Cryptography-Digest Digest #405, Volume #14 Mon, 21 May 01 23:13:01 EDT
Contents:
Re: Apology to Cloakware (open letter) (Mok-Kong Shen)
Re: CIA Kryptos last 97 characters ("Douglas A. Gwyn")
Re: taking your PC in for repair? WARNING: What will they (Jim Turner)
survey ("Tom St Denis")
Re: Apology to Cloakware (open letter) (Joe A Hacker)
Re: Help with a message (Charles Lyttle)
Re: Definition of "secure hash function" (was PRNG question) (David Wagner)
Re: taking your PC in for repair? WARNING: What will they (Frog2)
Re: survey ("bubba")
Re: survey ("Tom St Denis")
Re: survey (Paul Rubin)
Re: survey (SCOTT19U.ZIP_GUY)
Encryption Method for Win 98 Screen Saver (Jschutkeker)
Re: truth+integrity=sore losers (Jschutkeker)
Re: truth+integrity=sore losers (SCOTT19U.ZIP_GUY)
Re: wide-trail (David Hopwood)
----------------------------------------------------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Apology to Cloakware (open letter)
Date: Tue, 22 May 2001 01:15:07 +0200
Matt Timmermans wrote:
>
> Has anyone heard of a reasonably successful algorithmic method for
> identifying people by writing style?
I think that human (i.e. non-algorithmic) has definitely
much more chance in successfully doing that job than any
algorithms. On the other hand, there had been work done on
determining the authorship of Shakespeare's writings.
Wasn't that at least partly algorithmic? (I have no knowledge
of that work at all.)
M. K. Shen
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: CIA Kryptos last 97 characters
Date: Mon, 21 May 2001 23:03:56 GMT
Gary Warzin wrote:
> I appreciate your skepticism. I hope this at least helps clears up why I think
> the WXZ is significant and does lend support to the theory - the main point of
> which is that the real message is only 93 characters; i.e., the 97 minus the KR
> and YP.
While your observation (KR,..,YP) is interesting, it is not necessarily
significant; or if it turns out to be significant, it could well be for
some cause other than the one you've been pursuing. Some of the ideas
on your Web page are plain wrong, for example the issue of line lengths:
The actual sculpture has the letters stenciled out, and they have
variable widths, so (depending on what ciphertext letters happen to
occur) the lines will naturally be of different lengths, simply to
neatly line up at the right margin (as opposed to what typesetters call
"ragged right"). The main problem I have with your approach is the
notion that a tableau is "shining through" the patent ciphertext; the
recovered plaintext is not consistent with that model, so why should the
last little bit follow that model? It is certainly not consistent with
the normal uses of tableaus for encryption.
------------------------------
From: [EMAIL PROTECTED] (Jim Turner)
Crossposted-To: alt.privacy,alt.privacy.anon-server
Subject: Re: taking your PC in for repair? WARNING: What will they
Reply-To: [EMAIL PROTECTED]
Date: Tue, 22 May 2001 00:01:19 GMT
On Mon, 21 May 2001 14:11:41 GMT, [EMAIL PROTECTED] (Eric Lee Green)
wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Mon, 21 May 2001 14:26:01 +0200, Anonymous <[EMAIL PROTECTED]>
>wrote:
>>On Mon, 21 May 2001 06:42, [EMAIL PROTECTED] (Eric Lee Green) wrote..
>>>EE Support wrote:
>>>>Eric Lee Green is exposed for posting blatant lies about Evidence
>>>>Eliminator.
>>
>>>Yawn. Yet more spam from the spamming copyright violating criminal.
>>
>>Ok..
>>
>>So who has sufficient knowledge of assembly?
>
>Sufficient knowledge of assembly is not needed. EE is written in Visual
>BASIC, for cryin' out loud. All that's needed is a good C++ compiler.
>You would do everything, including the filename zapping that the EE guys
>claims requires dropping back to DOS, by ripping the VFAT support out of
>the Linux kernel and adapting it to use the disk defrag API for its block
>read/write. The same could be done to write a real overwriter for NTFS
>(which EE won't do).
>
>I've been thinking about it myself, but I'm a Unix programmer, not a
>Windows programmer. Hmm, hold on, I have some spare time right now,
>maybe I'll go learn the Windows API's... hmm, I don't have a C++ compiler
>for Windows, I guess I'll look at Cygwin (the Windows port of the
>GNU C++ compiler)... certainly beats working on the EE_Support_Eliminator
>(which randomly spams the security newsgroups :-).
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.0.5 (GNU/Linux)
>Comment: For info see http://www.gnupg.org
>
>iD8DBQE7CSEW3DrrK1kMA04RAuppAJ9QPSGhKNBawXU+s1Ci/uP7/8KtAQCgpKSM
>+OtPRxVbyt/bMTxZh/3Kbhs=
>=RTcO
>-----END PGP SIGNATURE-----
There is a Secure Delete with source code for Win9x/NT 4.0/Win2K at
http://www.sysinternals.com/ntw2k/source/sdelete.shtml
This is a good starting point.
There is also SRM at
http://sourceforge.net/projects/srm/
Primarily aimed at Linux/Unix, but open source.
JT
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: survey
Date: Tue, 22 May 2001 00:01:38 GMT
I just want to know (curious mind at work here).
Is the reason I get zero feedback on my papers (other than when my ideas are
obviously stupid) (and other than stuff by Scott Fluhrer) because?
a) This "tom" guy is a crank and I don't want to read his stuff.
b) This "tom" guy is a retard and what he writes makes my 12 yr olds laugh
c) I read his stuff but I don't want to comment.
d) I read his stuff but I can't think of anything to comment
e) I read his stuff and do comment and tom just doesn't listen or forgot.
f) I like surveys.
I just want to know if my ideas/research are reaching anyone, I want to make
sure I am not just wasting my time....
Tom
------------------------------
From: [EMAIL PROTECTED] (Joe A Hacker)
Subject: Re: Apology to Cloakware (open letter)
Date: Tue, 22 May 2001 02:03:28 +0200
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> I think that human (i.e. non-algorithmic) has definitely
> much more chance in successfully doing that job than any
> algorithms. On the other hand, there had been work done on
> determining the authorship of Shakespeare's writings.
>
It's simply statistical analysis and afaik works very well.
Regards,
Erich
------------------------------
From: Charles Lyttle <[EMAIL PROTECTED]>
Subject: Re: Help with a message
Date: Tue, 22 May 2001 00:07:49 GMT
gp wrote:
>
> If the Z is a space, the text seems to break into nice words.
>
> If you take out the Zs then looking at the 'words'
> JPJ UMPOBADV repeats in 45 and 660 characters.
> There also appear 'words' MAPPMCF and MAPPMCFGXEY.
> Other words are :-
> IX appears 6 times.
> TPF appears once TPFM appears 4 times.
> JPJ appears 3 times.
> EJP appears twice EJPJ once.
> NNQK appears 3 times.
> PR appears 3 times.
> UJJ once UJK twice.
> etc
> Most of these occurances are multiples of 3.
>
> If the Z is a space how does a Vigenere table appear? What happens to
> the deciphered letter in the Z column/row?
> Is JPJ UMPOBABV 'the -------' ???
>
> GP
If Z is a space then the Vigenere table has 25 col. and another letter
is used to replace the letter Z, perhaps X or Q. Infrequent letters are
often omitted/replaced thus.
Try the analysis again but with all occurances of Z removed. If I get a
chance tonight, I'll write a PERL script to do that
--
Russ Lyttle
"World Domination through Penguin Power"
The Universal Automotive Testset Project at
<http://home.earthlink.net/~lyttlec>
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: Definition of "secure hash function" (was PRNG question)
Date: 22 May 2001 00:08:50 GMT
David Hopwood wrote:
>David Wagner wrote:
>> Yes, but usually when people say "secure hash function", they implicitly
>> assume far more than just one-wayness and collision-resistance. So I take
>> "secure hash function" to mean that it behaves like a random oracle, with
>> no structure whatsoever.
>
>Which is of course not true of MD5, SHA-{1,256,384,512}, RIPEMD-{128,160},
>HAVAL, Tiger, Whirlpool, etc., because they have the Merkle-Damgård structure.
>This is not just an academic point: if these hashes really behaved like a
>function chosen at random, then Hash(key || message) would be a secure MAC.
Oh, I just knew someone would bring this up. Yes, I'm quite aware of
this subtlety, but I didn't want to get into it, because it doesn't
affect my bottom-line claim.
Yes, you and I both know that these hash functions aren't random oracles.
But I still claim that most people who say "secure hash function" don't
know about the length-appending properties of Merkle-Damgard hashes, and
they *do* seem to assume that the function is as good as a random oracle.
In many cases the length-appending properties of Merkle-Damgard hashes
don't harm security, which means that there is probably some weaker
assumption that suffices for security, but again, that's not my point.
My point is that the best approximation we have to the mental model
of what crypto-designers expect from a secure hash function seems to
be the "random oracle" model. Don't try to look at the details too
carefully, because the details don't quite work out. It is only a rough
approximation of the mental model, and should not be taken too seriously.
Nonetheless, I think the point is an important one.
------------------------------
From: Frog2 <[EMAIL PROTECTED]>
Date: 22 May 2001 00:14:28 -0000
Subject: Re: taking your PC in for repair? WARNING: What will they
Crossposted-To: alt.privacy,alt.privacy.anon-server
On Mon, 21 May 2001 14:11, [EMAIL PROTECTED] (Eric Lee Green) wrote..
>Anonymous wrote:
>>[EMAIL PROTECTED] (Eric Lee Green) wrote..
>>>EE Support wrote:
>>>>Eric Lee Green is exposed for posting blatant lies about Evidence
>>>>Eliminator.
>>>Yawn. Yet more spam from the spamming copyright violating
>>>criminal.
>>Ok..
>>So who has sufficient knowledge of assembly?
>Sufficient knowledge of assembly is not needed. EE is written in
>Visual BASIC, for cryin' out loud.
<g>
>All that's needed is a good C++ compiler.
>You would do everything, including the filename zapping that the EE
>guys claims requires dropping back to DOS, by ripping the VFAT
>support out of the Linux kernel and adapting it to use the disk
>defrag API for its block read/write. The same could be done to write
>a real overwriter for NTFS (which EE won't do).
Good thinking!
>I've been thinking about it myself, but I'm a Unix programmer, not a
>Windows programmer. Hmm, hold on, I have some spare time right now,
>maybe I'll go learn the Windows API's... hmm, I don't have a C++
>compiler for Windows, I guess I'll look at Cygwin (the Windows port
>of the
>GNU C++ compiler)...
A while back I saw a discussion where a freeware C++ compiler was
discussed, can't remember the name though.. I'll look it up and post
the URL.
>certainly beats working on the EE_Support_Eliminator (which randomly
>spams the security newsgroups :-).
Ignore EE. Let's make a better, more trustworthy tool.
Name it 'BlueSky' :))
DrJohn.
--
Anarchy doesn't mean out of control. It means out of `their` control.
--
Survival is insufficient!
------------------------------
From: "bubba" <[EMAIL PROTECTED]>
Subject: Re: survey
Date: Mon, 21 May 2001 19:51:28 -0500
Tom,
Give people more time. I may never get a chance to look at them
because I work too much. I just put in a 13 hour day (plus commute),
and am lucky to look at the internet at all lately. Probably others
work a lot too. I wouldn't be qualified to comment anyway. There
are probably not that many qualified people that look at this group
daily.
I did get a chance to look at your web page, though. Go easy on dog boy.
"Tom St Denis" <[EMAIL PROTECTED]> wrote in message
news:C%hO6.158122$[EMAIL PROTECTED]...
> I just want to know (curious mind at work here).
>
> Is the reason I get zero feedback on my papers (other than when my ideas
are
> obviously stupid) (and other than stuff by Scott Fluhrer) because?
>
> a) This "tom" guy is a crank and I don't want to read his stuff.
> b) This "tom" guy is a retard and what he writes makes my 12 yr olds
laugh
> c) I read his stuff but I don't want to comment.
> d) I read his stuff but I can't think of anything to comment
> e) I read his stuff and do comment and tom just doesn't listen or forgot.
> f) I like surveys.
>
> I just want to know if my ideas/research are reaching anyone, I want to
make
> sure I am not just wasting my time....
>
> Tom
>
>
------------------------------
From: "Tom St Denis" <[EMAIL PROTECTED]>
Subject: Re: survey
Date: Tue, 22 May 2001 01:10:09 GMT
"bubba" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]...
> Tom,
>
> Give people more time. I may never get a chance to look at them
> because I work too much. I just put in a 13 hour day (plus commute),
> and am lucky to look at the internet at all lately. Probably others
> work a lot too. I wouldn't be qualified to comment anyway. There
> are probably not that many qualified people that look at this group
> daily.
Oh perhaps... I made it a point to read news when I was at work (...er when
I worked...)
> I did get a chance to look at your web page, though. Go easy on dog boy.
Hehehehe... dog boy is funny though...
Tom
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Subject: Re: survey
Date: 21 May 2001 18:27:43 -0700
I look at your stuff but not very closely. Nothing personal but I
don't think examining new block ciphers designed by college students
is a good way to spend my time (I admire David and Pancho for being
willing to do that). If I look at your TC15 paper for 2 minutes and
don't see an obvious attack, what kind of comment is that supposed to
be? I just shrug my shoulders and go on to the next thing.
Cryptanalysis is much more worthwhile and your Noekeon paper is
interesting and I'd like to get around to looking at it more closely
one of these days, but you know how that goes too.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: survey
Date: 22 May 2001 01:35:56 GMT
[EMAIL PROTECTED] (Tom St Denis) wrote in
<C%hO6.158122$[EMAIL PROTECTED]>:
>I just want to know (curious mind at work here).
>
>Is the reason I get zero feedback on my papers (other than when my ideas
>are obviously stupid) (and other than stuff by Scott Fluhrer) because?
>
>a) This "tom" guy is a crank and I don't want to read his stuff.
>b) This "tom" guy is a retard and what he writes makes my 12 yr olds
>laugh c) I read his stuff but I don't want to comment.
>d) I read his stuff but I can't think of anything to comment
>e) I read his stuff and do comment and tom just doesn't listen or
>forgot. f) I like surveys.
>
>I just want to know if my ideas/research are reaching anyone, I want to
>make sure I am not just wasting my time....
>
>Tom
>
>
How about Z) tom is an idiot who condems bijective compression encryption
at every turn but is to damn lazy to check it out. If you took an honest
look at other stuff maybe I would look at it.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
From: [EMAIL PROTECTED] (Jschutkeker)
Date: 22 May 2001 02:01:48 GMT
Subject: Encryption Method for Win 98 Screen Saver
Does anybody know what method Microsoft uses to encrypt passwords for it's Win
98 screen saver? I've managed to verify that it's an easy system to crack,
since Break-Dance, Inc has a downloadable code named Cain10 that decodes the
password instantaneously. But I'm intersted in seeing the algorithm, not using
it. Can anyone help me with this?
------------------------------
From: [EMAIL PROTECTED] (Jschutkeker)
Date: 22 May 2001 02:14:26 GMT
Subject: Re: truth+integrity=sore losers
You really don't want to be bad mouthing your employer in a public forum
Whistleblowers always get fired. you should read Dilbert.
------------------------------
From: [EMAIL PROTECTED] (SCOTT19U.ZIP_GUY)
Subject: Re: truth+integrity=sore losers
Date: 22 May 2001 02:40:33 GMT
[EMAIL PROTECTED] (Jschutkeker) wrote in
<[EMAIL PROTECTED]>:
>You really don't want to be bad mouthing your employer in a public forum
>Whistleblowers always get fired. you should read Dilbert.
But he no longer works there. So why should he be a wimp.
If he wants to bad mouth his former emplyer why not especially
if he feels its honest. He could even get a job back where he
worked before. All organizations have different departments or
groups that hate each other. If you piss one then the enemy of
that group likes you. Its how organized groups work. It strange
but where I worked before all sort of weird groups some based
on religion in which case being morman or catholic could be a
plus. Some based on hunting. Some on whther you where a technican
or not. Life and structure of the work place very interesting.
Hell some groups seem to worship Unix or ada or C++ it was
in interesting mix.
David A. Scott
--
SCOTT19U.ZIP NOW AVAILABLE WORLD WIDE "OLD VERSIOM"
http://www.jim.com/jamesd/Kong/scott19u.zip
My website http://members.nbci.com/ecil/index.htm
My crypto code http://radiusnet.net/crypto/archive/scott/
MY Compression Page http://members.nbci.com/ecil/compress.htm
**NOTE FOR EMAIL drop the roman "five" ***
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged or
something..
No I'm not paranoid. You all think I'm paranoid, don't you!
------------------------------
Date: Tue, 22 May 2001 03:22:48 +0100
From: David Hopwood <[EMAIL PROTECTED]>
Subject: Re: wide-trail
=====BEGIN PGP SIGNED MESSAGE=====
Tom St Denis wrote:
> "David Hopwood" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > > I believe it was first introduced in Joan Daemen's thesis `Cipher and
> > > Hash Design', in chapter 5, `Propagation and Correlation'.
> >
> > BTW, that thesis is at
> > http://www.esat.kuleuven.ac.be/~cosicart/ps/JD-9500/
>
> I got a 404...
Works for me.
- --
David Hopwood <[EMAIL PROTECTED]>
Home page & PGP public key: http://www.users.zetnet.co.uk/hopwood/
RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Nothing in this message is intended to be legally binding. If I revoke a
public key but refuse to specify why, it is because the private key has been
seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip
=====BEGIN PGP SIGNATURE=====
Version: 2.6.3i
Charset: noconv
iQEVAwUBOwnNXzkCAxeYt5gVAQE/Hwf/UF9FhFkxbaviRB1UZYxRMtUyJOOZjd8m
VBy+Ozw3jviRYjBNkyPMm17QQEhW2SCKco1tngNIIraJllcoZT/iP2dg9+Ix5lrJ
5VXM4FHmApyd1EXvy9ffTb34wcRbXhPZc2HajLcnhUNmvL0HrC8HCIrFpNnGQkqj
hpR2AJZtvaQogLJu4Etg+f0bYyFj358ZWMxuAgnezN1qcQxDWLWGaoCOeEiIsGTR
03DPnBWo0ihyAh/nSxIgL+VFyDBOcS3aQhjXS034q17rqdWuG+e59JhhWQRwrxi/
uKjcKsHaerB2eqnIVngYEvuUb4R+zd+J2gwa+VOZtvyPkw+CGzY14g==
=yGHW
=====END PGP SIGNATURE=====
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
