hiding plaintext
One could increase the difficulty of decryption by three or four doublings by intermixing random data with plaintext in a message. Here's the least stupid method I can think of: the first character in a message is the start of text (SOT) character. The second character in a message is the end of text (EOT) character. The message itself consists of random data intermixed with plaintext prefixed by SOT and suffixed with EOT. An EOT outside of plaintext stands for itself. An SOT inside plaintext stands for itself. This method can encode arbitrary plaintext. By implication, the random data does not contain an SOT nor EOT. Instead of being able to look at a fixed point in the encrypted text for plain text, it's necessary to examine the entire text. The cryptanalyst gets a clue that they should continue if they look at enough of the random text without finding SOT or EOT characters. They get a clue they should stop if the first two characters are identical, but that's only 1/256 probability. This mainly serves to increase the complexity and expense of decryption engines. -- -russ nelson [EMAIL PROTECTED] http://russnelson.com Crynwr sells support for free software | PGPok | No intellectual property 521 Pleasant Valley Rd. | +1 315 268 1925 voice | rights were harmed in the Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | creation of this message.
crypto.com
Sorry if you've seen this message several times, but I've been receiving email all day from people asking me about this. I just learned that there's a company calling itself "Crypto.Com, Inc." that just issued a press release making all sorts of claims about some wonderful new cryptographic technology. I have no idea what the merits of this technology might or might not be, but this "Crypto.Com, Inc." company is in no way affiliated with me, the www.crypto.com web site, or anyone else connected with it. I have no idea who they are, where they came from or what they do, or why they decided to call themselves "Crypto.Com", a name that I have had registered and been using continuously since 1992. Unfortunately, the Business Wire press release (which was about the purchase of "Crypto.Com" by another company called "Eurotech") made a number of very strong claims that I worry might seriously harm my own reputation, should people erroneously conclude that this "Crypto.Com" company has something to do with me. In particular, the "Crypto.Com" press release says: "The technology provides for absolute security on open circuits between two users without the use of a key. The new cryptography concept creates absolutely unbreakable ciphers allowing software to be absolutely secure for the Internet, networks, and telephone lines." http://www.businesswire.com/cgi-bin/f_headline.cgi?bw.022900/200601577ticker=EURO I have no idea what "the technology" is, but all cryptographers know that the only "absolutely" unbreakable cipher that can ever exist for "open circuits" is the one-time pad, which not only requires the use of a key, but requires that the key be as long as the message, and used only once. -Matt Blaze, 29 February 2000
ARCOT/Cryptographic Camoflage
I've been (repeatedly) attempting to repel a sales droid from ARCOT, who wants to sell me their "cryptographic camoflage" product. I reviewed their IEEE paper again, and I'm still unimpressed with this stuff. In a nutshell, the security of the product lies in keeping the public exponent secret, as well as the private exponent [It's an RSA system]. The idea is that the PIN/passphrase that protects the private exponent need not be that strong, since there's no way to verify that you've found the correct private exponent without also knowing the public exponent (in their scheme, the public exponent is picked randomly, and is set to be roughly half the size of the modulus). There's also a lot of other painful dancing around to make sure that things like messages encrypted under the public key are never made available to anyone but the "trusted domain" that this system lives in. The only real protection they have is that the server side of this stuff disables the user after a small number of failed authentication attempts, otherwise you could use servers as oracles to test trial decryptions of the private key. The system is horribly broken if it's ever possible to intercept a message encrypted under the public key of the target user, since they make no attempt to enforce any kind of passphrase quality, and it's not clear whether they use PKCS#5 techniques to generate (symmetric) keying material from the passphrase. They do use random padding on signatures, which precludes verifying a guess at the private key by comparing signatures from an intercepted message. But that's nothing special--I started doing that years ago. Has anyone else looked at this stuff?
More on Echelon
From Edupage via IP --- Start of forwarded message --- The National Security Agency (NSA) recently defended itself in a letter to Congress, claiming that all of its activities under the Echelon satellite-surveillance program are conducted lawfully. The agency has come under fire recently from the European Parliament, which accused the NSA of using intelligence for the benefit of American industry. The European Parliament also contends that ordinary European and American citizens are being spied upon. The American Civil Liberties Union has recently requested congressional hearings on the matter. (New York Times, 28 Feb 2000) --- End of forwarded message ---
60 Minutes on Echelon
This URL points to a summary of last Sunday's story on 60 Minutes: http://cbsnews.cbs.com/now/story/0,1597,164651-412,00.shtml -- Perry Metzger [EMAIL PROTECTED] -- "Ask not what your country can force other people to do for you..."
Re: crypto.com
Of all the gin joints in all the towns in all the world, Matt Blaze had to walk into mine and say: I have no idea who they are, where they came from or what they do, or why they decided to call themselves "Crypto.Com", a name that I have had registered and been using continuously since 1992. Do you have it registered with the PTO, or just in the DNS? If the latter, their next move is probably to have the Internic take your domain away from you under the current trademark infrigement policy. Beware... -- Harald Koch [EMAIL PROTECTED] "It takes a child to raze a village." -Michael T. Fry
Re: More on Echelon
From Edupage via IP --- Start of forwarded message --- The National Security Agency (NSA) recently defended itself in a letter to Congress, claiming that all of its activities under the Echelon satellite-surveillance program are conducted lawfully. The agency has come under fire recently from the European Parliament, which accused the NSA of using intelligence for the benefit of American industry. The European Parliament also contends that ordinary European and American citizens are being spied upon. The American Civil Liberties Union has recently requested congressional hearings on the matter. (New York Times, 28 Feb 2000) Unless my memory has let me down (and it's been a few years since I read "The Puzzle Palace") the three main reasons for Echelon are: (i) Collaboration of intelligence on things that need global attention. (ii) Getting listening stations closer to the heart of "Bad Guys of the week" due to the land masses that make up the five signatories. (iii) Circumventing the provisions in the legislation that set up these agencies which stop them from spying on their own civilians. Regardless of what is currently being said about using Echelon wrt industrial espionage, I think (iii) is far more important to be made from a Civil Liberties point of view. This allows the NSA, GCHQ etc. to stand up and say that they are conducting everything totally legally, and that they are not spying on their own nationals, the fact that the other agencies are providing them with the relevant information is neither here nor there. Geraint
Re: crypto.com
Harald Koch wrote: Do you have it registered with the PTO, or just in the DNS? If the latter, their next move is probably to have the Internic take your domain away from you under the current trademark infrigement policy. Beware... Good point. In fact, an inspired challenge. If the nouveau Crypto.com attempts to snatch the domain from Matt, what a wonderful public battle that would be. Oh yes, may that foolish gambit be played. Matt just might make a couple of hundred thousand to agree to let them off the hook they've set for themselves. But no gentleperson handshake to forget about it. Particularly if the culprits work daytime at Vodaphone RD, or worse, Crypto.ch.
Re: hiding plaintext
On Tue, Feb 29, 2000 at 11:14:31AM -0500, Russell Nelson wrote: One could increase the difficulty of decryption by three or four doublings by intermixing random data with plaintext in a message. Here's the least stupid method I can think of: the first character in a message is the start of text (SOT) character. The second character in a message is the end of text (EOT) character. The message itself consists of random data intermixed with plaintext prefixed by SOT and suffixed with EOT. An EOT outside of plaintext stands for itself. An SOT inside plaintext stands for itself. This method can encode arbitrary plaintext. By implication, the random data does not contain an SOT nor EOT. I assume that you do this before encryption. Wouldn't compressing the plaintext before encryption have the same effect? -- Eric Murray www.lne.com/~ericm ericm at the site lne.com PGP keyid:E03F65E5
Justice Department criticizes online anonymity
Of more relevance to this list, perhaps, is yesterday's testimony of the FBI's Michael Vatis with the bureau's usual crypto-complaints: http://www.house.gov/judiciary/3.htm convicted terrorist Ramzi Yousef, the mastermind of the World Trade Center bombing, stored detailed plans to destroy United States airliners on encrypted files on his laptop computer. -Declan http://www.wired.com/news/politics/0,1283,34659,00.html U.S. Wants Less Web Anonymity by Declan McCullagh ([EMAIL PROTECTED]) 3:00 a.m. 1.Mar.2000 PST WASHINGTON -- The U.S. government may need sweeping new powers to investigate and prosecute future denial-of-service attacks, top law enforcement officials said Tuesday. Anonymous remailers and free trial accounts allow hackers and online pornographers to cloak their identity, deputy attorney general Eric Holder told a joint congressional panel. "A criminal using tools and other information easily available over the Internet can operate in almost perfect anonymity," Holder told the panel. Holder said the Clinton administration is reviewing "whether we have adequate legal tools to locate, identify, and prosecute cyber criminals," but stopped short of endorsing a specific proposal. Currently no laws require U.S. Internet users to reveal their identity before signing up for an account, and both fee-based and free services offer anonymous mail, Web browsing, and dialup connections. [...]
Re: hiding plaintext
Eric Murray writes: On Tue, Feb 29, 2000 at 11:14:31AM -0500, Russell Nelson wrote: One could increase the difficulty of decryption by three or four doublings by intermixing random data with plaintext in a message. Here's the least stupid method I can think of: the first character in a message is the start of text (SOT) character. The second character in a message is the end of text (EOT) character. The message itself consists of random data intermixed with plaintext prefixed by SOT and suffixed with EOT. An EOT outside of plaintext stands for itself. An SOT inside plaintext stands for itself. This method can encode arbitrary plaintext. By implication, the random data does not contain an SOT nor EOT. I assume that you do this before encryption. Yes. Wouldn't compressing the plaintext before encryption have the same effect? Only if you use a secret compression system. Otherwise the structure of your compression system still exists as a known plaintext. You could (probably should) compress your plaintext before running it through the above algorithm. The essence of the above algorithm (let's call it BP1, for Buried Plaintext 1) is to force the decryption trial to be iterated until the buried plaintext is found. It means that the decryption engine needs to have the full crypttext available to it. If you can decrypt a message in N steps, then using BP1 with half random data forces you to do N*2 steps, where the steps themselves are more complicated. The storage requirements are higher, as are the data transfer pathways. -- -russ nelson [EMAIL PROTECTED] http://russnelson.com Crynwr sells support for free software | PGPok | "Ask not what your country 521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
Re: Justice Department criticizes online anonymity
At 10:36 AM -0800 3/1/00, Declan McCullagh wrote: Of more relevance to this list, perhaps, is yesterday's testimony of the FBI's Michael Vatis with the bureau's usual crypto-complaints: http://www.house.gov/judiciary/3.htm convicted terrorist Ramzi Yousef, the mastermind of the World Trade Center bombing, stored detailed plans to destroy United States airliners on encrypted files on his laptop computer. Unsurprising. And a major reason I have long argued that crypto rights should _never_ be based on the once-popular whines of "show me just one example of a criminal who used cryptography." Using this argument is a recipe for disaster. http://www.wired.com/news/politics/0,1283,34659,00.html U.S. Wants Less Web Anonymity by Declan McCullagh ([EMAIL PROTECTED]) Currently no laws require U.S. Internet users to reveal their identity before signing up for an account, and both fee-based and free services offer anonymous mail, Web browsing, and dialup connections. And, critically, the U.S. Constitution provides a solid base that speech need not be linked to a True Name. From the basic language of the First to the recent cases (Talley, IIRC) about anonymous pamphlets. Further, any person is free to incorporate into his writings the excerpted writings of others (modulo copyright laws, which are not relevant for obvious reasons). This means that "anonymous recommenters" are fully protected. "Hey, AnonymousRemailerFoo, look at what AnonymousSenderBar just sent me: "Request-Recommenting-To: AnonymousRemailerBaz. --text"" Of course, an anonymous remailer is just as protected by the First as this hypothetical (and contrived) anonymous recommenter is, but it may help some to see just how far-ranging the implications of banning anonymous speech would be. --Tim May -:-:-:-:-:-:-: Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
Re: Justice Department criticizes online anonymity
At 01:36 PM 3/1/00 -0500, Declan McCullagh wrote: Of more relevance to this list, perhaps, is yesterday's testimony of the FBI's Michael Vatis with the bureau's usual crypto-complaints: Michael was the FBI chief I put on the spot at the '98 RSA conference. He proudly pitched how the FBI's National Infrastructure Protection Center would deter foreign countries from snooping and penetrating the Internet and communication systems of U.S. corporations. However, he quickly fell silent and stammered when I asked how they intended to protect us from the ECHELON activities of our UKUSA partners. --Steve
please help FreeNet by becoming a node
(((I urge you to donate some of your computational/networking resources to the Freenet project, even if it's a single xDSL box. Details how to help see Latest News below.))) http://freenet.sourceforge.net/ "I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say 'Daddy, where were you when they took freedom of the press away from the Internet?'" -Mike Godwin FreeNet Latest News 18th Feb 2000 - Now is your chance to help Freenet is now in its testing phase, to facilitate this we need people who can run a Freenet node on their computers. To participate you will need a computer capable of running java 1.1 which has a permanent connection to the Internet, a fixed IP address, and is not behind a firewall. If you have access to such a beast and would like to help the Freenet project please click here for instructions on how to install a Freenet server. What is Freenet? The Freenet project aims to create an information publication system similar to the World Wide Web (but with several major advantages over it - see next section), where information can be inserted into the system and associated with a "key" (the key is normally some form of description of the data such as "freenet source code V1.0"). Later anyone else can retrieve the data using the appropriate key. In this respect it is a little like the World Wide Web which requires a "URL" to retrieve a particular document. To participate in this system users will simply need to run a piece of Java software on their computer, and optionally use a client to insert and remove information from the system. Anyone can write a client (or indeed a server) however the reference implementations will be written in Java. If you are interested in why someone might want to create a system like Freenet please take a look at the philosophy page. Why is Freenet interesting? Click on any of the following reasons for more information about each: Freenet does not have any form of centralised control or administration It will be virtually impossible to forcibly remove a piece of information from Freenet Both authors and readers of information stored on this system may remain anonymous if they wish Information will be distributed throughout the Freenet network in such a way that it is difficult to determine where information is being stored Anyone can publish information, they don't need to buy a domain name, or even a permanent Internet connection Availability of information will increase in proportion to the demand for that information Information will move from parts of the Internet where it is in low-demand to areas where demand is greater What is Freenet's current status? Much of the server is complete, and a command line client (which is developed in parallel and shares some code with the server) is also nearing completion. As of 8th Feb 2000 the following remains to be done: Some minor changes to message behaviour Fix hashing on Liberator (a contributed Perl implementation of a Freenet client) Implement tunneling (a mechanism which will dramatically improve Freenet response times) Speed up handshaking mechanism (which will also improve response times) Conduct a wide-scale multi-node beta-test (at present most tests have been conducted by running several nodes on the same computer). You should subscribe to the announcement mailing list to be informed of major releases (this is a low traffic mailing list). Can I help? Yes, definitely. If you have Java programming experience, or are familiar with cryptography then you will be particularly useful, but everyone is welcome. If you just want to find out more make sure you have read everything on this site - and then join the General mailing list. If you are keen to contribute, first take a look at the code in CVS, then you should join the Development mailing list and let us know what you think you can do. Why implement the first Freenet server in Java? Because: Java is the most cross-platform language currently available There are free Java implementations available such as Kaffe, we will ensure that Freenet is always compatible with these versions even if Sun attempt to make it more difficult for free Java implementations to keep up. Java has excellent network support Java is easier to debug than other languages such as C++, and this lets us get on with the business of implementing Freenet quickly and reliably!