under the random cipher model the
expected unicity distance U of a cipher is
U = H(K) / D
where U is the number of characters of plaintext, H(K) is the
uncertainty of the key and D is the plaintext's redundancy expressed in
bits/symbol (or D in this equation is the difference between the log of
the number of characters and the average amount of information carried
per character as actually used.)
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: What do we mean when we say a cipher is broken? (Was Art of
Date: Sat, 17 Mar 2001 07:33:43 GMT
Paul Crowley wrote:
> ... The attacker doesn't have to recover plaintext; they just
> have to demonstrate that it's not like an "ideal" component of its
> type. Stream ciphers are a good example here: if there's a cheaper
> way than brute force of detecting that the stream cipher is in use at
> all, that's a problem.
I have to disagree. That would be the case for *steganography*,
but not for encryption. In general it is *obvious* when encryption
is being used, and if the adversary cannot recover any of the
hidden information then he cannot be said to have broken the system.
There can certainly be strong patterns in ciphertext without
implying that the encryption is easily broken; for example every
8th bit could be a parity bit. (Not usually the case, but it
shows that nonrandomness does not imply breakability.)
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: Cesar principle
Date: Sat, 17 Mar 2001 07:25:45 GMT
br wrote:
> Now you are talking about using known-plain text attack.
> Why in your previous contribution about two properties, you
> rejected the use of dictionnaries by cryptanalists?
Probably because he knows enough about cryptanalysis to know
that in the vast majority of cases dictionaries are not used!
> I'm working on sample using the two properties to show how
> difficult is to decrypt cipher using this technic. I'm writing
> it. And all AI algo are helpless toward this technic.
> Cryptanalist have no way build a program. He has to read every
> ouptput for every key. Without reading he can't attack it.
> I recognize that I'm just an amateur cryptograph. But, I am
> confident on my power to propose new ideas.
It's fine to be enthusiastic about a subject that is new to
you, but it is not good to think that you bring greater
insight to the subject than the people who have worked in
this area professionally for decades (and who know about
centuries of historical development).
Here is some good advice: Before trying to construct new
cryptosystems of your own, first learn how to defeat the
classical cryptosystems. That will teach you at least some
of the weaknesses against which you need to test your own
designs before publishing them (here or elsewhere). The
sci.crypt FAQ gives several references, such as Kahn's "The
Codebreakers". Start there, not here.
------------------------------
From: "John A. Malley" <[EMAIL PROTECTED]>
Subject: Re: Cesar principle
Date: Fri, 16 Mar 2001 23:55:15 -0800
"Douglas A. Gwyn" wrote:
>
> br wrote:
> > Now you are talking about using known-plain text attack.
> > Why in your previous contribution about two properties, you
> > rejected the use of dictionnaries by cryptanalists?
>
> Probably because he knows enough about cryptanalysis to know
> that in the vast majority of cases dictionaries are not used!
>
> > I'm working on sample using the two properties to show how
> > difficult is to decrypt cipher using this technic. I'm writing
> > it. And all AI algo are helpless toward this technic.
> > Cryptanalist have no way build a program. He has to read every
> > ouptput for every key. Without reading he can't attack it.
> > I recognize that I'm just an amateur cryptograph. But, I am
> > confident on my power to propose new ideas.
>
> It's fine to be enthusiastic about a subject that is new to
> you, but it is not good to think that you bring greater
> insight to the subject than the people who have worked in
> this area professionally for decades (and who know about
> centuries of historical development).
>
> Here is some good advice: Before trying to construct new
> cryptosystems of your own, first learn how to defeat the
> classical cryptosystems. That will teach you at least some
> of the weaknesses against which you need to test your own
> designs before publishing them (here or elsewhere). The
> sci.crypt FAQ gives several references, such as Kahn's "The
> Codebreakers". Start there, not here.
This is good advice from Mr. Gwyn, br.
For great hands-on experience with cryptanalysis, get a copy of the four
volume set:
Military Cryptanalytics, Part I, Volume I, William F. Friedman and
Lambros D. Callimahos
Military Cryptanalytics, Part I, Volume II, William F. Friedman and
Lambros D. Callimahos
Military Cryptanalytics, Part II, Volume I, Lambros D. Callimahos and
William F. Friedman
Military Cryptanalytics, Part II, Volume II, Lambros D. Callimahos and
William F. Friedman
It's been said in sci.crypt that these four volumes are "basic training"
for professional cryptanalyists at the NSA.
You can order them from Amazon.com, BN.com or direct from Aegean Park
Press at
http://www.aegeanparkpress.com
Aegean Park Press publishes quite an assortment of cryptanalysis texts.
Also consider
"Cryptanalysis, a study of ciphers and their solution" by Helen Fouche
Gaines, ISBN 0-486-20097-3
"Decrypted Secrets, Methods and Maxims of Cryptology" by F.L. Bauer,
ISBN 3-540-60418-9
and check out the on-line classical cryptography course from LANAKI
(a.k.a. Randy Nichols ) at
http://www.fortunecity.com/skyscraper/coding/379/lesson1.htm.
Hope this helps,
John A. Malley
[EMAIL PROTECTED]
------------------------------
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: NTRU, continued...
Date: 17 Mar 2001 07:47:36 GMT
Daniel Lieman <[EMAIL PROTECTED]> wrote:
> 2) The answer to Don's second question is "no, no one broke it." Instead,
> when the EUROCRYPT paper was updated and the final version was submitted, we
> posted that one on the web site.
I was under the impression that there had been an older (previous to the
EUROCRYPT paper) signature scheme based on the NTRU problem - and that this
older signature scheme had been broken. In another thread, the paper
I. Mironov“A Note on Cryptanalysis of the Preliminary Version of the NTRU
Signature Scheme”
http://crypto.stanford.edu/~mironov/papers/ntru.ps
was mentioned. I haven't read it carefully enough to evaluate how serious the
attack is. The paper also explicitly notes that "the attack does not refer to
the next version of the signature scheme."
How many versions are there? Could you clarify what the history is regarding
the history of NTRU and "NTRU-based" signature schemes? Is there a revision
history somewhere on the NTRU web site?
Also, it would be helpful if you could write a bit about where the attack
"applies." This is a vague notion, but let me try to show what I mean by way
of RSA. Straight RSA signatures without padding are a bad idea and have lots
of attacks; yet using PSS or some other padding scheme we obtain very good
signatures. An attack on the padding scheme is worrisome, but not as
worrisome as an attack on RSA itself would be. For instance, the world
survives even after the spate of attacks on ISO-9796 padding.
Is such a distinction between "padding" and "underlying scheme" relevant for
the NTRU signature scheme and the above attack? if so, where does the attack
apply?
Thanks much,
-David
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: Re: SSL secured servers and TEMPEST
Date: Sat, 17 Mar 2001 10:57:57 +0100
those who know me have no need of my name wrote:
> <[EMAIL PROTECTED]> divulged:
>
> > -are there any key usage policies *in use* to make this kind of
> >attack impossible (such as temporary certificates signed with the
> >"master" certificate of the site) ?
>
> typically ssl accelerators are loaded with the private key. so the
> accelerator uses the key itself, it isn't transferred for each session
> setup.
The emanations of the "accelerator" is what we were writing about.
------------------------------
From: [EMAIL PROTECTED] (those who know me have no need of my name)
Subject: Re: IP
Date: Sat, 17 Mar 2001 09:20:15 -0000
<[EMAIL PROTECTED]> divulged:
>However, for security reasons, your ISP really shouldn't
>allow your IP to be reused immediately unless it can confirm that it's
>assigning it back to the same user, which most can't.
how can they not? you're their customer, and they've validated your
userid and password, or you wouldn't be as far as ipcp.
typically it's not done anymore, but it used to be, routinely.
--
okay, have a sig then
------------------------------
From: [EMAIL PROTECTED] (those who know me have no need of my name)
Subject: Re: SSL secured servers and TEMPEST
Date: Sat, 17 Mar 2001 09:22:39 -0000
<[EMAIL PROTECTED]> divulged:
>
>May calculation was as follows: a Video Signal has about 5 MHz of
>Bandwith. Just split that 2 GHz signal into 2000/5=400 5 MHz bands,
>transform them into the 0..5 MHz base band and then you "just" need
>400 VCRs to store the signal.
it may be that consumer vcr's aren't the optimum recording devices.
--
okay, have a sig then
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: What do we mean when we say a cipher is broken? (Was Art of
Date: Sat, 17 Mar 2001 10:22:30 +0100
John Savard wrote:
>
> [EMAIL PROTECTED] (wtshaw) wrote, in part:
>
> >A more important question to me is what ciphers
> >have a useful unicity distance, and how large are they.
>
> Unicity distance is an information-theoretic quantity, and depends
> solely on the size of the key.
Dumb questions: Do you mean by 'key' here the key of a block
algorithm? Is unicity distance a characteristic of a cipher?
What is the unicity distance of e.g. AES and how does one
compute that? Thanks.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Defining a cryptosystem as "broken"
Date: Sat, 17 Mar 2001 10:22:42 +0100
Joseph Ashwood wrote:
>
> I don't think that one can say flatly, cipher X is broken, cipher Y is not.
> We must first built a threat/attack model.
[snip]
> Using this threat/atack model as a guideline one can find a suitable
> encryption algorithm that as close as possible meets the speed requirements.
I surmise that one problem lies in the fact that one can't
fix a small number of such models (with correspondingly
'fixed' numerical quantities pertaining to them) and apply
these to given applications, for these could vary in quite
wide ranges. In other words, there could be sort of
combinatorial explosion. The bigger problem seems to be,
though: Given a model and a cipher, how do we assure
that the 'security' that one computes is correct? Do
we know all potential techniques of attack? Or do the
model limit themselves to specific known techniques? I
conjecture that one has in matter of security of ciphers so
many 'fuzzy' factors that one can only arrive with quite
an amount of subjectivity certain 'feeling' of security
in any concrete case, something in my humble view probably
very much less sure than e.g. what an engineer has about
the safety of a bridge that he has built. BTW, would the
(in some sense rather inexact) manner that the engineers
often deal with their questions of security be able to
satisfy the requirements of crypto (purists) at all?
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: What do we mean when we say a cipher is broken? (Was Art of
Date: Sat, 17 Mar 2001 10:23:00 +0100
"Douglas A. Gwyn" wrote:
>
> William Hugh Murray wrote:
[snip]
> > As to "super-strong" crypto, I would argue that 3-DES with one
> > 112 bit key per object, is so close to "super-strong" as to
> > leave little room or necessity for improvement.
>
> That is simply an argument from ignorance. When I looked into
> cryptanalyzing DES-like block ciphers a couple of years ago,
> there were several promising directions for successful C/A of
> such systems. I didn't get very far with the project due to
> lack of funding, but the more I learned, the less confidence I
> came to have in the strength of such systems.
>
> > ... my reading of history, specifically that of Ultra, tells me
> > that it is very expensive, sensitive to compromise through use,
> > and depends largely upon flaws in the system rather than upon
> > flaws in the algorithm.
>
> That's a misconception. From what is now known about rotor
> systems, Enigma-like systems can be cracked with far greater
> ease than was actually done with the bombes. However, you're
> not going to find the techniques described in the open
> literature. This actually supports my point -- if you don't
> know how to crack the system, you are apt to place mistaken
> trust in its security.
I think you are right. This strenthens the seemingly
reasonable postulation, though, that (particulary since
no one can have comprehensive knowledge) any quantitative
measure of security of ciphers can only be fuzzy, i.e.
(being inaccurate) has itself a serious ''security'' problem.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: What do we mean when we say a cipher is broken? (Was Art of
Date: Sat, 17 Mar 2001 10:22:53 +0100
Paul Crowley wrote:
>
> William Hugh Murray <[EMAIL PROTECTED]> writes:
> > > A
> > > cipher is *not* broken when the messages sent in it actually _cannot_
> > > be read.
> [snip]
> > I hope that you cryptographers have fun with your abstraction but it is not
> > particularly useful to security people.
>
> This isn't the definition used by cryptographers in general. For one
> thing, cryptographers generally consider a cipher broken if (in very
> general terms) it has any properties you could reasonably imagine it
> avoiding. The attacker doesn't have to recover plaintext; they just
> have to demonstrate that it's not like an "ideal" component of its
> type. Stream ciphers are a good example here: if there's a cheaper
> way than brute force of detecting that the stream cipher is in use at
> all, that's a problem.
>
> There are imprecisions with this statement, but I think the flavour is
> correct.
Cheaper than brute force doesn't necessarily imply that
the price is affordable. That's the problem, I suppose.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Factoring RSA
Date: Sat, 17 Mar 2001 10:30:14 +0100
Michael Brown wrote:
>
> I know I'm getting repetitive, but could someone also look at my factoring
> page :P
>
> http://odin.prohosting.com/~dakkor/rsa/
Why don't you try it yourself on one of the RSA challenges?
Another suggestion is that you provide a short succint
description of the method.
M. K. Shen
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: IP
Date: Sat, 17 Mar 2001 10:46:59 +0100
David Schwartz wrote:
>
> Which makes Windows policy of breaking all TCP connections on a hangup
> seem even more boneheaded. Requesting the same address is the right
> thing to do. However, for security reasons, your ISP really shouldn't
> allow your IP to be reused immediately unless it can confirm that it's
> assigning it back to the same user, which most can't.
Other dumb questions: If an ISP having a large number of
customers very efficiently assigns different dynamic IPs
to its customers at different time points, wouldn't that
contribute substantially to anonymity (i.e. the
functionality of anonymizers)? Would it be possible
for the ISP even to change the assignment of IPs during
the connection time of the customers so that better
anonymity is achieved? Thanks.
M. K. Shen
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
