Cryptography-Digest Digest #868
Cryptography-Digest Digest #868, Volume #11 Sat, 27 May 00 02:13:01 EDT
Contents:
Re: Anti-Evidence Eliminator messages, have they reached a burn-out point? ("Klaus
Daehne")
Re: safer style sboxes (zapzing)
Re: Retail distributors of DES chips? (Paul Rubin)
Re: Matrix key distribution? ("Michael Brown")
Re: Retail distributors of DES chips? (Paul Rubin)
looking for an 8-byte long output hashing function ("Jean-Luc")
Re: Crypto patentability (Bill Unruh)
Re: Q: appropriate number of key-uses before replacement? ("Lyalc")
Enigma reflectors ("Thomas M. Sommers")
Re: looking for an 8-byte long output hashing function (Boris Kazak)
Short signatures (David Hopwood)
Re: Q: OFB (David Hopwood)
Short signatures (David Hopwood)
Re: Anti-Evidence Eliminator messages, have they reached a burn-out point? (Johnny
Bravo)
From: "Klaus Daehne" [EMAIL PROTECTED]
Crossposted-To: alt.privacy,alt.privacy.anon-server,alt.security.pgp
Subject: Re: Anti-Evidence Eliminator messages, have they reached a burn-out point?
Date: Fri, 26 May 2000 19:36:17 -0700
=BEGIN PGP SIGNED MESSAGE=
Hash: SHA1
Besides the fact that EE is crossposting and posting off topic, I
wound up downloading their product before this debate started, and
(so far) have nothing bad to say.
Aureate, without any doubt, has been caught doing something
incredibly sneaky and despicable (as do the shareware authors that
subscribe to this crap). Unless I am missing something, the same
cannot be said about EE, correct?
If not, are they proven spyware, do they include spyware, or is it
just their crossposting and public neener-ing that has everyone up in
arms?
I (used to) most of my wiping with bcwipe commands in batch files,
which works very well, although I do appreciate the include/exclude
management of EE. It also used to be a pain to locate (and remember)
where OE keeps it's files, so locating this and other folders
automatically is nice.
And, I =did= learn something new: that Windows keeps a "hidden
encrypted database in the system registry which remembers...
information about what you have clicked on your start menu", even if
you wiped the history itself. Intriguing. I wonder what else Windows
is hiing. Oh yeah, and the help file is nice, too.
Not only am I posting this non-anonymously, I am going to sign it,
too, so there is at leat =some= content related to this ng :)
At this point in time I am neutral on this debate, as I was with
the Aureate debate. What I don't understand is, in both cases, the
side in favor of the software company, claims that posts from
anonymous posters are less valid than someone w/ a traceable e-mail
address. To me, it makes no sense at all even though I am not
posting anonymously.
donoli.
=BEGIN PGP SIGNATURE=
Version: PGP Personal Privacy 6.5.2
iQA/AwUBOS80aPUjnALVMPh2EQIR9ACfc4j2gMBoZTMJ+H7BDtrCRbMr1wQAnRDn
wZ/4ZMxOuguYExcRXcBcQqXn
=oR9K
=END PGP SIGNATURE=
--
From: zapzing [EMAIL PROTECTED]
Subject: Re: safer style sboxes
Date: Sat, 27 May 2000 02:36:00 GMT
In article [EMAIL PROTECTED],
Jerry Coffin [EMAIL PROTECTED] wrote:
In article 8gfjlh$ib5$[EMAIL PROTECTED], [EMAIL PROTECTED] says...
In fairness, I think there's more than practicality at work here
though: as Bruce Schneier has pointed out, it doesn't take much
talent to design a cipher that's probably secure as long as you don't
mind designing something that's slow, takes lots of memory, and so
on. For most cryptologists, the challenge is in creating a cipher
that uses the bare minimum of resources, but still makes optimal use
of the key and provides as much security as possible for that key
size.
I think you have hit the nail on the head.
Another word for it would be "Brinksmanship".
Just why cryptologists do this is unclear.
The universe is a figment of its own imagination.
--
If you know about a retail source of
inexpensive DES chips, please let
me know, thanks.
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: Retail distributors of DES chips?
Date: 27 May 2000 02:50:08 GMT
In article 8gn72l$2vq$[EMAIL PROTECTED], zapzing [EMAIL PROTECTED] wrote:
Yup. tamper resistance is the point. I can't find your stuff about
"java buttons" but that doesn't mean much since deja has been so
flakey lately.
http://www.ibutton.com/java/
But how could something written in Java be considered a hardware
solution? Is this a microprocessor application?
Yes. The button has a secure microprocessor sealed inside, that
runs a subset of Java. You write mini-applets and load them into
the button.
--
From: "Michael Brown" [EMAIL PROTECTED]
Subject: Re: Matrix key distribution?
Date: Sat, 27 May 2000 02:52:31 GMT
Douglas A. Gwyn [EMAIL PROTECTED] wrote in article
Cryptography-Digest Digest #870
Cryptography-Digest Digest #870, Volume #11 Sat, 27 May 00 12:13:01 EDT
Contents:
Re: Another sci.crypt Cipher (tomstd)
Re: list of prime numbers (tomstd)
Attack on SC6a (sci.crypt cipher) (tomstd)
Re: Attack on SC6a (sci.crypt cipher) (tomstd)
Re: The Code Book / Are factor techniques really that secure? (DigiboyCiPHER)
Re: Attack on SC6a (sci.crypt cipher) (tomstd)
Re: HTML encryption (DigiboyCiPHER)
Re: RSA/PK Question (tomstd)
Re: Enigma reflectors (John Savard)
Re: list of prime numbers (DJohn37050)
Re: Attack on SC6a (sci.crypt cipher) ("Scott Fluhrer")
Re: RSA/PK Question ("Trevor L. Jackson, III")
Re: RSA/PK Question ("Trevor L. Jackson, III")
Re: Encryption within newsgroup postings (zapzing)
Re: RSA/PK Question (tomstd)
Re: Retail distributors of DES chips? (zapzing)
Subject: Re: Another sci.crypt Cipher
From: tomstd [EMAIL PROTECTED]
Date: Sat, 27 May 2000 03:47:11 -0700
In article 8gnnmv$dma$[EMAIL PROTECTED], matthew_fisher@my-
deja.com wrote:
In article [EMAIL PROTECTED],
tomstd [EMAIL PROTECTED] wrote:
In article [EMAIL PROTECTED],
[EMAIL PROTECTED]
(Mark Wooding) wrote:
A nice attack. I had trouble reproducing it, though.
If I were to implement this on reduce rounds (for the fun of
it), would I just take a plaintext (A,B) and (A,B xor
0001)
and look for the output difference of (A xor 0003, B)
after
3 or 4 rounds? I am not clear on this part.
BTWx2 Thanks for the info, I really want to learn from this.
BTWx3 I designed this cipher so I could break it. So I am not
disappointed it was broken, just that I didn't do it first.
Tom
Tom,
Here is even a better attack, I believe. The code is at the
end, make
sure you reduce the rounds to 6!
The differential is 00 00 00 0c - 00 00 00 0c 4/256 for box 0.
I noticed that all of the entries in sbox 0 ended in 0,4,8 or
C. I
though it might be possible to get a truncated differential of
the
form 00 00 00 xx - 00 00 00 xx. Sure enough 0x0c does just
that.
I copied your source code onto of my ref source code and
http://www.tomstdenis.com/tc1mf.c
Is the result. I don't see your "trait" for both words even
after 2 rounds. I do see the 0x000c in the first word, but
it's gone after 4 rounds...
Maybe I did it wrong?
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
--
Subject: Re: list of prime numbers
From: tomstd [EMAIL PROTECTED]
Date: Sat, 27 May 2000 03:57:14 -0700
In article [EMAIL PROTECTED],
[EMAIL PROTECTED] (Daniel) wrote:
On Thu, 25 May 2000 21:50:00 GMT, [EMAIL PROTECTED] (Dan Day)
wrote:
Daniel, what were you hoping to do with the list? If you'll
explain your application, we can help you address your problem
more directly, since keeping a "list" of primes is likely to
be a poor way to get the job done, whatever it is.
Thanks for all the replies.
I'm trying to understand RSA and want to be able to factor a
given
'public modulus'. Or try it at least ;-)
If one has a large number (say 150 digits), what are the ways
to try
and break this up into its factors? Where does one start? I
think
that there can only be a limited list of possible prime numbers
which
will actually (when multiplied) come up with the correct public
modulus. Or am I wrong about this? All information is greatly
appreciated.
You are right there is a finite number of prime factors of the
modulus. Problem is there is over 2^400 of them for a 300 digit
number. Just trying them all is a bad idea.
There is a lot of wierd math, but if you want to look at it, get
the hand book of applied crypto and read the section on QS.
That's a good starting point I guess.. or maybe fermats method
they are somewhat related in their usage of N^2 - N...
It's all wierd math though...
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
--
Subject: Attack on SC6a (sci.crypt cipher)
From: tomstd [EMAIL PROTECTED]
Date: Sat, 27 May 2000 04:02:47 -0700
From his paper:
One round of SC6a is as follows:
in1 = a ^ c
in2 = b ^ d
(out1, out2) = f(in1, in2)
a = a ^ out2
b = b ^ out1
c = c ^ out2
d = d ^ out1
swap (b, c)
--
Well if I can find pairs such that a ^ c = a' ^ c' then I can
run a difference thru his F function, and have a zero out with a
probability of zero. There are 2^16 ways to get this difference
too.
His 'swap(b, c)' won't fix it either because (b, d) have a zero
difference anyways (you change the (a, c) input and keep (b, d)
the same).
So this difference should go thru all rounds with prob=1.
I conclude (if I got it right) his cipher is broken.
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and
Cryptography-Digest Digest #871
Cryptography-Digest Digest #871, Volume #11 Sat, 27 May 00 14:13:01 EDT
Contents:
Re: Attack on SC6a (sci.crypt cipher) ("Scott Fluhrer")
Best crypto if encrypted AND plain text are known (and small) ? (TheGame)
Re: Comments requested: One way function blast() (zapzing)
Re: More on Pi and randomness ("Trevor L. Jackson, III")
Re: Another sci.crypt Cipher ([EMAIL PROTECTED])
Re: Anti-Evidence Eliminator messages, have they reached a burn-out po (No User)
Re: Retail distributors of DES chips? ("Trevor L. Jackson, III")
Re: looking for an 8-byte long output hashing function ("Trevor L. Jackson, III")
Re: Anti-Evidence Eliminator messages, have they reached a burn-out po
(Joe@Joe's.bargrill.org)
Re: Another sci.crypt Cipher (tomstd)
Re: RSA/PK Question ("Trevor L. Jackson, III")
getting easy primes ([EMAIL PROTECTED])
From: "Scott Fluhrer" [EMAIL PROTECTED]
Subject: Re: Attack on SC6a (sci.crypt cipher)
Date: Sat, 27 May 2000 08:51:18 -0700
Scott Fluhrer [EMAIL PROTECTED] wrote in message
news:8goo7m$km8$[EMAIL PROTECTED]...
tomstd [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]...
From his paper:
One round of SC6a is as follows:
in1 = a ^ c
in2 = b ^ d
(out1, out2) = f(in1, in2)
a = a ^ out2
b = b ^ out1
c = c ^ out2
d = d ^ out1
swap (b, c)
--
Well if I can find pairs such that a ^ c = a' ^ c' then I can
run a difference thru his F function, and have a zero out with a
probability of zero. There are 2^16 ways to get this difference
too.
His 'swap(b, c)' won't fix it either because (b, d) have a zero
difference anyways (you change the (a, c) input and keep (b, d)
the same).
So this difference should go thru all rounds with prob=1.
I conclude (if I got it right) his cipher is broken.
To make this observation work, assume the same differential on all four
words. That is, you start with a differential (x,x,x,x), for some x. Or,
to write it out explicitly:
a^a' = x b^b' = x c^c' = x d^d' = x
Then, if you go through a round, you get an output differential of
(x,x,x,x)
with probability 1.
Now, this implies that if
Encrypt( a, b, c, d ) = ( e, f, g, h ),
then for all x:
Encrypt( a^x, b^x, c^x, d^x ) = ( e^x, f^x, g^x, h^x )
Now, this is certainly is a certficational weakness, and if the attacker
has
one plaintext-ciphertext pair, this gives him 2**32-1 more "for free". It
is difficult to see how to turn observation into a key-recovery attack.
Spoke too soon. I ignored the whitening and the PHT transforms at the front
and the back. My observation holds true only for the core rounds. However,
the whitening/PHT transformations does not eliminate the certificational
weakness and allows for a partial key-recovery attack.
The certificational weakness: suppose we start out with a differential
(0,X,0,0) where X == 0x8000. This differential goes through
pre-whitening unchanged with probability 1. After the PHT transform, it
becomes the differential (X, X, X, X) with probability 1. As above, it goes
through the core rounds unaffected with probability 1. After the second set
of PHT transforms, it becomes the differential (0,X,0,0) with probability 1,
and after post-whitening, you get the output differential (0,X,0,0) with
probability 1.
Now, the key recovery attack -- we'll try to recover the pre and
postwhitening keys. Suppose you give the cipher the differential (0,Y,0,0),
where Y = 0x4000. Then, (according to a quick program I wrote) it will
present the differential (Y,Y,Y,Y) to the core round only if the bit 30 of
each word after the whitening is one of:
( 0, 0, 0, 0 ) with differential Y on b
( 0, 0, 1, 0 ) with differential X+Y on b
( 0, 1, 1, 0 ) with differential X+Y on b
( 1, 0, 0, 1 ) with differential Y on b
If it isn't one of these four settings, it will present an uneven
differential to the core, which should output an essentially random
differential.
The post-PHT/whitening phase has insufficient avalanche to disguise a
(Y,Y,Y,Y) differential to the core. Sending a small series of well-chosen
differentials, and seeing which falls into one of the four categories, and
which doesn't, should allow us to deduce the value of bit 30 of the
pre-whitening keys. Once we have that, we can move on to work on bit 29 in
a similar manner.
Obtaining the postwhitening keys should be similar -- if the core outputs a
differential (Y,Y,Y,Y), we can look to see how to propogates through the
post-whitening, and deduce those key bits.
I have not examined the key scheduling, and so I cannot say how deducing
bits 0-30 of the pre/post whitening (this attack doesn't give you bit 31)
helps you gain the rest of the key.
--
poncho
--
From: [EMAIL PROTECTED] (TheGame)
Subject: Best crypto if encrypted AND plain text are known (and small) ?
Date: Sat, 27 May 2000
Cryptography-Digest Digest #872
Cryptography-Digest Digest #872, Volume #11 Sat, 27 May 00 16:13:01 EDT
Contents:
Re: looking for an 8-byte long output hashing function (Bill Unruh)
Re: Another possible 3DES mode. (John Savard)
Re: Short Secure Serial Numbers (Scott Nelson)
Re: Another sci.crypt Cipher ([EMAIL PROTECTED])
Re: Patent state of Elliptic Curve PK systems? (David Hopwood)
Re: Short signatures (David Hopwood)
Re: OAP-L3: Version 5.x Revealed (Anthony Stephen Szopa)
Re: RSA/PK Question (Roger Schlafly)
Re: Best crypto if encrypted AND plain text are known (and small) ? ("Thomas M.
Sommers")
Re: Another sci.crypt Cipher (tomstd)
Re: list of prime numbers (Johnny Bravo)
Re: Enigma reflectors ("Thomas M. Sommers")
Re: Another sci.crypt Cipher ([EMAIL PROTECTED])
Re: list of prime numbers ([EMAIL PROTECTED])
Re: Best crypto if encrypted AND plain text are known (and small) ? (TheGame)
From: [EMAIL PROTECTED] (Bill Unruh)
Subject: Re: looking for an 8-byte long output hashing function
Date: 27 May 2000 18:12:21 GMT
In T1IX4.103419$[EMAIL PROTECTED] "Jean-Luc"
[EMAIL PROTECTED] writes:
]For a development task, I would need to use a hashing function with an
]output of 8 bytes (and not 16 or 20 like the popular algorithms). The
]increased collision is acceptable within the context of the application
](because of the lockout of the hardware token after several failed logins).
]However, I haven't been able to find such a function. Is there one? I've
]already searched the web and the Usenet but haven't found anything relevant.
The first 8 bytes of the output of a 16 or 20 byte hash is an 8 byte
hash.
--
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Another possible 3DES mode.
Date: Sat, 27 May 2000 18:16:04 GMT
On 24 May 2000 08:15:04 -0700, [EMAIL PROTECTED]
(David A. Wagner) wrote, in part:
In article 8gfo3a$l88$[EMAIL PROTECTED], zapzing [EMAIL PROTECTED] wrote:
In the faq, the following idea was
suggested as a way of accomplishing
3DES on an enlarged block:
F(x)=Tran(E(k1,Tran(E(k2,Tran(E(k3,Tran(x)))
I believe there are weaknesses in this -- Paul Crowley found
an especially pretty attack -- and I do not recommend its use.
See http://www.hedonism.demon.co.uk/paul/crypto/dtdtd.html.
I liked it so much, I added a description of the attack to my site, in
the section on block cipher modes at
http://ecn.ab.ca/~jsavard/co0409.htm
I am planning to add to my site, soon, a description of genetic
algorithms and hill-climbing techniques.
John Savard (teneerf -)
http://www.ecn.ab.ca/~jsavard/
--
From: [EMAIL PROTECTED] (Scott Nelson)
Subject: Re: Short Secure Serial Numbers
Reply-To: [EMAIL PROTECTED]
Date: Sat, 27 May 2000 18:52:29 GMT
On 25 May 2000 "Rick Heylen" [EMAIL PROTECTED] wrote:
I am trying to find a solution to the following problem.
We have a serial number which the user types in (so it can't be too long).
The serial number contains some information like a product ID, user number
etc with a total information content of about 96 bits and 40 bits of
"checksum" with the idea being that for all possible information contents,
there is only one valid checksum and that in order to find a valid serial
number, an attacker would have to test on average 2^39 possibilities.
The code that verifies the serial number is public but we'd still like it
to be time-consuming to generate different valid serial numbers.
Normal public key cryptography would be suitable except that the message
size for the system to be secure would be longer than what a user would be
happy to type in.
Has anybody got any ideas?
If you only want 40 bit security, then you could just hash all the
information provided with SHA1 or MD5, and look at the bottom 40 bits.
If they're all 0, (or any other value you like) then accept
the serial number as valid.
To produce the serial number, just try pseudo random values until
you get one that works.
Scott Nelson [EMAIL PROTECTED]
--
From: [EMAIL PROTECTED]
Subject: Re: Another sci.crypt Cipher
Date: Sat, 27 May 2000 18:54:48 GMT
In article [EMAIL PROTECTED],
tomstd [EMAIL PROTECTED] wrote:
In article 8goumb$6qa$[EMAIL PROTECTED], matthew_fisher@my-
deja.com wrote:
Tom,
...
What enhancements ? I just cleaned up the code.
The the kbhit and the counter print out.
BTW how did you find those differentials anyways? That is why I
made this cipher. I want to learn how to spot them in less-then-
obvious cases.
Tom
Just by looking at the sboxes, mostly. The low bytes in the 0 box are
in a small set (0,4,8,C). So I got the idea to go from the set back to
the same set.
I wrote a short program along these lines
for(i=0;i256;i++)
for(j=i+1;j256;j++)
{
// look for S[i]^S[j] = 0x00xx
if(((sbox[0][i]^sbox[0][j])0xFF00) ==0)
{
diffArray[i^j][sbox[0][i]^sbox[0][j]]++
Cryptography-Digest Digest #873
Cryptography-Digest Digest #873, Volume #11 Sat, 27 May 00 20:13:01 EDT
Contents:
AES times on the Alpha 21164 with Parallel encryption (Kenneth Almquist)
CAST Sboxes -- need help (tomstd)
Re: A Family of Algorithms, Base78Ct (wtshaw)
Re: AES final comment deadline is May 15 (Kenneth Almquist)
Re: Free Software (Richard Heathfield)
Re: Anti-Evidence Eliminator messages, have they reached a burn-out po (Steve)
Re: Anti-Evidence Eliminator messages, have they reached a burn-out po (jungle)
Re: Another sci.crypt Cipher (Mark Wooding)
Re: list of prime numbers (Tim Tyler)
Source for SHA-1 and Export Control ("Jamie Nettles")
Re: Another sci.crypt Cipher (tomstd)
Re: Another sci.crypt Cipher (Mark Wooding)
Re: Anti-Evidence Eliminator messages, have they reached a burn-out po (No User)
Re: Source for SHA-1 and Export Control (tomstd)
Re: Base Encryption: Revolutionary Cypher (Tim Tyler)
Re: Anti-Evidence Eliminator messages, have they reached a burn-out po (jungle)
Re: Matrix key distribution? (Mark Wooding)
Re: Retail distributors of DES chips? (zapzing)
From: [EMAIL PROTECTED] (Kenneth Almquist)
Subject: AES times on the Alpha 21164 with Parallel encryption
Date: Sat, 27 May 2000 20:40:56 GMT
In the discussion on hardware timings of the AES candidates, some
posters have suggested that encryption/decryption speed is not a
particularly useful measure of performance because you can get
more throughput from a slow algorithm by performing multiple
encryptions in parallel. While I'm not totally convinced by this
argument, I did do some back of the envelope calculations of the
time required to encrypt and decrypt two blocks in parallel on
the Alpha 21164.
single doublequad
RC6/decrypt 894 628
RC6/encrypt 934 648
Rijndael/128 680 660
Twofish 720 700
Rijndael/192 816 792
Mars/decrypt 902 802
Mars/encrypt 956 802
Rijndael/256 952 924
Serpent 183010141931
The column labeled "single" gives twice the time to encrypt a single
block, and the column labeled double gives the time to encrypt two
blocks in parallel. Twofish and Rijndael are slightly faster in the
parallel encryption mode because they only load the round keys once
for each block. RC6 is significantly faster because when encrypting
a single block there is a large amount of time where the processor
is stalled waiting for the results of the multiply operation. The
same effect also applies to Mars to a lesser degree. Serpent benefits
the most from parallel encryption because it can store two 32 bit
words in each 64 bit register and operate on them in parallel. It
is not quite twice as fast because additional mask operations are
required on the results of shifts in this mode. Also, 6 cycles are
devoted to packing the 32 bit words into registers. For Serpent, I
also give the time to encrypt four blocks in parallel.
The net result is that if parallel encryption is the benchmark, then
RC6 is the fastest on the Alpha 21164, and the gap between Serpent
and the other algorithms becomes much smaller. I should caution
that I haven't put a lot of work into checking these numbers, so
there could be mistakes here.
Kenneth Almquist
--
Subject: CAST Sboxes -- need help
From: tomstd [EMAIL PROTECTED]
Date: Sat, 27 May 2000 13:43:14 -0700
I have read several of the CAST papers over and over and over
and over, and I can't seem to grasp how they actually made the
32x32 sboxes (using four 8x32) or how their 'permute' function
works to make bijective sboxes.
Any help?
Tom
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
--
From: [EMAIL PROTECTED] (wtshaw)
Subject: Re: A Family of Algorithms, Base78Ct
Date: Sat, 27 May 2000 14:21:08 -0600
In article [EMAIL PROTECTED], Mok-Kong Shen
[EMAIL PROTECTED] wrote:
Certainly you are right in questioning whether it is worthwhile to add
all sorts of bells and whistles. I like nevertheless to indicate that adding
a randomly chosen number is a shifting, i.e. akin to a Vigenere in
principle.
M. K. Shen
It used top be that having lots of component operations, various
primatives and otherwise, was apt to cause more confusion for code clerks
than they were worth; so it is with hand ciphers. Part of neoclassical
thought is that such confusing layers can now be handled in more or less a
streamlike fashion in a good implementation.
That means that while simplicity is preferred if available, with advances
in computer speed, all sorts of madding algorithms can be considered for
their result alone. Likewise, so much unexpected keyspace
Cryptography-Digest Digest #874
Cryptography-Digest Digest #874, Volume #11 Sat, 27 May 00 21:13:01 EDT Contents: Re: Anti-Evidence Eliminator messages, have they reached a burn-out po (Joe@Joe's.bargrill.org) Re: Another sci.crypt Cipher (Mark Wooding) Re: Another possible 3DES mode. (zapzing) Re: Another possible 3DES mode. (zapzing) Re: Another sci.crypt Cipher (tomstd) Self Shrinking LFSR (tomstd) Re: Anti-Evidence Eliminator messages, have they reached a burn-out po (Griffin) Re: Another sci.crypt Cipher (Mark Wooding) From: Joe@Joe's.bargrill.org Crossposted-To: alt.privacy,alt.privacy.anon-server,alt.security.pgp Subject: Re: Anti-Evidence Eliminator messages, have they reached a burn-out po Date: Sun, 28 May 2000 00:01:08 +0100 On Sat, 27 May 2000 22:15:07 GMT, [EMAIL PROTECTED] (Steve) wrote: On Sat, 27 May 2000 17:38:32 +0100, Joe@Joe's.bargrill.org wrote: And exactly how are they to defend themselves against the constant barrage of lies regarding their software? If they do not defend themselves, the lies will become truth in the minds of most. Every EE thread I've seen for weeks now has been started by EE spam. Get real! They reply to scurrilous attacks. Unless you wish to claim that they themselves are "planting" these attacks. The only "lies" I have seen have been EE claims that their stuff defeats forensic software "costing thousands of dollars", followed by a consistent refusal to name the software they tested it against. They have repeatedly told people to download the forensic ware and see for themselves. I personally have not seen one reply where their detractors have tried forensic methods on EE and said it failed the test. As usual on Usenet, it's easier to shoot off your mouth than to produce real proof. Fake controversy calculated to draw attention is all I see in the EE threads. Oh, then you DO accuse them of planting these attacks on themselves. That, and a couple of people who had their system registy eaten by an early, buggy version of EE, This could have been the result of many other pieces of software on their machines. Windows itself is the buggiest piece of crap in the world. and a bunch of people pissed off at EE for spamming. Defending themselves against mean spirited agendists such as you is NOT spam. Make no mistake about it -- some people are out to deliberately destroy this product. EE is not merely indulging themselves in the art of spamming. I think they are fighting for their corporate life. If they are fighting for their corporate lives, it is because they shoot themselves in the foot every time they fire up a news reader and say, "oh goody free advertising, that's what newsgroups are for". Which reminds me to mention: Eraser does 99% of the job EE does, for free, without added system overhead. Eraser is an overly complicated technoid's toy, worthless and dangerous in the hands of the naive. Naive meaning most of us who don't give a rat's behind how things are done as long as they are done and done right. Eraser's Help section is a technnoid's delight, but a laymen's nightmare. Not all of us give a fig about registry streams, let alone know that they even exist. This is one reason EE shines. Their Help section is a delight in clarity. Their program knows what has to be done and does it. I don't have to know squat. The latter is called good marketing. How far would the Web gotten if every thing was still non gui -- meaning DOS or UNIX? Just add any files and directories you consider sensitive to the task list, and choose whether to wipe them on schedule or on demand. http://www.tolvanen.com/eraser/ Yeah, right. Like some of us even knew or cared that a RECENT directory even existed. Remember, a dollar spent with EE, is a vote for spam in newsgroups. A dollar spent for EE is a vote for individual freedom of thought and the right to privacy. I bought it awhile back and use it everyday. I think it's one the most indispensable pieces of software I own. Did it ever occur to you that maybe some of EE's chief detractors wear badges?lll If you have a real reason to worry about people who wear badges, you better start worrying about your ISP logging all your internet traffic, and handing over your archived e-mail (typically four to six months of it), both of which are routinely done by most ISPs at the request of any officer of the court. You should also worry about packet sniffers, keyloggers, remote administration tools, and BTW check your network and file share settings. There are some thing one can cure; there are other things one has to live with on the Web. Proxies, encryption, are some of the ways around many of the problems. The problem really is that the average Web user is only beginning to find out how vulnerable they are on the Web. EE is a clear solution in helping them be less so. Evidence Eliminator does not eliminate
Cryptography-Digest Digest #875
Cryptography-Digest Digest #875, Volume #11 Sat, 27 May 00 23:13:00 EDT
Contents:
Re: Crypto patentability ("Paul Pires")
Storin update (Mark Wooding)
Re: Best crypto if encrypted AND plain text are known (and small) ? (zapzing)
Re: Crypto patentability ("Paul Pires")
Re: Another sci.crypt Cipher (tomstd)
Re: Another sci.crypt Cipher (tomstd)
Onefish -- TC2 (tomstd)
Re: Self Shrinking LFSR (tomstd)
Re: Destructive crypting ([EMAIL PROTECTED])
Re: Matrix key distribution? ("Michael Brown")
Re: Matrix key distribution? ("Michael Brown")
From: "Paul Pires" [EMAIL PROTECTED]
Subject: Re: Crypto patentability
Date: Sat, 27 May 2000 17:59:19 -0700
Bill Unruh [EMAIL PROTECTED] wrote in message
news:8gnij5$3ds$[EMAIL PROTECTED]...
In ZWJW4.42912$[EMAIL PROTECTED] "Paul Pires"
[EMAIL PROTECTED] writes:
] The problem is that to prove invalidity requires a court case, a very
] long, very expensive court case if the patent holder has deep pockets.
]No, not really. you don't sue some one if you think their patent is bad,
you
]infringe and win the suit for infringement the inventor brings. Of
course,
]if you knowingly infringe and loose it's trebil damages.
You are saying the same thing. Who brings the suit does not matter. It
is a very long, very expensive court case if the patent holder has ddep
pockets. And the onus is on you to prove invalidity.
No and yes. I am not saying the same thing. It sounded as if you meant that
if there was an existing patent, you had to go to court i.e. infringement =
lawsuit. I pointed out that infringemnt = opportunity for inventor to bring
suit. If he looks at your arguments he probably won't (assuming they are
valid). If you have done this indefensibly, you deserve to be sued.
Yes, the onus is on you to prove inalidness (invalidity?) maybe that too.
] Most people or companies are not up to that even if the patent is
] patently invalid. It is thus crucial that the patent office do a good
] job in assigning patents.
]This is our disagreement. I've been there and I think they do a pretty
good
]job now. I think the job is a whole lot tougher than you think.
Disagreement? You feel it is not important that the patent office do a
good job?
You know my feelings? how much do I owe you?
I said I thought they are doing a good job now. This is the reason, and not
a "feeling", for my lack of panic and outrage. Yes, we dissagree. Is that
hard for you to agree with? Ever watch Monty Python?
"That isn't an argument!"
"Yes it is!"
"No it isn't""
"Then why are we arguing?"
"Were not arguing!"
"Yes we are!"
]
] The whole purpose of patents was to encourage the publication of the
] patented material, rather than have people try to keep it secret with
] trade secrecy laws. In the case of software, it is hard to keep stuff
] secret anyway-- it is too easy to disassemble the stuff if you really
] want to know. This removes a big reason why patents exist at all.
] They were never intended as a "reward" for invention.
]I Stongly disagree and I believe history supports it. You don't get a
patent
]for disclosing a good Idea, it must be invention. Invention (Or more
likely
]the personal investment in the developement of it) is clearly being
rewarded
]with a monopoly for a period of time. after that the invention can never
be
]patented again by any one.
?? What is your disagreement?
See Monty above:
Look, we're both wrong in an absolute sense.
Except that the wrong part of your assertion has been snipped out.
If ((Invention == true) (full disclosure == true) ((Invention !=
prior art)) = True
-AND-
a whole bunch of cash invested with no gaurantee then you might have a
patent.
The only exemption from the invention requirement was made by the Supreme
Court for Edison and it was confined to "long sought and known as
advantageous and yet not achieved". This was for the light bulb. No, Edison
did not invent it. Another urban myth bites the dust.
Kids, don't try this one at home. The USPTO still doesn't like it and you
too will have to take it to the Supreme Court.
Beurocrats burned have a long memory.
It is not the invention that is rewarded. You can invent stuff and keep
it secret and you will NOT get a monopoly. It is not the invention that
is rewarded, it is the publication through the patent. It is only the
publication of non trivial or new stuff as well, yes.
]It was purely a
] very mercinary bargain-- you tell us what you have done, and we give
you
] a monopoly for X years. Whether patents on software serve that
purpose--
] ie whetehr the public gets a good deal out of such patents-- is highly
] debatable. Thus so is allowing patents of software.
]
] Copyright is similar. Copyright is another bargain-- you write or
] produce something, we will give you a monopoly on copying that
something
] for X years ( where x is like 75 years
Cryptography-Digest Digest #876
Cryptography-Digest Digest #876, Volume #11 Sun, 28 May 00 01:13:01 EDT
Contents:
encryption without zeros (rick2)
Re: Self Shrinking LFSR (lordcow77)
Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
(A_Customer_at_an_easyEverything_Cybercafe)
Re: PGP wipe how good is it versus hardware recovery of HD? ("Dulando")
Re: encryption without zeros (lordcow77)
Re: Encryption/Decryption code ([EMAIL PROTECTED])
From: rick2 [EMAIL PROTECTED]
Subject: encryption without zeros
Date: Sun, 28 May 2000 03:35:07 GMT
I would like to use some strong encryption but need to have
the output not have any zeros (needs to fit into zero-terminated
data chunks). What would be the smallest and fastest way to mask
the zeros? I've seen some people expand every 7 bits to 8, but
that seems wasteful (expands to 114% of original size, or so) and
takes time (every output byte needs to be shifted).
Just for kicks, I'm currently using bit-shifting only, which will
never produce a zero from a non-zero byte. I guess that's not
a strong encryption routine, though. Is there any strong routine
which doesn't make zeros from non-zero data?
Thanks in advance.
RB
--
Subject: Re: Self Shrinking LFSR
From: lordcow77 [EMAIL PROTECTED]
Date: Sat, 27 May 2000 20:47:10 -0700
How did you generate the poly?
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
--
From: [EMAIL PROTECTED]
(A_Customer_at_an_easyEverything_Cybercafe)
Crossposted-To:
uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk,uk.telecom
Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May
Date: Sun, 28 May 2000 03:52:21 GMT
Reply-To: [EMAIL PROTECTED]
On Mon, 8 May 2000 14:31:20 +0100, "NoSpam" [EMAIL PROTECTED]
wrote:
plans were already far advanced for a law that would stop ILOVEYOU ever
happening again. Yes, it's that darn RIP bill, still struggling to find
supporters in the real world"
If they want to stop I Love you virii, why dont they just get
everybody to use a secure mail reader? surely it wouldnt cost them a
lot to switch to somerthing secure, like pine, or any other *nix mail
reader, or even some windows readers are not too bad. Why spent money
on a bill that restricts human rights when you could have abetter
solution for all for free?
Dav
--
From: "Dulando" [EMAIL PROTECTED]
Subject: Re: PGP wipe how good is it versus hardware recovery of HD?
Date: Sun, 28 May 2000 03:51:40 GMT
I have a program called shredder which I believes overwrites a file 7
times with random data to try and prevent hardware recovery of deleted
files aka the story in the WSJ. Does PGP wipe function do this or does
it only overwrite once?
Salutations,
PGP wipe utility overwrites the victim file 7 or more times, I am not
certain about the actual number of overwriting that occurs but I am
confident that it is more than one. As for hardware recovery, overwriting a
file with random data is a good precaution but it is not a 100% sure way to
securely erase a file--however I do stress that it is better than nothing.
Sincerely,
Michael
--
Subject: Re: encryption without zeros
From: lordcow77 [EMAIL PROTECTED]
Date: Sat, 27 May 2000 20:56:32 -0700
Designate a symbol as an escape character. Escape out the zeros
and double the escape character to indicate itself. It should
expand the message less than 1%.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
--
From: [EMAIL PROTECTED]
Crossposted-To: comp.databases.ms-access
Subject: Re: Encryption/Decryption code
Date: Sun, 28 May 2000 04:58:55 GMT
Rather a novel approach.
I believe there are a number of freeware crypto libraries around that
would give you stronger encryption, and have required less ingenuity
on your part. :-)
Have taken the liberty of cross posting to sci.crypt
[To sci.crypt, if you want to flame for this *do not* flame Crying
Wolf]
as some of the bods there may
1. find the code interesting
2. advise you of any weaknesses in:
a. your code
b. the level of encryption achieved
c. your security model
3. advise you (and others looking for similar) of other alternatives
and sites to check out.
In terms of your security model, have you contemplated that if your
purpose is really to protect the HR data against a genuine concerted
attack incuding from the developer, then you need to make your own
code tamper proof. Otherwise, the developer could at some stage edit
the encryption routine so that it doesn't really encrypt anymore, or
so it captures and
