Re: [cryptography] crypto mdoel based on cardiorespiratory coupling

2014-04-10 Thread Givon Zirkind 
i did not read the paper, but, if their model is a variant of OTP, with 
a running stream cipher, it is possible, that it is "non-decryptable by 
method" or semantically secure, or has no algorithmic decryption, only 
brute force. however, as protein signalling (bio-informatics) is based 
on a limited "alphabet" of amino acids, which is further reduced because 
form requires that each amino acid will have only one mate 
(opposite)--the shape & structure of proteins very much defines the 
function of proteins; i am hard pressed to see, how they can come up 
with an infinite number of possibilities. rather, the signaling would be 
quite specific.  in other words, well defined, not ambiguous.  just the 
opposite of OTP.


On 4/10/2014 12:53 AM, Jeffrey Goldberg wrote:

On 2014-04-09, at 7:17 PM, travis+ml-rbcryptogra...@subspacefield.org wrote:


http://threatpost.com/crypto-model-based-on-human-cardiorespiratory-coupling/105284

This is nonsense, right?

Yep.


  Unbounded in the sense of relying on secrecy of the unbounded number of 
algorithms?

The distinction between algorithm and parameter (along with other things) seem 
muddled.

I commented on it is a few posts in sci.crypt.  Here are trimmed highlights.

Jeffrey Goldberg wrote in Message-ID:   :


[...]the 60 item bibliography of their paper cites only one source in 
cryptography (and that is on quantum key exchange).

Somehow the first sentence of the paper doesn't inspire confidence either:

"It is often the case that great scientific and technological discoveries are 
..."

[...]
What I see as I glance over this paper is that people who have been caught up in the 
fadish understanding of "chaos theory" see that they get PRNGs out of their 
dynamical systems (true enough).

But quite emphatically, the PRNGs that you get from most of this non-linear 
dynamical systems are not cryptographically appropriate. Indeed, there are 
tests that can distinguish whether the random sequences is likely to be from 
such a system. If I understand correctly, even their noise filtering component 
depends on exactly that technology.


Cheers,

-j


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] DES history

2014-05-05 Thread Givon Zirkind 
A question about DES.  Did anyone ever try & map or graph the routes 
through the S-boxes?  I mean pictorially.  Do the routes produce some 
kind of wave or path, that have (or have not) relationships with the 
other routes?

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] [Cryptography] Email encryption for the wider public

2014-09-19 Thread Givon Zirkind 
very good suggestion!  i've been following this thread with interest.  
relevant to a commercial product i am working on.  i thought keeping the 
key in the address book was the most practical idea.  but, you still 
have to exchange the keys.  the biggest problem is the lookup for a key 
in a key server (keystore).  but, automatically sending a separate 
header sounds, er...automatic, transparent to the user.  and lets the 
system do the work.  long, more than 10 digits, unintelligible email 
addresses won't work.  imho.  can't be memorized, even if chunked.  too 
many pieces.


On 9/19/2014 4:31 AM, Werner Koch wrote:

On Fri, 19 Sep 2014 06:57, g...@toad.com said:


She can send you email at de...@ihtfp.com once, and when your replies
all come from:

   From: Derek Atkins 

then when she replies to you, she'll be sending encrypted emails.  But

The same can be achieved with a separate mail header for the key and a
local association of key and mail address for future communication
(which you need for the above scheme also).


Shalom-Salam,

Werner



___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Email encryption for the wider public

2014-09-19 Thread Givon Zirkind 
this is an interesting point.  since google scrougles your emails and 
their aup says you agree to let them, by machine, sift through your 
data, to target you for marketing--Google Analytic's targeted ads--how 
receptive would Google or any freemail provider be, to an innate 
encryption scheme.  if i were a lawyer for Google, I could even argue 
that such a user has violated Google's AUP and the account can be shut down.


On 9/19/2014 5:33 AM, Henry Augustus Chamberlain wrote:

Hi all,

Some very interesting points so far. To avoid making this email too
long, I'm going to reply without quoting - I hope this doesn't
inconvenience anyone.

Regarding the memorability issue, all I can say is that end-to-end
encryption really does require sharing 100+ bit keys - it's essential!
You may be able to memorise your email address at the moment, but
that's only half the story, since you can't memorise your public key!
I can't solve every problem with PGP, but I still think this proposal
solves a fair few of them. In some cases it improves on PGP, and in
the other case it's at least no worse: you can still use online
institutional directories etc if you want.

Don't forget all the advantages this scheme could bring! Simplicity
and transparency for the end user is really important! They're more
likely to understand the significance of a public key if it forms part
of the address (despite not understanding why it has to be this way).

Perhaps it doesn't help Derek's mum - nor my mum, for that matter -
but there are plenty of people for whom PGP is to complex whereas this
scheme would be manageable. If you wish, you can send some emails
encrypted and others unencrypted, just like you can with PGP - in this
case, you'd just need two addresses (which is surely no worse than
PGP, where you have an address and a key).

Regarding telephone conversations: if it's with a mobile phone,
perhaps a text message would work; if it's a landline, you probably
have internet access, so an initial unencrypted email would work if
you're not worried about man-in-the-middle attacks. (If you are
worried about such attacks, then a bit of effort might be required,
beyond just rattling off a short email address over the phone.)

By the way, I'm suggesting printable characters to encode the key, not
arbitrary bytes. An alphanumeric character stores nearly 6 bits (or 5
if it isn't case-sensitive), so 256-bit keys would require around 50
characters. Email standards allow 64 characters for the local part of
the address, so there's room for error-correction too.

Regarding the point about forged email addresses: for cryptography to
work, you need to identify people using their keys, not their
addresses. With PGP, you could send an email to my mum, using my email
address but the wrong signature; if my mum is just relying on the
email address, then that defeats the purpose of PGP. Of course, most
PGP systems compare the key with that stored in the address book; a
similar system can be used for my proposal, but with the advantage
that forged emails don't give rise to the situation where the address
is known but the key is unknown, which might lead a naive user to
assume something's broken with the crypto software.

Regarding webmail... I still haven't solved that one. Maybe there's an
inherent contradiction in trying to include webmail in an end-to-end
encryption system.

I like the idea of using the "address+...@gmail.com" technique,
although it does contradict the idea of "identify people using the
key, not the address". Also, in my original proposal, I suggested
using the private key (instead of a password) to login to the email
server. I reckon Gmail is unlikely to allow that in the near future :)

Best wishes,

Henry
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] random number generator

2014-11-19 Thread Givon Zirkind 
Plz excuse if inappropriate.  Does anyone know of a decent (as in really 
random) open source random generator?  Preferably in PHP or C/C++?


Thanks.
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] new encrypted phones

2014-11-20 Thread Givon Zirkind 
this whole hulabalu about encrypted phones, its only the data on the 
phone that's encrypted.  not the conversations.  right?


does the encryption extend to call logs?
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] new encrypted phones

2014-11-20 Thread Givon Zirkind 
also, even though the key is unique to the phone, there are lots of 
files & data.  i mean, if you know even one contact in the person's 
contact list, doesn't that compromise the encryption?  not to mention 
scribbing for "mom" "mother" and the like.  IMHO, while being ignorant 
of many relevant facts, the NSA could probably easily hack one of these 
phones.  the only reason the cops can't hack these phones, is that they 
can't afford the computing power or expertise to do so.  so what?  they 
can always request help from the FBI's crypto unit. or, some other 
source.  can't they?  and, the cops have crypto ppl on staff.  imho, it 
won't be long before the cops will get around this encryption.


On 11/20/2014 6:08 AM, Givon Zirkind wrote:
this whole hulabalu about encrypted phones, its only the data on the 
phone that's encrypted.  not the conversations.  right?


does the encryption extend to call logs?
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] javascript random function

2014-12-18 Thread Givon Zirkind 
does anyone have info on how good or what weaknesses, the javascript 
random is/has?


does it work off a formula, that if u knew the formula, u could figure 
out the random number generated?


thanks.
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Unbreakable crypto?

2015-03-22 Thread Givon Zirkind 

On 3/20/2015 6:56 PM, Michael Kjörling wrote:

On 20 Mar 2015 15:11 -0400, from kevinsisco61...@gmail.com (Kevin):

I was tempted by the promise of software to run a one-time pad on my
machine.  I am a fool and I fall upon my own sword.

An unauthenticated one-time pad is trivial to implement; it's
literally a few lines of code in any reasonably modern language, and a
handful of lines of code in less modern ones.

The hard part, as has been pointed out in this thread, is to generate
and handle the _pad_.

imho, this is not as difficult as you say.  using a time-date stamp as 
part of your seed.
the real difficulty is in the length of the key.  rounding & other 
calculations errors will quickly interfere.
but, for up to 500 characters, the length of the avg email, imho, you 
can produce a non-reusable pad

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Unbreakable crypto?

2015-03-22 Thread Givon Zirkind 

agreed.

On 3/21/2015 5:18 PM, John Levine wrote:

Would a commonly available large binary file make a good one-time pad?
Something like ubuntu-14.10-desktop-amd64.iso12 maybe..

Unlkely for two reasons.  One is that the point of a one-time pad is
that only the sender and recipient are supposed to have a copy.  The
other is that something like a Linux distribution has extremely
obvious regularities, so it wouldn't be hard for a cryptographer
to figure out what it was.

The way you make a one time pad is to take a source of actual (not
pseudo) randomness and record a lot of it in a form that is relatively
easy to distribute securely, like a DVD-ROM.

R's,
John
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] AES Implementation

2015-05-12 Thread Givon Zirkind 

Hi,

Can anyone recommend an open source AES library in some flavor of C?

Thanks.

G.

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] LastPass have been hacked, so it seems.

2015-06-16 Thread Givon Zirkind 

keeping something safe in the cloud inherently requires trusting a third party.

yeah, that says it all.

no access safe.  access not safe.

cloud computing is good for non critical stuff and stuff you want ppl to see anyway.  like your web page.  even then, _javascript_ injection jacking your page, blah, blah.

if the cloud is not good for HIPAA, banks, financial institutions, that should be a clue.

 

 

Sent: Monday, June 15, 2015 at 6:46 PM
From: Moti 
To: cryptography@randombit.net
Subject: [cryptography] LastPass have been hacked, so it seems.







I always had my doubts about keeping my passwords in the cloud.
Let's hope for LastPass users that their data is as secure as LastPass claims it is.
No reason to think otherwise of course, but still. If i read correctly between the lines, some people's (sensitive) data maybe on the wrong hands.
I mean, what if Chinese hackers got it? (Yeah, it feels like i sound a bit Paranoid, but in this day and age, Chinese hackers are actually a thing:)
are we sure that the Chinese government don't have enough computing power to unhash whatever was taken?
just saying...









https://blog.lastpass.com/2015/06/lastpass-security-notice.html/

 

Cheers,
 

Moti.









___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography



___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] a little help with cookies please

2015-09-15 Thread Givon Zirkind 
is it correct that [web page] cookies are trully local?  is it correct, 
that they are not passed to the server when a submit button is pressed  
unless specifically sent.  unlike [web page] form data which is 
automatically passed to the server.

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Paris Attacks Blamed on Strong Cryptography and Edward Snowden

2015-11-17 Thread Givon Zirkind 
imho, the crypto involved is not the issue.  not having boots on the 
ground, good intel, good spies who can walk and talk like the enemy, is 
the real issue.  there was no crypto in the false i.d. papers used to 
gain entry.  there is no crypto in exploiting the humanitarian aid being 
given to syrian refugees.  these people operate in unconnected cells.  
how much communication can there be; once an idea is hatched; a plan 
formed and; put into motion--from a few secret meetings.  esp. since 
they know enough to have to maintain radio silence.


On 11/17/2015 12:38 PM, Justin F wrote:

"This Is War!" Perfect for all consumers except the slaughtered, a few of which 
get ritual mourning (most ignored, unreported,
unsacrelized, unheroricized, unencrypted)."

It's actually amazing, if you have a story and documentation and its a
bombshell to a point that it makes you question the accuracy due to
your own belief structure (id est FOIA responses are required to be
truthful, courts are always impartial, etc); the biggest problem is
actually finding someone whom is willing to look up from their smart
phone long enough to listen to a non-trivial story.

What an incredibly indifferent society we've become.


On Tue, Nov 17, 2015 at 11:06 AM, John Young  wrote:

Wheedling about crypto and Snowden diverts from CIA Director's full speech
and broader critique. CIA version omits Q&A.

http://csis.org/files/attachments/151116_GSF_OpeningSession.pdf

To be sure, commentators must promote their products to flatter their
consumers as do spies, officials and
armaments (crypto) producers.

Officials buy the armaments to gain votes and post-service directorships,
word artists blow wind to fan the flames.

"This Is War!" Perfect for all consumers except the slaughtered, a few of
which get ritual mourning (most ignored, unreported, unsacrelized,
unheroricized, unencrypted).

Hard to tell the difference between opportunistic warmongerers or
anti-warmongerers, so ying and yang in complicity.

At 10:03 AM 11/17/2015, you wrote:

1. https://www.schneier.com/blog/archives/2015/11/paris_attacks_b.html
2.
https://theintercept.com/2015/11/15/exploiting-emotions-about-paris-to-blame-snowden-distract-from-actual-culprits-who-empowered-isis/

<>


<>

<>


<>


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

[cryptography] Fwd: Re: Paris Attacks Blamed on Strong Cryptography and Edward Snowden

2015-11-19 Thread Givon Zirkind 


we have always had crypto.
sign language.  secret handshakes.  letter and symbol codes. lingua 
franca.  specialized vocabularies.

three yellow flags for vegan restaurants.
certain types of architecture indicating members of religions/beliefs 
and safety for slaves.
if you think of it on a macro level, crypto is just a kind of advanced 
language or alphabet you don't know yet.


On 11/19/2015 1:21 AM, mtm wrote:


how did hominids manage prior to crypto?

On Nov 18, 2015 11:26 PM, "grarpamp"  wrote:

On Wed, Nov 18, 2015 at 8:51 PM, Ted W. mailto:ted-li...@xy0.org>> wrote:
> And yet, we find that the Paris attackers did not communicate via
> encrypted channels for most of their planning. Surprise surprise:

Which means absolutely nothing to these anti crypto people.
And is no excuse for you to quit deploying crypto and fighting them.
___
cryptography mailing list
cryptography@randombit.net 
http://lists.randombit.net/mailman/listinfo/cryptography



___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography




___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Paris Attacks Blamed on Strong Cryptography and Edward Snowden

2015-11-19 Thread Givon Zirkind 
i'm in the middle of reading Bruce Schneier's lastest book, "Data and 
Goliath".  sheds a lot of light on this subject.  very interesting 
book.  very insightful.   a good read.  i recommend it.  i picked it up 
to understand Google, scroogling, big data and the computer mechanics of 
corporate spying better.  but, he goes deeply into this subject of 
spying on citizens.  being able to kill with metadata alone.  [CIA 
quote] etc.


he makes a good point that we as mammals, fell like prey if being 
watched and can't function fully.  and, the younger generation is quite 
desensitized to most of this spying.  they post their love lives on 
facebook and are flamed when breaking up. the younger generation is much 
more accepting of what the older generation would consider embarassing 
and private.


all of this stuff is a double edged sword.  we can spy on citizens for 
terrorism or to silence political dissidents.  if we limit free speech 
to prevent terrorism, human rights activists won't be able to speak 
either.  best analogy, bank robbers use cars, roads, diners and 
electricity.  but, we don't illegalize cars, roads, diners and 
electricity.  because, most people don't use them for robbing banks.  
ditto crypto.


people still use envelopes; have locks on their doors, close the 
bathroom and get hotel rooms for "adult activities".  they are, in the 
majority of the time, doing nothing illegal.


imho, his analogy with the heightened airport security does apply to 
crypto and mass surveillance.  they've caught a lot of petty theives.  
but, no terrorists.  this is intuitive.  the population at large has 
noticed this.  ditto crypto n mass surveillance.


the corrollary is, the billions of dollars spent spying on citizens in 
the name of protecting us from terrorism, is more than just a waste of 
money--it's a dereliction of duty!  i don't care how much the gov't 
spends on fighting terrorism or; how it is done.  but, it should work!  
they shouldn't be sitting on their behinds reading oujie boards to find 
terrorists either!  this isn't the TVA workfare pgm.


also, he confirms my simple logic, if there is a backdoor, anyone can go 
through it.  "What one man can do, another man can undo." whether a 
foreign gov't or criminal, sooner or later, someone body you don't want 
to, will come through that backdoor.  either we make it safe for 
everyone.  or, we make it insecure and surveilable for everyone.


and, finally, someone else talks about the defects of profiling, all the 
false positives [and false negatives].  not to mention the incorrect 
math and statistical analysis. profiles are guidelines at best.  not 
definitions.  [my 2c]  he adds the cost of the human intervention and 
investigation necessary to correct the incorrect assessments.


do they not profile political activists?  your medical condition? from 
logged purchases?  where is the right and wrong in this?


and, they collect so much data, no one knows what's in it. unless, a 
flag goes off.  which, may not happen.  but, when it does, digging 
through the archives might help. [my 2c]


we have already opened our world to a new kind of discrimination that is 
non-combatible.  apply for a job.  they put your name in google and 
twitter and facebook and; see what comes up.  even if it is private.  my 
hunch is, they give it to PIs who do break the laws to find this info.  
and then, "we found someone more qualified for the job."  even if you 
scrub your google listings, there are always bread crumbs.


with everyone looking for the right search terms, sending ridiculous job 
offers to ppl based upon chumming resumes without human intervention.  
you may be lucky, if they never considered you anyway.


imho, this crypto warmongering is just using fear for control and 
justification of huge bureaucracies that are inefficacious to the task 
assigned.


On 11/19/2015 12:25 AM, grarpamp wrote:

On Wed, Nov 18, 2015 at 8:51 PM, Ted W.  wrote:

And yet, we find that the Paris attackers did not communicate via
encrypted channels for most of their planning. Surprise surprise:

Which means absolutely nothing to these anti crypto people.
And is no excuse for you to quit deploying crypto and fighting them.
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Paris Attacks Blamed on Strong Cryptography and Edward Snowden

2015-11-19 Thread Givon Zirkind 
u have nothing to fear, if u have nothing to hide.  said, the Nazis and 
Communists.  so, if you need workers to build a remote railway.  and, no 
one wants to work there.  instead of offering incentives, accuse them of 
crimes never committed.  from all those things they didn't have to hide. 
or, just, to keep the rest in line, send a few off to some camps, to 
never be heard from again.  because of all that stuff that they didn't 
have to hide.


anyone remember McCarthy?  like the idea doesn't live on?

On 11/19/2015 7:04 AM, John Young wrote:

At 01:21 AM 11/19/2015, you wrote:


how did hominids manage prior to crypto?


Pretty much the way most hominids do today. And will continue
to do the same way until crypto becomes normalized (if ever)
and less esoteric, cultish, obnoxious, condescending, vain,
whiney, excuse making. And above all these negative traits,
eager to sell products to authoritarians, governments, cults,
criminals, oligarchs, banks, gamblers, drug dealers, yadda.

Plenty of ways to avoid crypto as it has existed for its
very long history of serving the most evil, treacherous,
manipulative, deceptive, cheating, lying hominids on
earth and interstellar.

Crypto has a wretched history of helping a few harm millions.

Maybe it will change, but there has been a counter authority
of violence effort for only a couple of decades, and during
those decades the common practice of secretkeeping, lying
and cheating for crypto money making has grown even among
those loudly proclaiming the public benefits. PKC has indeed
enriched some, and others striving to get on that evil-doing
train of dual-hats and dual-use and dual-pontification.

As the NY Times said of John Brennan, hard to believe anything
crypto advocates have to say due to the far greater number of
crypto sleazeball hominids reaping rewards of aiding governments
than crypto hominid honorables aiding one another.

Spies and cryptographers spread secrets pox. Stay far away for good
health. Do not adopt that language everywhere.




___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Paris Attacks Blamed on Strong Cryptography and Edward Snowden

2015-11-20 Thread Givon Zirkind 

yeah, crypto is not the path to riches.

Brown, in his famous survey on maps said about alchemy, 'If one could 
figure out how to turn lead into gold, what would that achieve?  It 
would cheapen the price of gold.  Only a gov't / prince / king could use 
it.  If a commoner did it, he'd either be killed or kidnapped to do it 
for someone else.  So, why figure out how to turn lead into gold?'


I think in a certain measure, that applies to crypto too.  The best is 
in the hands of the gov't for a reason.  They need it.  If we never 
shared secrets, we would never have trust.  Society would break down.  
It is not cost effective for the average person, even in a lot of 
business situations.  And, if you make crypto that good, the gov't, your 
own or an enemy gov't or; the mob, will come after you to coerce you to 
work for them.  Money you will not make.


my 2c

don't remember Phil Zimmerman saying that.  not in his book on PGP for sure.

On 11/20/2015 7:42 AM, Notify wrote:

Summarizing, John Young says crypto has served bad motives and is engaged 
commerce for money. Since crypto can be sold to governments (those who don’t 
employ the majority of top mathematicians, I assume), it is oppressive and some 
people make money selling it.

I doubt there is a prison, spy headquarters, or torture chamber in the world 
that did not begin with the pencil of an architect. For money. What shall we do 
about architects?

I think it may have been Phil Zimmermann who pointed out that the most 
elaborate and expensive of homes spend only a pittance on the door locks. If 
crypto is the path to commercial riches, it would come as a surprise to the 
capitalists on Sand Hill Road.

Ed Stone



On Nov 19, 2015, at 8:21 PM, cryptography-requ...@randombit.net wrote:

Message: 2
Date: Thu, 19 Nov 2015 07:04:05 -0500
From: John Young 
To: cryptography@randombit.net
Subject: Re: [cryptography] Paris Attacks Blamed on Strong
Cryptography and Edward Snowden
Message-ID: 
Content-Type: text/plain; charset="us-ascii"; format=flowed

At 01:21 AM 11/19/2015, you wrote:


how did hominids manage prior to crypto?

Pretty much the way most hominids do today. And will continue
to do the same way until crypto becomes normalized (if ever)
and less esoteric, cultish, obnoxious, condescending, vain,
whiney, excuse making. And above all these negative traits,
eager to sell products to authoritarians, governments, cults,
criminals, oligarchs, banks, gamblers, drug dealers, yadda.

Plenty of ways to avoid crypto as it has existed for its
very long history of serving the most evil, treacherous,
manipulative, deceptive, cheating, lying hominids on
earth and interstellar.

Crypto has a wretched history of helping a few harm millions.

Maybe it will change, but there has been a counter authority
of violence effort for only a couple of decades, and during
those decades the common practice of secretkeeping, lying
and cheating for crypto money making has grown even among
those loudly proclaiming the public benefits. PKC has indeed
enriched some, and others striving to get on that evil-doing
train of dual-hats and dual-use and dual-pontification.

As the NY Times said of John Brennan, hard to believe anything
crypto advocates have to say due to the far greater number of
crypto sleazeball hominids reaping rewards of aiding governments
than crypto hominid honorables aiding one another.

Spies and cryptographers spread secrets pox. Stay far away for good
health. Do not adopt that language everywhere.

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Paris Attacks Blamed on Strong Cryptography and Edward Snowden

2015-11-21 Thread Givon Zirkind 

Were it not for the intellectual stimulation of working with crypto,

i think that's the only real reason to work with crypto.

On 11/20/2015 10:09 A
M, Arshad Noor wrote:

On 11/20/2015 04:42 AM, Notify wrote:



If crypto is the path to commercial riches, it would come as a 
surprise to the capitalists on Sand Hill Road.




Couldn't agree more.  Were it not for the intellectual stimulation of
working with crypto, I might actually be making a lot more money.
Heck, I was making a lot more money 20 years ago just telling people
how to use UNIX!!

Arshad Noor
StrongAuth, Inc.
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] ISIS’ OPSEC Manual

2015-11-23 Thread Givon Zirkind 
perhaps a silly question.  but, can ISIS or others embed virues and 
trojans in their pdfs?
i mean assuming u r downloading a pdf and not spoofed to an exe or self 
loading something.
i am curious about some of their literature.  but, not interested in the 
time it might take to cleanup after a download.


On 11/23/2015 12:00 PM, John Young wrote:

https://www.wired.com/wp-content/uploads/2015/11/ISIS-OPSEC-Guide.pdf
http://www.wired.com/2015/11/isis-opsec-encryption-manuals-reveal-terrorist-group-security-protocols/ 



So ISIS is well ahead of most worldwide users of popular comsec-privacy-
anonymizing tools, whether govs, coms, ngos, individuals, even hog-tied
and NDA'd experts, where failures are commonplace and comsec troubadors
forever yodel for always more advanced but less accessible, hardly 
understandable

must less easily usable programs and devices promoted by consultancies,
lectures, TEDs, tweets, emails, handbooks, Snowden's advisories to 
journos,
training documentaries, YouTubes, contested open and classified 
standards,

and cascades of earnestly end to endless crypto evangelical campaigns.

Surely these ridiculous failures are outweighed by unknown successes. 
Surely,
public use of crypto is making genuine progress. But who would know 
that by
reading popular press and complaints on crypto fora where tales of 
screw ups

amuse the incarcerated.



___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Paris Attacks Blamed on Strong Cryptography and Edward Snowden

2015-12-01 Thread Givon Zirkind 
the logical choice, as absurd as it may seem, is actually 3. allow for 
the occassional terrorist success.
because, empirically, it works that way.  it does happen from to time 
even with all our current measures.  and, intuitively, the high level 
surveillance doesn't catch these ppl anyway.  these are people who 
really really don't want to be found.  ex. heightened airport security 
hasn't caught terrorists. lots of petty thieves and money launderers. 
but, no terrorists.


On 12/1/2015 12:19 AM, d...@geer.org wrote:

In dealing with high level decision makers, the best strategy is
always to provide three options and have the decision maker choose
amongst them.  Taking the American electorate as that high level
decision maker, I would find it refreshing were Brennan to present
said electorate with the choice between [1] content analysis (hence
crypto side doors and the exposure of content), [2] traffic analysis
(hence data retention at a level heretofore unseen and the cataloged
exposure of real social networks), and [3] a willing resolve to tolerate
the occasional terrorist success.  It is a choice amongst losses.

--dan


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Paris Attacks Blamed on Strong Cryptography and Edward Snowden

2015-12-02 Thread Givon Zirkind 
There is baseless hatred. Which is based on irrational ideas.  Such hate 
is basically neurotic.  No amount bicycles will change that.  Which is 
why the idea of Christian love vs. Islamic Jihad is so ridiculous.


Ppl do think about terrorism differently and make irrational decisions.  
Which is why ppl cede "war powers" to the gov't to stop terrorism.  And, 
politians will go overboard in trying to defend their country against 
terrorism.  Because one mistake is one too many.  Not just in lives.  
But, in panic, fear, economics.


In this debate about over reacting to terrorism, I think the long term 
effect of just one terror act is not taken into account.


Ex.  After 9-11, the economy, especially in the NYC area took a nose 
dive.  The theater district was hurt terribly for a year. Restaurants 
suffered for a year very badly-a bit less than theater.  You could go 
out on a Saturday night and find a parking spot.  That's an unheard of 
phenomenon in NYC.  Jobs, esp. IT, just dried up as major corporations 
moved all their operations out of NYC to their backup sites in 
Pennsylvania. Something that was hidden quite well from the public.  
That cost lots of ppl lots of jobs.  Ppl without jobs don't buy.  Sales 
across the board went down.  Scared ppl don't go shopping.  Lots of ppl 
were forced to move out.  Couldn't pay those high rents.  Landlords in 
NYC got stuck with properties they couldn't rent.  Another unheard of 
phenomenon.  So, an act of terrorism is not just about the few ppl who die.


On 12/1/2015 11:34 PM, Jeffrey Goldberg wrote:

On 2015-12-01, at 1:40 PM, Arshad Noor  wrote:


It is a "choice amongst losses" only when you believe you are in a zero-sum 
game.  However, there is another choice that can reduce, if not eliminate, violence.

Well sure it would be good to behave in a way that doesn’t result in people 
wanting to attack you; but when looking at securing something, we should always 
assume that there will be those who wish to attack.

I don’t lock my bicycle because I think that everyone is a criminal. I lock it 
because I think that the chances of a criminal noticing it is high enough it 
becomes worthwhile to lock it. And to continue with this analogy, saying “well, 
let’s work towards a world in which everyone has all of the bicycles they need” 
just doesn’t feeling like a realistic approach.

My country, the US, is being hit with small acts of domestic right wing 
terrorism (one can quibble about definitions), but it isn’t organized or 
funded. (And so it is exceedingly difficult to identify attackers or plots 
before they act.) Whatever the merits of the kinds of foreign policy you 
advocate, it really isn’t going to make this threat go away.

I bring that up only to point out that the question of terrorist-like attacks 
will always remain unless one believes in some sort of utopia. But in a utopia 
we wouldn’t need encryption either because nobody would try to read documents 
that they weren’t supposed to. We wouldn’t need authentication and encryption 
in a utopia because everyone would respect each others privacy rights without 
it having to be enforced.

The questions we need to ask about “preventing terrorism” are the same 
questions we ask about “preventing crime”. What powers do we give to the state, 
what costs do we bear, and how much terrorism/crime are will willing to accept.

Just as we don’t give the state unlimited powers to prevent crime, and just as 
we don’t build our houses with solid steel walls with no windows to prevent 
crime, there are things that we shouldn’t do to prevent terrorism.

I think that a huge part of the problem is that people (and politicians) think 
about terrorism in radically different ways than they think about more mundane 
crime. And so returning to your point, sure it is a good idea to build a 
society in which few people are drawn to crime, that doesn’t mean that we can 
avoid the questions of the other choices we have to make about preventing crime.

Cheers,

-j

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] fonts and viruses

2015-12-15 Thread Givon Zirkind 
i've been researching this subject with little results.  is it possible 
to some how include a virus in a font?  otf or ttf?

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Hi all, would like your feedback on something

2015-12-18 Thread Givon Zirkind 

www.dashlane.com

On 12/18/2015 9:27 AM, Brian Hankey wrote:

Hi,

I am curious to get some feedback from you about a little thought 
experiment/hobby project I’ve been working on with some of my 
coworkers and have a _/*very*/_ early prototype of the concept.


The question we are trying to answer here is how could we all have 
ultra strong passwords i.e. “!3AbDEE9eE45DCea” that are you unique for 
each and every website, email, social media, etc. service that we use 
but without having to trust any third parties to store them for us 
protected by single password (perhaps with 2 factor authentication, 
hardware key, etc., admittedly), or to use some kind of local password 
manager that needs to be installed on every device you want to use it 
on with a local encrypted password file.  Lastly, it should be 
extremely resistant to rainbow tables if and when one of your 
passwords is leaked.


The idea is to have a very compact piece of open source code that can 
run in your browser that would help you to generate nearly unbreakable 
passwords on the fly every time you need them instead of storing them 
somehow, or writing them down where other parties may be able to 
access them.


Also, clearly, nothing is unbeatable. Garbage in garbage out. If 
someone knows you and your habits they could possibly still break your 
password- especially if they know you use this tool and you put very 
weak things into it (i.e. google 1234 ! 1 - this will make sense when 
you look at the demo and the FAQ).  However, the concept is more about:


1) Not being the “low hanging fruit” when some major site gets hacked 
and usernames and passwords get leaked on the net (i.e. don’t be the 
guy that is “u:billsmith32 p:Password123!” on every site he uses).


2) Not having trust third parties (i.e.what if I don’t want Apple to 
store all my passwords in their cloud?).


3) Not requiring cumbersome software that requires installation on 
your computer and an encrypted local password file to function (i.e. 
what if I am a friend’s house and I need to login somewhere?).


Known vulnerabilities: Keyloggers, compromised hardware, anyone that 
can observe you.  (We were thinking of adding a virtual keyboard that 
bounces around the screen randomly to help foil key loggers).


Disclaimer: I am not a programmer, I’m sure the code is buggy (and the 
bugs were probably introduced by me and not my coworkers). I am not a 
mathematician, and I’m sure there are far better hash functions to 
use. I’m also sure that there are better ways to handle the forcing of 
1 special char, 1 upper, 1 lower and 1 number minimum in each password 
to satisfy the peskiest “your password is too weak” systems.


The most important feedback I’m looking for is, do you think the 
concept is sound and if so why or why not? If you do think it’s sound 
then I would like to know how to improve it? If you think there is 
potential do you think it is worth developing further? Assuming it is 
sound how can we increase user friendliness and/or security?


Did somebody else already think of this and do something similar (high 
probability I guess) - please tell me so I can give credit where 
credit is due.  I thought up this idea on a long car trip a year ago 
and finally got the courage to con my coworkers into helping me build 
it to the bare minimum stage that I could ask some real experts for an 
opinion. I asked a few friends already who are pretty well advanced in 
computer sciences and nobody called me a stark raving idiot so I 
thought it would be OK to ask a crypto mailing list, hope you don’t mind.


If you find any egregious idiocy in the code it is probably my fault 
because I’ve been fooling with it a little bit while being too 
impatient to get the experts to fix it.  I think it still works as a 
demo though. I am the only non-coder of the three that have worked on 
this so far. The .php version is only to have a cool looking animation 
to go with the demo, this is intended to be run locally. If you want 
to see the very original version it’s there too as secretpassv1.html


Thanks for your time, I look forward to hearing your feedback, good, 
bad, awful or otherwise.


Links -

live demo http://secretpass.org
git: https://github.com/brianci/secretpass


Thanks. Happy Holidays!



___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Hi all, would like your feedback on something

2015-12-20 Thread Givon Zirkind 

On 12/20/2015 2:14 AM, Jeffrey Goldberg wrote:
The problem you address is certainly real. And a lot of people have 
looked at various approaches over the decades. None, so far, is fully 
satisfactory. (I obviously believe that a well designed password 
manager is the best solution for most people available today, but I do 
not see them as the long term solution.) One common mistake 
IMHO, the basic problem [on a meta level] is, that if you put all your 
passwords [eggs] into one basket, all you have to do is steal the 
basket.  crack the master password to the password file and you have all 
the passwords.


old school, manually, ppl used to keep a rolodex of which files to look 
in for the passwords to certain items.  and, passwords would be hidden 
in those files.  obstensively, the CIA does this with files that need to 
"disappear".  e.g. keeping a record in the Atomic Energy Commissions 
files of some covert op.  with a cross reference that tells someone 
where to find it.  who's going to look through a warehouse of files to 
find a record?  it's like a needle in a haystack.  if you could 
implement that electronically, that would probably be the best way to 
go.  imho.


made in approaching this problem is a failure to look at the previous 
literature. Pretty much every scheme that people new to the problem 
propose has been examined before. If your approach isn’t in wide use, 
there is probably a reason for it. 

typical of newbie cryptographers.  i think we've all done it.


site password = base64(hash(long-term-secret, site-name))

how does

password = base64(hash(long-term-secret, site-name, password))

alter the dynamics of this problem?

also, what if you add additional logic, to the process?

password = f[base64(hash(long-term-secret, site-name, password))]
f[]=replaces any invalid characters with valid characters and; adds any 
necessary valid characters?


3. If one of your generated passwords is captured as plaintext (lots of sites 
store things as plaintext), it can be used for trying to crack your long term 
secret, from which they can then reconstruct all of your passwords.

point 3 is most critical


I have a rule that I’ve found very useful. Every time I come up with a “great 
new idea”, I recognize that in all likelihood the idea is neither great nor 
new. What it means that I haven’t done my homework.

give yourself more credit than that.  it means u r thinking and discovering.


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Hi all, would like your feedback on something

2015-12-20 Thread Givon Zirkind 

how does the following method address the issues of thsi problem?

password = E((long-term-secret, site-name, F[password]))

F[]=one of those programs that tries to ensure a strong password, by 
rejecting weak passwords


1.  passwords are not "generated".  they are thought up, by a person.  
but, they conform to a site's specs and/or the rules of a strong 
password. [caps, miniscules, letters, numbers, special characters, and 
restrictions against dictionary attacks'.]


2.  passwords can be changed.

3.  if the encryption algorithm is computationally secure, then the risk 
of the password file being compromised by having a password captured, is 
reduced or minimalized.


On 12/20/2015 6:20 AM, Givon Zirkind wrote:

1. The generated password may not confirm to the requirements of the site or 
service.
2. You cannot change the password a site if, say, there is a breach and you are 
told to change your password.
3. If one of your generated passwords is captured as plaintext (lots of sites 
store things as plaintext), it can be used for trying to crack your long term 
secret, from which they can then reconstruct all of your passwords.



___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Hi all, would like your feedback on something

2015-12-20 Thread Givon Zirkind 

On 12/18/2015 6:35 PM, Ondrej Mikle wrote:

1) No matter how strong your password is, it will leak if you reuse it, because
attackers hack badly secured sites/databases - this is in no way surprising, but
it's "new" to non-tech-savvy people.
constantly or periodically changing your master password, is the common 
solution to this problem.

2) U2F, "Universal 2-Factor", is probably the best solution now - very usable,
"kind of" wide-spread (see http://www.dongleauth.info/). Yubikey Neo and Yubikey
4 are the best sample devices that implement this. You plug in the token in USB
slot and touch the button (malware cannot physically touch the button - this is
very important in the design!).
old school, but, imho, the best solution, a hardware lock on a device, a 
USB drive, is the best way to protect access to your files.



___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Java RNG

2015-12-30 Thread Givon Zirkind 
Does anyone have any thoughts on the randomness of the Java random 
number generator?


Thanks.

___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] OT: Wanted: Cryptography Products for Worldwide Surve

2016-01-01 Thread Givon Zirkind 

"Are there so many foreign crypto products that any regulation by only one 
country will be easily
circumvented? Or has the industry consolidated around only a few products made by 
only a few countries, so that effective regulation of strong encryption is 
possible?"

your questions are very interesting.  i am very interested in your 
results.  if you look at big data and analysis of the snowden leaks, it 
would appear, that there are just a few players / manufacturers in a  
few countries.  strategically located in some "crypto free port". [i 
would check the footnotes in Bruce Schneier's book, Data and Goliath] i 
can offer some gut intuition; as well as state that there are human and 
sociological factors that apply. not just to crypto, but to other areas 
as well.


imho, it is not the number of foreign crypto products that permits 
circumvention.  you only need one good product to be available 
somewhere.  customers will come.  since, knowledge can not be contained, 
any one, any where, can build "it". whatever it is.  to borrow from 
theology.  the idea of a wooden table exists any where.  even in the 
sahara desert where there are no trees and wood.  because it's an idea.  
it exists in people's head.


there is an arrogance and belief that knowledge, mental ability, is 
beyond other races, cultures, etc.  this mentality applies to the US and 
UK gov'ts attitude toward others.  esp. in crypto.  the UK was the 
leader.  then, the US.  but, it seems to be overlooked what the Swedish 
did.  and, the Poles cracked the Enigma in its first stages.  something 
overlooked.  the US believes they are the ones who cracked the Enigma.  
in final stages yes.  while americans believe they are inventors, which 
is an american culture, a lot of the technology in the US is adopted 
after fundamental research is done elsewhere. a fact overlooked by US 
historians and average Americans. the trains are a good example. once 
fundamentally developed in europe.  the US adopted and implemented the 
railroads in a way, on a scale; no european nation did.  and; the US 
built a country and conquested the "West", with the railroads.


not adhering to the axiom that 'what one man can do, another can undo', 
is causing the US lots of trouble and the loss of the cyrpto war.  the 
US, FBI goes to math professors to tell them to stop doing their 
research or else.  the research stops.  and, some Israeli math professer 
comes out with a key busting algorithm instead.  and, everyone knows 
it.  because, the Israeli professor doesn't have the constrictions that 
the American professor has. mind you, Israel is in a constant state of 
war, has a military censor and under the constant threat of terrorism.  
yet, the israeli approach to crypto is not suppression.  [one should 
consider this deeply in the discussion of crypto, terrorism and the 
suppression of crypto knowledge and the restrictions on encryption to 
prevent terrorism.]


also, in general, suppression, dictatorships, make ppl less innovative.  
its scary to be innovative under those conditions. and, it doesn't have 
to be an actual dictatorship.  people need privacy to function 
properly.  you can't innovate, create, follow intellectual pursuits and 
discovery, if you live under the fear, that if you think or say or write 
something, that you will get into trouble or be persecuted or publicly 
humiliaty and shamed. it's kind of ironic, that in such a "free" 
country, when it comes to unclassified, independent research, the gov't 
will crack down on you hard.  if they can.


so, US citizens, corporations, don't even bother making or employing 
good crypto.  while i don't know this for a fact, from what appears in 
the papers, i can only surmise, that gov't contractors, like Boeing, 
making air force jets, is not using the best crypto and security 
practices.  which is why they are being hacked by the Chinese.


technically, legally, in the US, you can sell the toughest encryption to 
private US citizens and domestic companies, for use in the US.  that 
never happens.  the FBI will come after you. some hackers have developed 
stuff, that they sell.  quality uncertain.  and, i doubt you can get 
much else besides passwords and access numbers on the dark web.  kiddie 
scripts and war game dialers.  commercially, IBM once made a hack proof 
machine. in the 70's.  the FBI approached them and pressured / asked / 
bribed IBM not to sell the machine.  IBM complied.  IBM was only going 
to sell to banks.  and to think, non US ppl can't make such stuff, is 
ridiculous.


another point about the gov't suppression of crypto work, a good example 
is David Kahn's book, "The History of Cryptography". Kahn was a 
newspaper reporter who wrote a book.  he selected a topic that was 
sensational and would sell copy.  Kahn was no expert in crypto.  Kahn 
was living in the post WWII era.  he chose an exciting topic from the 
war.  were the US were heroes.  and, the NSA didn't want the book 
publ

Re: [cryptography] OT: Wanted: Cryptography Products for Worldwide Surve

2016-01-01 Thread Givon Zirkind 
some oppportunist some where, will take advantage of the market and sell 
strong crypto.  even if he has to move to a "crypto free port".


there will always be conflicting interests, national interests, that 
will allow for sale of contraband in another country.  this includes 
crypto contraband.


On 1/1/2016 2:55 AM, Jeffrey Walton wrote:

 From Schneier's CRYPTOGRAM
(http://www.schneier.com/crypto-gram/archives/2015/1215.html):

In 1999, Lance Hoffman, David Balenson, and others published a survey
of non-US cryptographic products. The point of the survey was to
illustrate that there was a robust international market in these
products, and that US-only export restrictions on strong encryption
did nothing to prevent its adoption and everything to disadvantage US
corporations. This was an important contribution during the First
Crypto War, and Hoffman testified before a Senate committee on his
findings.

I want to redo that survey for 2015.

Here, at the beginning of the Second Crypto War, we again need to
understand which encryption products are outside the reach of US
regulation (or UK regulation). Are there so many foreign crypto
products that any regulation by only one country will be easily
circumvented? Or has the industry consolidated around only a few
products made by only a few countries, so that effective regulation of
strong encryption is possible? What are the possibilities for
encrypted communication and data storage? I honestly don't know the
answer -- and I think it's important to find out.

To that end, I am asking for help. Please respond in the comments with
the names -- and URLs -- of non-US encryption software and hardware
products. I am only interested in those useful for protecting
communications and data storage. I don't care about encrypting
financial transactions, or anything of that sort.

Thank you for your help. And please forward this blog post to anyone
else who might help.

EDITED TO ADD: Thinking about it more, I want to compile a list of
domestic (US) encryption products as well. Since right now the FBI
seems intent on just pressuring the big companies like Apple and
Microsoft, and not regulating cryptography in general, knowing what
else is out there in the US will be useful.

1999 Survey:
https://www.cryptome.org/cpi-survey.htm
https://www.seas.gwu.edu/~lanceh/senate_testimony_pdf.pdf

First Crypto War:
https://www.newamerica.org/oti/doomed-to-repeat-history-lessons-from-the-crypto-wars-of-the-1990s/

Second Crypto War:
http://harvardkennedyschoolreview.com/the-return-of-the-crypto-wars/
http://www.tandfonline.com/doi/pdf/10.1080/15295036.2014.921320
https://www.schneier.com/blog/archives/2014/10/more_crypto_war.html
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography