Cryptography-Digest Digest #868
Cryptography-Digest Digest #868, Volume #11 Sat, 27 May 00 02:13:01 EDT Contents: Re: Anti-Evidence Eliminator messages, have they reached a burn-out point? ("Klaus Daehne") Re: safer style sboxes (zapzing) Re: Retail distributors of DES chips? (Paul Rubin) Re: Matrix key distribution? ("Michael Brown") Re: Retail distributors of DES chips? (Paul Rubin) looking for an 8-byte long output hashing function ("Jean-Luc") Re: Crypto patentability (Bill Unruh) Re: Q: appropriate number of key-uses before replacement? ("Lyalc") Enigma reflectors ("Thomas M. Sommers") Re: looking for an 8-byte long output hashing function (Boris Kazak) Short signatures (David Hopwood) Re: Q: OFB (David Hopwood) Short signatures (David Hopwood) Re: Anti-Evidence Eliminator messages, have they reached a burn-out point? (Johnny Bravo) From: "Klaus Daehne" [EMAIL PROTECTED] Crossposted-To: alt.privacy,alt.privacy.anon-server,alt.security.pgp Subject: Re: Anti-Evidence Eliminator messages, have they reached a burn-out point? Date: Fri, 26 May 2000 19:36:17 -0700 =BEGIN PGP SIGNED MESSAGE= Hash: SHA1 Besides the fact that EE is crossposting and posting off topic, I wound up downloading their product before this debate started, and (so far) have nothing bad to say. Aureate, without any doubt, has been caught doing something incredibly sneaky and despicable (as do the shareware authors that subscribe to this crap). Unless I am missing something, the same cannot be said about EE, correct? If not, are they proven spyware, do they include spyware, or is it just their crossposting and public neener-ing that has everyone up in arms? I (used to) most of my wiping with bcwipe commands in batch files, which works very well, although I do appreciate the include/exclude management of EE. It also used to be a pain to locate (and remember) where OE keeps it's files, so locating this and other folders automatically is nice. And, I =did= learn something new: that Windows keeps a "hidden encrypted database in the system registry which remembers... information about what you have clicked on your start menu", even if you wiped the history itself. Intriguing. I wonder what else Windows is hiing. Oh yeah, and the help file is nice, too. Not only am I posting this non-anonymously, I am going to sign it, too, so there is at leat =some= content related to this ng :) At this point in time I am neutral on this debate, as I was with the Aureate debate. What I don't understand is, in both cases, the side in favor of the software company, claims that posts from anonymous posters are less valid than someone w/ a traceable e-mail address. To me, it makes no sense at all even though I am not posting anonymously. donoli. =BEGIN PGP SIGNATURE= Version: PGP Personal Privacy 6.5.2 iQA/AwUBOS80aPUjnALVMPh2EQIR9ACfc4j2gMBoZTMJ+H7BDtrCRbMr1wQAnRDn wZ/4ZMxOuguYExcRXcBcQqXn =oR9K =END PGP SIGNATURE= -- From: zapzing [EMAIL PROTECTED] Subject: Re: safer style sboxes Date: Sat, 27 May 2000 02:36:00 GMT In article [EMAIL PROTECTED], Jerry Coffin [EMAIL PROTECTED] wrote: In article 8gfjlh$ib5$[EMAIL PROTECTED], [EMAIL PROTECTED] says... In fairness, I think there's more than practicality at work here though: as Bruce Schneier has pointed out, it doesn't take much talent to design a cipher that's probably secure as long as you don't mind designing something that's slow, takes lots of memory, and so on. For most cryptologists, the challenge is in creating a cipher that uses the bare minimum of resources, but still makes optimal use of the key and provides as much security as possible for that key size. I think you have hit the nail on the head. Another word for it would be "Brinksmanship". Just why cryptologists do this is unclear. The universe is a figment of its own imagination. -- If you know about a retail source of inexpensive DES chips, please let me know, thanks. Sent via Deja.com http://www.deja.com/ Before you buy. -- From: [EMAIL PROTECTED] (Paul Rubin) Subject: Re: Retail distributors of DES chips? Date: 27 May 2000 02:50:08 GMT In article 8gn72l$2vq$[EMAIL PROTECTED], zapzing [EMAIL PROTECTED] wrote: Yup. tamper resistance is the point. I can't find your stuff about "java buttons" but that doesn't mean much since deja has been so flakey lately. http://www.ibutton.com/java/ But how could something written in Java be considered a hardware solution? Is this a microprocessor application? Yes. The button has a secure microprocessor sealed inside, that runs a subset of Java. You write mini-applets and load them into the button. -- From: "Michael Brown" [EMAIL PROTECTED] Subject: Re: Matrix key distribution? Date: Sat, 27 May 2000 02:52:31 GMT Douglas A. Gwyn [EMAIL PROTECTED] wrote in article
Cryptography-Digest Digest #870
Cryptography-Digest Digest #870, Volume #11 Sat, 27 May 00 12:13:01 EDT Contents: Re: Another sci.crypt Cipher (tomstd) Re: list of prime numbers (tomstd) Attack on SC6a (sci.crypt cipher) (tomstd) Re: Attack on SC6a (sci.crypt cipher) (tomstd) Re: The Code Book / Are factor techniques really that secure? (DigiboyCiPHER) Re: Attack on SC6a (sci.crypt cipher) (tomstd) Re: HTML encryption (DigiboyCiPHER) Re: RSA/PK Question (tomstd) Re: Enigma reflectors (John Savard) Re: list of prime numbers (DJohn37050) Re: Attack on SC6a (sci.crypt cipher) ("Scott Fluhrer") Re: RSA/PK Question ("Trevor L. Jackson, III") Re: RSA/PK Question ("Trevor L. Jackson, III") Re: Encryption within newsgroup postings (zapzing) Re: RSA/PK Question (tomstd) Re: Retail distributors of DES chips? (zapzing) Subject: Re: Another sci.crypt Cipher From: tomstd [EMAIL PROTECTED] Date: Sat, 27 May 2000 03:47:11 -0700 In article 8gnnmv$dma$[EMAIL PROTECTED], matthew_fisher@my- deja.com wrote: In article [EMAIL PROTECTED], tomstd [EMAIL PROTECTED] wrote: In article [EMAIL PROTECTED], [EMAIL PROTECTED] (Mark Wooding) wrote: A nice attack. I had trouble reproducing it, though. If I were to implement this on reduce rounds (for the fun of it), would I just take a plaintext (A,B) and (A,B xor 0001) and look for the output difference of (A xor 0003, B) after 3 or 4 rounds? I am not clear on this part. BTWx2 Thanks for the info, I really want to learn from this. BTWx3 I designed this cipher so I could break it. So I am not disappointed it was broken, just that I didn't do it first. Tom Tom, Here is even a better attack, I believe. The code is at the end, make sure you reduce the rounds to 6! The differential is 00 00 00 0c - 00 00 00 0c 4/256 for box 0. I noticed that all of the entries in sbox 0 ended in 0,4,8 or C. I though it might be possible to get a truncated differential of the form 00 00 00 xx - 00 00 00 xx. Sure enough 0x0c does just that. I copied your source code onto of my ref source code and http://www.tomstdenis.com/tc1mf.c Is the result. I don't see your "trait" for both words even after 2 rounds. I do see the 0x000c in the first word, but it's gone after 4 rounds... Maybe I did it wrong? Tom * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network * The fastest and easiest way to search and participate in Usenet - Free! -- Subject: Re: list of prime numbers From: tomstd [EMAIL PROTECTED] Date: Sat, 27 May 2000 03:57:14 -0700 In article [EMAIL PROTECTED], [EMAIL PROTECTED] (Daniel) wrote: On Thu, 25 May 2000 21:50:00 GMT, [EMAIL PROTECTED] (Dan Day) wrote: Daniel, what were you hoping to do with the list? If you'll explain your application, we can help you address your problem more directly, since keeping a "list" of primes is likely to be a poor way to get the job done, whatever it is. Thanks for all the replies. I'm trying to understand RSA and want to be able to factor a given 'public modulus'. Or try it at least ;-) If one has a large number (say 150 digits), what are the ways to try and break this up into its factors? Where does one start? I think that there can only be a limited list of possible prime numbers which will actually (when multiplied) come up with the correct public modulus. Or am I wrong about this? All information is greatly appreciated. You are right there is a finite number of prime factors of the modulus. Problem is there is over 2^400 of them for a 300 digit number. Just trying them all is a bad idea. There is a lot of wierd math, but if you want to look at it, get the hand book of applied crypto and read the section on QS. That's a good starting point I guess.. or maybe fermats method they are somewhat related in their usage of N^2 - N... It's all wierd math though... Tom * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network * The fastest and easiest way to search and participate in Usenet - Free! -- Subject: Attack on SC6a (sci.crypt cipher) From: tomstd [EMAIL PROTECTED] Date: Sat, 27 May 2000 04:02:47 -0700 From his paper: One round of SC6a is as follows: in1 = a ^ c in2 = b ^ d (out1, out2) = f(in1, in2) a = a ^ out2 b = b ^ out1 c = c ^ out2 d = d ^ out1 swap (b, c) -- Well if I can find pairs such that a ^ c = a' ^ c' then I can run a difference thru his F function, and have a zero out with a probability of zero. There are 2^16 ways to get this difference too. His 'swap(b, c)' won't fix it either because (b, d) have a zero difference anyways (you change the (a, c) input and keep (b, d) the same). So this difference should go thru all rounds with prob=1. I conclude (if I got it right) his cipher is broken. Tom * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network * The fastest and
Cryptography-Digest Digest #871
Cryptography-Digest Digest #871, Volume #11 Sat, 27 May 00 14:13:01 EDT Contents: Re: Attack on SC6a (sci.crypt cipher) ("Scott Fluhrer") Best crypto if encrypted AND plain text are known (and small) ? (TheGame) Re: Comments requested: One way function blast() (zapzing) Re: More on Pi and randomness ("Trevor L. Jackson, III") Re: Another sci.crypt Cipher ([EMAIL PROTECTED]) Re: Anti-Evidence Eliminator messages, have they reached a burn-out po (No User) Re: Retail distributors of DES chips? ("Trevor L. Jackson, III") Re: looking for an 8-byte long output hashing function ("Trevor L. Jackson, III") Re: Anti-Evidence Eliminator messages, have they reached a burn-out po (Joe@Joe's.bargrill.org) Re: Another sci.crypt Cipher (tomstd) Re: RSA/PK Question ("Trevor L. Jackson, III") getting easy primes ([EMAIL PROTECTED]) From: "Scott Fluhrer" [EMAIL PROTECTED] Subject: Re: Attack on SC6a (sci.crypt cipher) Date: Sat, 27 May 2000 08:51:18 -0700 Scott Fluhrer [EMAIL PROTECTED] wrote in message news:8goo7m$km8$[EMAIL PROTECTED]... tomstd [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... From his paper: One round of SC6a is as follows: in1 = a ^ c in2 = b ^ d (out1, out2) = f(in1, in2) a = a ^ out2 b = b ^ out1 c = c ^ out2 d = d ^ out1 swap (b, c) -- Well if I can find pairs such that a ^ c = a' ^ c' then I can run a difference thru his F function, and have a zero out with a probability of zero. There are 2^16 ways to get this difference too. His 'swap(b, c)' won't fix it either because (b, d) have a zero difference anyways (you change the (a, c) input and keep (b, d) the same). So this difference should go thru all rounds with prob=1. I conclude (if I got it right) his cipher is broken. To make this observation work, assume the same differential on all four words. That is, you start with a differential (x,x,x,x), for some x. Or, to write it out explicitly: a^a' = x b^b' = x c^c' = x d^d' = x Then, if you go through a round, you get an output differential of (x,x,x,x) with probability 1. Now, this implies that if Encrypt( a, b, c, d ) = ( e, f, g, h ), then for all x: Encrypt( a^x, b^x, c^x, d^x ) = ( e^x, f^x, g^x, h^x ) Now, this is certainly is a certficational weakness, and if the attacker has one plaintext-ciphertext pair, this gives him 2**32-1 more "for free". It is difficult to see how to turn observation into a key-recovery attack. Spoke too soon. I ignored the whitening and the PHT transforms at the front and the back. My observation holds true only for the core rounds. However, the whitening/PHT transformations does not eliminate the certificational weakness and allows for a partial key-recovery attack. The certificational weakness: suppose we start out with a differential (0,X,0,0) where X == 0x8000. This differential goes through pre-whitening unchanged with probability 1. After the PHT transform, it becomes the differential (X, X, X, X) with probability 1. As above, it goes through the core rounds unaffected with probability 1. After the second set of PHT transforms, it becomes the differential (0,X,0,0) with probability 1, and after post-whitening, you get the output differential (0,X,0,0) with probability 1. Now, the key recovery attack -- we'll try to recover the pre and postwhitening keys. Suppose you give the cipher the differential (0,Y,0,0), where Y = 0x4000. Then, (according to a quick program I wrote) it will present the differential (Y,Y,Y,Y) to the core round only if the bit 30 of each word after the whitening is one of: ( 0, 0, 0, 0 ) with differential Y on b ( 0, 0, 1, 0 ) with differential X+Y on b ( 0, 1, 1, 0 ) with differential X+Y on b ( 1, 0, 0, 1 ) with differential Y on b If it isn't one of these four settings, it will present an uneven differential to the core, which should output an essentially random differential. The post-PHT/whitening phase has insufficient avalanche to disguise a (Y,Y,Y,Y) differential to the core. Sending a small series of well-chosen differentials, and seeing which falls into one of the four categories, and which doesn't, should allow us to deduce the value of bit 30 of the pre-whitening keys. Once we have that, we can move on to work on bit 29 in a similar manner. Obtaining the postwhitening keys should be similar -- if the core outputs a differential (Y,Y,Y,Y), we can look to see how to propogates through the post-whitening, and deduce those key bits. I have not examined the key scheduling, and so I cannot say how deducing bits 0-30 of the pre/post whitening (this attack doesn't give you bit 31) helps you gain the rest of the key. -- poncho -- From: [EMAIL PROTECTED] (TheGame) Subject: Best crypto if encrypted AND plain text are known (and small) ? Date: Sat, 27 May 2000
Cryptography-Digest Digest #872
Cryptography-Digest Digest #872, Volume #11 Sat, 27 May 00 16:13:01 EDT Contents: Re: looking for an 8-byte long output hashing function (Bill Unruh) Re: Another possible 3DES mode. (John Savard) Re: Short Secure Serial Numbers (Scott Nelson) Re: Another sci.crypt Cipher ([EMAIL PROTECTED]) Re: Patent state of Elliptic Curve PK systems? (David Hopwood) Re: Short signatures (David Hopwood) Re: OAP-L3: Version 5.x Revealed (Anthony Stephen Szopa) Re: RSA/PK Question (Roger Schlafly) Re: Best crypto if encrypted AND plain text are known (and small) ? ("Thomas M. Sommers") Re: Another sci.crypt Cipher (tomstd) Re: list of prime numbers (Johnny Bravo) Re: Enigma reflectors ("Thomas M. Sommers") Re: Another sci.crypt Cipher ([EMAIL PROTECTED]) Re: list of prime numbers ([EMAIL PROTECTED]) Re: Best crypto if encrypted AND plain text are known (and small) ? (TheGame) From: [EMAIL PROTECTED] (Bill Unruh) Subject: Re: looking for an 8-byte long output hashing function Date: 27 May 2000 18:12:21 GMT In T1IX4.103419$[EMAIL PROTECTED] "Jean-Luc" [EMAIL PROTECTED] writes: ]For a development task, I would need to use a hashing function with an ]output of 8 bytes (and not 16 or 20 like the popular algorithms). The ]increased collision is acceptable within the context of the application ](because of the lockout of the hardware token after several failed logins). ]However, I haven't been able to find such a function. Is there one? I've ]already searched the web and the Usenet but haven't found anything relevant. The first 8 bytes of the output of a 16 or 20 byte hash is an 8 byte hash. -- From: [EMAIL PROTECTED] (John Savard) Subject: Re: Another possible 3DES mode. Date: Sat, 27 May 2000 18:16:04 GMT On 24 May 2000 08:15:04 -0700, [EMAIL PROTECTED] (David A. Wagner) wrote, in part: In article 8gfo3a$l88$[EMAIL PROTECTED], zapzing [EMAIL PROTECTED] wrote: In the faq, the following idea was suggested as a way of accomplishing 3DES on an enlarged block: F(x)=Tran(E(k1,Tran(E(k2,Tran(E(k3,Tran(x))) I believe there are weaknesses in this -- Paul Crowley found an especially pretty attack -- and I do not recommend its use. See http://www.hedonism.demon.co.uk/paul/crypto/dtdtd.html. I liked it so much, I added a description of the attack to my site, in the section on block cipher modes at http://ecn.ab.ca/~jsavard/co0409.htm I am planning to add to my site, soon, a description of genetic algorithms and hill-climbing techniques. John Savard (teneerf -) http://www.ecn.ab.ca/~jsavard/ -- From: [EMAIL PROTECTED] (Scott Nelson) Subject: Re: Short Secure Serial Numbers Reply-To: [EMAIL PROTECTED] Date: Sat, 27 May 2000 18:52:29 GMT On 25 May 2000 "Rick Heylen" [EMAIL PROTECTED] wrote: I am trying to find a solution to the following problem. We have a serial number which the user types in (so it can't be too long). The serial number contains some information like a product ID, user number etc with a total information content of about 96 bits and 40 bits of "checksum" with the idea being that for all possible information contents, there is only one valid checksum and that in order to find a valid serial number, an attacker would have to test on average 2^39 possibilities. The code that verifies the serial number is public but we'd still like it to be time-consuming to generate different valid serial numbers. Normal public key cryptography would be suitable except that the message size for the system to be secure would be longer than what a user would be happy to type in. Has anybody got any ideas? If you only want 40 bit security, then you could just hash all the information provided with SHA1 or MD5, and look at the bottom 40 bits. If they're all 0, (or any other value you like) then accept the serial number as valid. To produce the serial number, just try pseudo random values until you get one that works. Scott Nelson [EMAIL PROTECTED] -- From: [EMAIL PROTECTED] Subject: Re: Another sci.crypt Cipher Date: Sat, 27 May 2000 18:54:48 GMT In article [EMAIL PROTECTED], tomstd [EMAIL PROTECTED] wrote: In article 8goumb$6qa$[EMAIL PROTECTED], matthew_fisher@my- deja.com wrote: Tom, ... What enhancements ? I just cleaned up the code. The the kbhit and the counter print out. BTW how did you find those differentials anyways? That is why I made this cipher. I want to learn how to spot them in less-then- obvious cases. Tom Just by looking at the sboxes, mostly. The low bytes in the 0 box are in a small set (0,4,8,C). So I got the idea to go from the set back to the same set. I wrote a short program along these lines for(i=0;i256;i++) for(j=i+1;j256;j++) { // look for S[i]^S[j] = 0x00xx if(((sbox[0][i]^sbox[0][j])0xFF00) ==0) { diffArray[i^j][sbox[0][i]^sbox[0][j]]++
Cryptography-Digest Digest #873
Cryptography-Digest Digest #873, Volume #11 Sat, 27 May 00 20:13:01 EDT Contents: AES times on the Alpha 21164 with Parallel encryption (Kenneth Almquist) CAST Sboxes -- need help (tomstd) Re: A Family of Algorithms, Base78Ct (wtshaw) Re: AES final comment deadline is May 15 (Kenneth Almquist) Re: Free Software (Richard Heathfield) Re: Anti-Evidence Eliminator messages, have they reached a burn-out po (Steve) Re: Anti-Evidence Eliminator messages, have they reached a burn-out po (jungle) Re: Another sci.crypt Cipher (Mark Wooding) Re: list of prime numbers (Tim Tyler) Source for SHA-1 and Export Control ("Jamie Nettles") Re: Another sci.crypt Cipher (tomstd) Re: Another sci.crypt Cipher (Mark Wooding) Re: Anti-Evidence Eliminator messages, have they reached a burn-out po (No User) Re: Source for SHA-1 and Export Control (tomstd) Re: Base Encryption: Revolutionary Cypher (Tim Tyler) Re: Anti-Evidence Eliminator messages, have they reached a burn-out po (jungle) Re: Matrix key distribution? (Mark Wooding) Re: Retail distributors of DES chips? (zapzing) From: [EMAIL PROTECTED] (Kenneth Almquist) Subject: AES times on the Alpha 21164 with Parallel encryption Date: Sat, 27 May 2000 20:40:56 GMT In the discussion on hardware timings of the AES candidates, some posters have suggested that encryption/decryption speed is not a particularly useful measure of performance because you can get more throughput from a slow algorithm by performing multiple encryptions in parallel. While I'm not totally convinced by this argument, I did do some back of the envelope calculations of the time required to encrypt and decrypt two blocks in parallel on the Alpha 21164. single doublequad RC6/decrypt 894 628 RC6/encrypt 934 648 Rijndael/128 680 660 Twofish 720 700 Rijndael/192 816 792 Mars/decrypt 902 802 Mars/encrypt 956 802 Rijndael/256 952 924 Serpent 183010141931 The column labeled "single" gives twice the time to encrypt a single block, and the column labeled double gives the time to encrypt two blocks in parallel. Twofish and Rijndael are slightly faster in the parallel encryption mode because they only load the round keys once for each block. RC6 is significantly faster because when encrypting a single block there is a large amount of time where the processor is stalled waiting for the results of the multiply operation. The same effect also applies to Mars to a lesser degree. Serpent benefits the most from parallel encryption because it can store two 32 bit words in each 64 bit register and operate on them in parallel. It is not quite twice as fast because additional mask operations are required on the results of shifts in this mode. Also, 6 cycles are devoted to packing the 32 bit words into registers. For Serpent, I also give the time to encrypt four blocks in parallel. The net result is that if parallel encryption is the benchmark, then RC6 is the fastest on the Alpha 21164, and the gap between Serpent and the other algorithms becomes much smaller. I should caution that I haven't put a lot of work into checking these numbers, so there could be mistakes here. Kenneth Almquist -- Subject: CAST Sboxes -- need help From: tomstd [EMAIL PROTECTED] Date: Sat, 27 May 2000 13:43:14 -0700 I have read several of the CAST papers over and over and over and over, and I can't seem to grasp how they actually made the 32x32 sboxes (using four 8x32) or how their 'permute' function works to make bijective sboxes. Any help? Tom * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network * The fastest and easiest way to search and participate in Usenet - Free! -- From: [EMAIL PROTECTED] (wtshaw) Subject: Re: A Family of Algorithms, Base78Ct Date: Sat, 27 May 2000 14:21:08 -0600 In article [EMAIL PROTECTED], Mok-Kong Shen [EMAIL PROTECTED] wrote: Certainly you are right in questioning whether it is worthwhile to add all sorts of bells and whistles. I like nevertheless to indicate that adding a randomly chosen number is a shifting, i.e. akin to a Vigenere in principle. M. K. Shen It used top be that having lots of component operations, various primatives and otherwise, was apt to cause more confusion for code clerks than they were worth; so it is with hand ciphers. Part of neoclassical thought is that such confusing layers can now be handled in more or less a streamlike fashion in a good implementation. That means that while simplicity is preferred if available, with advances in computer speed, all sorts of madding algorithms can be considered for their result alone. Likewise, so much unexpected keyspace
Cryptography-Digest Digest #874
Cryptography-Digest Digest #874, Volume #11 Sat, 27 May 00 21:13:01 EDT Contents: Re: Anti-Evidence Eliminator messages, have they reached a burn-out po (Joe@Joe's.bargrill.org) Re: Another sci.crypt Cipher (Mark Wooding) Re: Another possible 3DES mode. (zapzing) Re: Another possible 3DES mode. (zapzing) Re: Another sci.crypt Cipher (tomstd) Self Shrinking LFSR (tomstd) Re: Anti-Evidence Eliminator messages, have they reached a burn-out po (Griffin) Re: Another sci.crypt Cipher (Mark Wooding) From: Joe@Joe's.bargrill.org Crossposted-To: alt.privacy,alt.privacy.anon-server,alt.security.pgp Subject: Re: Anti-Evidence Eliminator messages, have they reached a burn-out po Date: Sun, 28 May 2000 00:01:08 +0100 On Sat, 27 May 2000 22:15:07 GMT, [EMAIL PROTECTED] (Steve) wrote: On Sat, 27 May 2000 17:38:32 +0100, Joe@Joe's.bargrill.org wrote: And exactly how are they to defend themselves against the constant barrage of lies regarding their software? If they do not defend themselves, the lies will become truth in the minds of most. Every EE thread I've seen for weeks now has been started by EE spam. Get real! They reply to scurrilous attacks. Unless you wish to claim that they themselves are "planting" these attacks. The only "lies" I have seen have been EE claims that their stuff defeats forensic software "costing thousands of dollars", followed by a consistent refusal to name the software they tested it against. They have repeatedly told people to download the forensic ware and see for themselves. I personally have not seen one reply where their detractors have tried forensic methods on EE and said it failed the test. As usual on Usenet, it's easier to shoot off your mouth than to produce real proof. Fake controversy calculated to draw attention is all I see in the EE threads. Oh, then you DO accuse them of planting these attacks on themselves. That, and a couple of people who had their system registy eaten by an early, buggy version of EE, This could have been the result of many other pieces of software on their machines. Windows itself is the buggiest piece of crap in the world. and a bunch of people pissed off at EE for spamming. Defending themselves against mean spirited agendists such as you is NOT spam. Make no mistake about it -- some people are out to deliberately destroy this product. EE is not merely indulging themselves in the art of spamming. I think they are fighting for their corporate life. If they are fighting for their corporate lives, it is because they shoot themselves in the foot every time they fire up a news reader and say, "oh goody free advertising, that's what newsgroups are for". Which reminds me to mention: Eraser does 99% of the job EE does, for free, without added system overhead. Eraser is an overly complicated technoid's toy, worthless and dangerous in the hands of the naive. Naive meaning most of us who don't give a rat's behind how things are done as long as they are done and done right. Eraser's Help section is a technnoid's delight, but a laymen's nightmare. Not all of us give a fig about registry streams, let alone know that they even exist. This is one reason EE shines. Their Help section is a delight in clarity. Their program knows what has to be done and does it. I don't have to know squat. The latter is called good marketing. How far would the Web gotten if every thing was still non gui -- meaning DOS or UNIX? Just add any files and directories you consider sensitive to the task list, and choose whether to wipe them on schedule or on demand. http://www.tolvanen.com/eraser/ Yeah, right. Like some of us even knew or cared that a RECENT directory even existed. Remember, a dollar spent with EE, is a vote for spam in newsgroups. A dollar spent for EE is a vote for individual freedom of thought and the right to privacy. I bought it awhile back and use it everyday. I think it's one the most indispensable pieces of software I own. Did it ever occur to you that maybe some of EE's chief detractors wear badges?lll If you have a real reason to worry about people who wear badges, you better start worrying about your ISP logging all your internet traffic, and handing over your archived e-mail (typically four to six months of it), both of which are routinely done by most ISPs at the request of any officer of the court. You should also worry about packet sniffers, keyloggers, remote administration tools, and BTW check your network and file share settings. There are some thing one can cure; there are other things one has to live with on the Web. Proxies, encryption, are some of the ways around many of the problems. The problem really is that the average Web user is only beginning to find out how vulnerable they are on the Web. EE is a clear solution in helping them be less so. Evidence Eliminator does not eliminate
Cryptography-Digest Digest #875
Cryptography-Digest Digest #875, Volume #11 Sat, 27 May 00 23:13:00 EDT Contents: Re: Crypto patentability ("Paul Pires") Storin update (Mark Wooding) Re: Best crypto if encrypted AND plain text are known (and small) ? (zapzing) Re: Crypto patentability ("Paul Pires") Re: Another sci.crypt Cipher (tomstd) Re: Another sci.crypt Cipher (tomstd) Onefish -- TC2 (tomstd) Re: Self Shrinking LFSR (tomstd) Re: Destructive crypting ([EMAIL PROTECTED]) Re: Matrix key distribution? ("Michael Brown") Re: Matrix key distribution? ("Michael Brown") From: "Paul Pires" [EMAIL PROTECTED] Subject: Re: Crypto patentability Date: Sat, 27 May 2000 17:59:19 -0700 Bill Unruh [EMAIL PROTECTED] wrote in message news:8gnij5$3ds$[EMAIL PROTECTED]... In ZWJW4.42912$[EMAIL PROTECTED] "Paul Pires" [EMAIL PROTECTED] writes: ] The problem is that to prove invalidity requires a court case, a very ] long, very expensive court case if the patent holder has deep pockets. ]No, not really. you don't sue some one if you think their patent is bad, you ]infringe and win the suit for infringement the inventor brings. Of course, ]if you knowingly infringe and loose it's trebil damages. You are saying the same thing. Who brings the suit does not matter. It is a very long, very expensive court case if the patent holder has ddep pockets. And the onus is on you to prove invalidity. No and yes. I am not saying the same thing. It sounded as if you meant that if there was an existing patent, you had to go to court i.e. infringement = lawsuit. I pointed out that infringemnt = opportunity for inventor to bring suit. If he looks at your arguments he probably won't (assuming they are valid). If you have done this indefensibly, you deserve to be sued. Yes, the onus is on you to prove inalidness (invalidity?) maybe that too. ] Most people or companies are not up to that even if the patent is ] patently invalid. It is thus crucial that the patent office do a good ] job in assigning patents. ]This is our disagreement. I've been there and I think they do a pretty good ]job now. I think the job is a whole lot tougher than you think. Disagreement? You feel it is not important that the patent office do a good job? You know my feelings? how much do I owe you? I said I thought they are doing a good job now. This is the reason, and not a "feeling", for my lack of panic and outrage. Yes, we dissagree. Is that hard for you to agree with? Ever watch Monty Python? "That isn't an argument!" "Yes it is!" "No it isn't"" "Then why are we arguing?" "Were not arguing!" "Yes we are!" ] ] The whole purpose of patents was to encourage the publication of the ] patented material, rather than have people try to keep it secret with ] trade secrecy laws. In the case of software, it is hard to keep stuff ] secret anyway-- it is too easy to disassemble the stuff if you really ] want to know. This removes a big reason why patents exist at all. ] They were never intended as a "reward" for invention. ]I Stongly disagree and I believe history supports it. You don't get a patent ]for disclosing a good Idea, it must be invention. Invention (Or more likely ]the personal investment in the developement of it) is clearly being rewarded ]with a monopoly for a period of time. after that the invention can never be ]patented again by any one. ?? What is your disagreement? See Monty above: Look, we're both wrong in an absolute sense. Except that the wrong part of your assertion has been snipped out. If ((Invention == true) (full disclosure == true) ((Invention != prior art)) = True -AND- a whole bunch of cash invested with no gaurantee then you might have a patent. The only exemption from the invention requirement was made by the Supreme Court for Edison and it was confined to "long sought and known as advantageous and yet not achieved". This was for the light bulb. No, Edison did not invent it. Another urban myth bites the dust. Kids, don't try this one at home. The USPTO still doesn't like it and you too will have to take it to the Supreme Court. Beurocrats burned have a long memory. It is not the invention that is rewarded. You can invent stuff and keep it secret and you will NOT get a monopoly. It is not the invention that is rewarded, it is the publication through the patent. It is only the publication of non trivial or new stuff as well, yes. ]It was purely a ] very mercinary bargain-- you tell us what you have done, and we give you ] a monopoly for X years. Whether patents on software serve that purpose-- ] ie whetehr the public gets a good deal out of such patents-- is highly ] debatable. Thus so is allowing patents of software. ] ] Copyright is similar. Copyright is another bargain-- you write or ] produce something, we will give you a monopoly on copying that something ] for X years ( where x is like 75 years
Cryptography-Digest Digest #876
Cryptography-Digest Digest #876, Volume #11 Sun, 28 May 00 01:13:01 EDT Contents: encryption without zeros (rick2) Re: Self Shrinking LFSR (lordcow77) Re: RIP Bill 3rd Reading in Parliament TODAY 8th May (A_Customer_at_an_easyEverything_Cybercafe) Re: PGP wipe how good is it versus hardware recovery of HD? ("Dulando") Re: encryption without zeros (lordcow77) Re: Encryption/Decryption code ([EMAIL PROTECTED]) From: rick2 [EMAIL PROTECTED] Subject: encryption without zeros Date: Sun, 28 May 2000 03:35:07 GMT I would like to use some strong encryption but need to have the output not have any zeros (needs to fit into zero-terminated data chunks). What would be the smallest and fastest way to mask the zeros? I've seen some people expand every 7 bits to 8, but that seems wasteful (expands to 114% of original size, or so) and takes time (every output byte needs to be shifted). Just for kicks, I'm currently using bit-shifting only, which will never produce a zero from a non-zero byte. I guess that's not a strong encryption routine, though. Is there any strong routine which doesn't make zeros from non-zero data? Thanks in advance. RB -- Subject: Re: Self Shrinking LFSR From: lordcow77 [EMAIL PROTECTED] Date: Sat, 27 May 2000 20:47:10 -0700 How did you generate the poly? * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network * The fastest and easiest way to search and participate in Usenet - Free! -- From: [EMAIL PROTECTED] (A_Customer_at_an_easyEverything_Cybercafe) Crossposted-To: uk.media.newspapers,uk.legal,alt.security.pgp,alt.privacy,uk.politics.parliament,uk.politics.crime,talk.politics.crypto,alt.ph.uk,alt.conspiracy.spy,alt.politics.uk,uk.telecom Subject: Re: RIP Bill 3rd Reading in Parliament TODAY 8th May Date: Sun, 28 May 2000 03:52:21 GMT Reply-To: [EMAIL PROTECTED] On Mon, 8 May 2000 14:31:20 +0100, "NoSpam" [EMAIL PROTECTED] wrote: plans were already far advanced for a law that would stop ILOVEYOU ever happening again. Yes, it's that darn RIP bill, still struggling to find supporters in the real world" If they want to stop I Love you virii, why dont they just get everybody to use a secure mail reader? surely it wouldnt cost them a lot to switch to somerthing secure, like pine, or any other *nix mail reader, or even some windows readers are not too bad. Why spent money on a bill that restricts human rights when you could have abetter solution for all for free? Dav -- From: "Dulando" [EMAIL PROTECTED] Subject: Re: PGP wipe how good is it versus hardware recovery of HD? Date: Sun, 28 May 2000 03:51:40 GMT I have a program called shredder which I believes overwrites a file 7 times with random data to try and prevent hardware recovery of deleted files aka the story in the WSJ. Does PGP wipe function do this or does it only overwrite once? Salutations, PGP wipe utility overwrites the victim file 7 or more times, I am not certain about the actual number of overwriting that occurs but I am confident that it is more than one. As for hardware recovery, overwriting a file with random data is a good precaution but it is not a 100% sure way to securely erase a file--however I do stress that it is better than nothing. Sincerely, Michael -- Subject: Re: encryption without zeros From: lordcow77 [EMAIL PROTECTED] Date: Sat, 27 May 2000 20:56:32 -0700 Designate a symbol as an escape character. Escape out the zeros and double the escape character to indicate itself. It should expand the message less than 1%. * Sent from RemarQ http://www.remarq.com The Internet's Discussion Network * The fastest and easiest way to search and participate in Usenet - Free! -- From: [EMAIL PROTECTED] Crossposted-To: comp.databases.ms-access Subject: Re: Encryption/Decryption code Date: Sun, 28 May 2000 04:58:55 GMT Rather a novel approach. I believe there are a number of freeware crypto libraries around that would give you stronger encryption, and have required less ingenuity on your part. :-) Have taken the liberty of cross posting to sci.crypt [To sci.crypt, if you want to flame for this *do not* flame Crying Wolf] as some of the bods there may 1. find the code interesting 2. advise you of any weaknesses in: a. your code b. the level of encryption achieved c. your security model 3. advise you (and others looking for similar) of other alternatives and sites to check out. In terms of your security model, have you contemplated that if your purpose is really to protect the HR data against a genuine concerted attack incuding from the developer, then you need to make your own code tamper proof. Otherwise, the developer could at some stage edit the encryption routine so that it doesn't really encrypt anymore, or so it captures and