Cryptography-Digest Digest #540
Cryptography-Digest Digest #540, Volume #12 Sat, 26 Aug 00 08:13:01 EDT
Contents:
Re: "Warn when encrypting to keys with an ADK" (jungle)
Re: blowfish problem ("Kelsey Bjarnason")
7 mil, how this usage of PGP has been calculated ? (jungle)
Re: PROMIS-software for worldwide spy network by US/Isreal (Mok-Kong Shen)
Re: PRNG Test Theory (Mok-Kong Shen)
Re: Best way! (Mok-Kong Shen)
Re: 1-time pad is not secure... (Tim Tyler)
cryptlib ("Rémi FOREST")
Re: DeCSS ruling -- More ("Stou Sandalski")
Re: DES: Say it or spell it? (Newbie question) ("Richard Bembridge")
You _DONT_ want a quantum computer. ("Detonate")
PGP 6.5.8 test: That's NOT enough !!! ("Michel Bouissou")
stegonographic overuse ("Detonate")
Re: PROMIS-software for worldwide spy network by US/Isreal ("Stou Sandalski")
Re: DeCSS ruling -- More (No User)
Re: stegonographic overuse ([EMAIL PROTECTED])
Re: PGP 6.5.8 test: That's NOT enough !!! ("JL")
From: jungle <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: "Warn when encrypting to keys with an ADK"
Date: Sat, 26 Aug 2000 03:55:37 -0400
help me ...
how should I understand 4 keys provided ?
which key is tempered & which has correctly added ADK ?
assuming that I will have only these 4 public keys & this would be the case
when I will receive them from owner ...
which public key can not be identified [ by normal available PGP futures ] as
the tempered ADK ?
when I'm importing any of these 4 keys, I see without any doubt which key has
ADK ...
therefore where is the problem at the key import ?
I can refuse to import any key with ADK attached, this is simple ...
in fact, every user can reject ADK keys, where is the problem ?
"S.R. Heller" wrote:
>
>
> The keys include private keys, which all have the passphrase
> "testing".
>
> Steve H.
--
From: "Kelsey Bjarnason" <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.c
Subject: Re: blowfish problem
Date: Sat, 26 Aug 2000 01:27:08 -0700
[snips]
"Kaz Kylheku" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Thu, 24 Aug 2000 19:01:58 -0700, Spud <[EMAIL PROTECTED]>
wrote:
> >The only disagreement involved was my disagreeing with arguments that did
> >absolutely nothing to actually resolve the issue. For example, the
comments
> >about memcpy; they didn't matter, because the requirements would have
held
> >true in either case, so the introduction of memcpy added absolutely
nothing
> >in answering the question.
>
> How so? If memcpy copied only half of every 16 bit byte in your example
> implementation, due to characters being only 8 bits wide,
Well, let's see what we've got.
6.2.5
[#4] Values stored in objects of any other object type
consist of n×CHAR_BIT bits, where n is the size of an object
of that type, in bytes. The value may be copied into an
object of type unsigned char [n] (e.g., by memcpy);
Note that "size in bytes" is open to some interpretation (again, within the
confines of this hypothetical compiler; we've ascertained elsewhere that
yes, char and byte are synonymous, so this discussion is _purely_ abstract).
The implementation in question uses 16-bit bytes, 8 bit chars, and 32-bit
ints... but defines sizeof(char) as 1; that means that sizeof(int), if
measured in chars, must be 4. Can it do this? Certainly.
If we do _not_ assume an equivalence, the implementation is free to chop
things up as it sees fit, as long as code still works. So when you alias
your int by a pointer-to-unsigned-char, for example, it requires _four_
accesses to retrieve the whole value. When you memcpy, if requires four
reads to retrieve the value, four to write it.
>From the code's perspective, char and byte may as well be the same; they
can't tell the difference. However, that's _strictly_ within the confines
of the code; as soon as it starts talking to the outside world, things get
wierd.
> then it would clearly
> fail to be capable of copying the values of data objects which take
advantage
> of the full 16 bits.
Except there can be no such objects _internal_ to code based on the
implementation; only when accessing things _outside_ it, such as files
written by programs which use full 16-bit bytes. Internally, the code
cannot produce 16-bit objects (or, rather, objects composed of full 16-bit
bytes).
> Perhaps in your example implementation, *no* type uses more then 8 bits of
any
> 16 bit byte. If that is the case, then, effectively, the C implementation
has
> *defined* bytes as being 8 bits wide.
Actually, it defined chars as being 8 bits wide; the question was, how do we
know that, in fact, this means that _bytes_ are 8 bits? The memcpy
argument, for example, fails, because "The memcpy function copies n
characters from the object..." - note that
Cryptography-Digest Digest #541
Cryptography-Digest Digest #541, Volume #12 Sat, 26 Aug 00 11:13:01 EDT
Contents:
Re: cryptlib (Matt Johnston)
Re: PGP 6.5.8 test: That's NOT enough !!! (Keith)
Re: Serious PGP v5 & v6 bug! ("gleu")
Re: Bytes, octets, chars, and characters ("David Thompson")
Re: Best way! ([EMAIL PROTECTED])
Re: PRNG Test Theory ([EMAIL PROTECTED])
Re: Serious PGP v5 & v6 bug! (Keith)
Re: Best way! ("Big Boy Barry")
Quake III Arena authentication (Mathew Hendry)
Re: stegonographic overuse (John Savard)
Re: You _DONT_ want a quantum computer. (John Savard)
Re: Best way! ([EMAIL PROTECTED])
Re: Best way! ([EMAIL PROTECTED])
Re: PGP 6.5.8 test: That's NOT enough !!! ("Michel Bouissou")
Re: PROMIS-software for worldwide spy network by US/Isreal (Timothy M. Metzinger)
From: Matt Johnston <[EMAIL PROTECTED]>
Subject: Re: cryptlib
Reply-To: [EMAIL PROTECTED]
Date: Sat, 26 Aug 2000 20:29:57 +0800
Rémi FOREST wrote:
> Does anyone here use cryptlib
> (http://www.cs.auckland.ac.nz/~pgut001/cryptlib/ ) for programming ?
> How secure is it ?
I haven't actually used it, but i believe that it has a fairly good
reputation, as does the author.
Matt Johnston.
--
From: Keith <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: PGP 6.5.8 test: That's NOT enough !!!
Date: Sat, 26 Aug 2000 05:56:32 -0700
Reply-To: "Keith" <[EMAIL PROTECTED]>
=BEGIN PGP SIGNED MESSAGE=
On Sat, 26 Aug 2000 12:49:17 +0200, Michel Bouissou
<8o87bf$p7m$[EMAIL PROTECTED]> wrote:
>Where previous versions would show this key as having an ADK, and use
>the forged ADK, the "fixed" PGP 6.5.8 shows the forged key as being a
>normal, valid key, without any ADK.
There is no way for PGP to detect a forged key. That is what a signature and
trust values are for. As long as PGP removes and/or doesn't recognize the
forged ADK on a tampered key, which will lead to the encryption of a file or
message to the forged ADK, then that is the proper action.
=BEGIN PGP SIGNATURE=
Version: PGPfreeware 6.5.8 for non-commercial use
Comment: pgp keys available at http://strongsignals.com/pgpkeys.txt
iQEVAwUBOae+QHbKVHAo46vlAQEXhQgAsz6jNjGzBYeaT4Bpu+h1M3kgeHepXFfk
n86dx+j54MTiUj6y0fkgmtT2CR5Ev/hdqpLlDOdpOD3IoSJ3jFN1P2kZJWepdr+a
Aj4i1NVvwfrt5OFMtxlPtCr3GXv6e6JiGsTcoIeq5RmFm16BFHh2Zldryv5qfL+R
9HxWtMzoWPq5DZbg6+ZflaprV+VsnpPeWkObcFwryq/ZgrS8eXMrAFsQE7YoNJQB
5JgB2TXJSLp/tklR3blToA1XjSefbfZwJZ2YJfoq/n+jm1xC1sb+hSwrxiJS6RlK
u8qgTzkZenIUSXudLk3szp+JG/Cp5gBZaYmGarNpK5VwbplFi+1dBA==
=8L4/
=END PGP SIGNATURE=
--
Best Regards,
Keith
=
Where do you discover free software for Windows? Strongsignals DOT COM is a
great place to start: http://Strongsignals.com "If a man hasn't discovered
something that he will die for, he isn't fit to live." --Martin Luther King, Jr
--
From: "gleu" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: Serious PGP v5 & v6 bug!
Date: Sat, 26 Aug 2000 13:57:36 +0100
Ralf Muschall <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Ron B. <[EMAIL PROTECTED]> writes:
>
> > as the perfect employee. If Jane is has a heart attack, has a fatal
> > accident or for other reasons beyond her control is not available to
> > decrypt important data, the company may have legitmate reasons to
>
> Then it should be simple to ask the sender to resend the message,
> encrypted with Jane's successor's (or chief's) public key. In this
> situation, the sender has full power to decides who may read his
> messages, not some third person not authorized by him.
>
And what about the not-so-perfect employee which the company decides to sack
and the company still wishes to have access to the employee messages/data
... because they are relevant and legitimately belong to the company ?
>
> Remember that pgp is not for ecrypting locally stored data, like
> backups etc. (symmetric methods are better for this purpose), but only
> for the safe *transport* of messages.
>
> Ralf
--
From: "David Thompson" <[EMAIL PROTECTED]>
Crossposted-To: comp.lang.c,alt.folklore.computers
Subject: Re: Bytes, octets, chars, and characters
Date: Sat, 26 Aug 2000 13:03:44 GMT
John Savard <[EMAIL PROTECTED]> wrote :
...
> However, in the past, it had been customary to refer to a six-bit area
> in a computer's memory, where such an area was the span of memory
> occupied by a character of a text, as a character.
>
Not necessarily six bits. It is usual to refer to the storage for one
(fixed-length) character code as a character, yes, of course,
and six bits is enough for one (Roman) alphabet, (decimal) digits,
and modest
Cryptography-Digest Digest #542
Cryptography-Digest Digest #542, Volume #12 Sat, 26 Aug 00 13:13:00 EDT
Contents:
Re: Best way! ([EMAIL PROTECTED])
Re: Asymmetric Encryption Algorithms (DJohn37050)
Re: PGP 6.5.8 test: That's NOT enough !!! ("Nathan Williams")
Re: Serious PGP v5 & v6 bug! ("Nathan Williams")
Re: PGP 6.5.8 test: That's NOT enough !!! ("Peter Ihm")
Bytes, chars, and I/O (David Hopwood)
Re: Bytes, octets, chars, and characters (David Hopwood)
Re: New algorithm for the cipher contest ("Scott Fluhrer")
Re: PRNG Test Theory (Mok-Kong Shen)
Re: Serious PGP v5 & v6 bug! (Dave Howe)
Re: Best way! ("Big Boy Barry")
From: [EMAIL PROTECTED]
Subject: Re: Best way!
Date: Sat, 26 Aug 2000 15:13:03 GMT
In article <8o8j83$it4$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> In article <8o8iji$i97$[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
> > Obviously you have no clue what you are talking about.
> >
> > PGP is still secure iff you do not share your keys indirectly. Or
if
> > you use PGP 2.6.2.
> >
> > You can always try the Entrust package or GnuPG, or write your own.
> >
>
> You are the one who misunderstands the flaw in the PGP key packet
> specification. Even if you take all the precautions possible against
> someone attaching an ADK to your public key and use PGP 2.6.2,
somebody
> else might not be so careful when they are sending a message to you.
> They could have have obtained your public key and checked the key
> fingerprint and signature: doing either would not have detected the
> presence of an ADK without special effort. BTW, if you have to share
> keys directly, why are you using a PKCS. The flaw in PGP is real, and
> presents a potential DoS, if not a practical security risk. Which is
> not to say that the encryption used in PGP is not neccesarily strong,
> but the weakest link in a cryptosystem is usually the protocol or
> implementation.
And how, pretell do you attach an ADK to a key if you don't have
physical access to it?
And I would be using PKCS or something similar because it would offer
more key entropy then if I made up a conventional key with a friend.
If PGP could make up usefull 256 bit keys that I could lug around I
would use that instead.
>
> It's not iff, just if. Sharing keys directly is not a sufficient
> condition for the secure use of PGP. Your advice to the OP to write
his
> or her own security package is just wrong.
Why? I have, have you heard of Peekboo?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: [EMAIL PROTECTED] (DJohn37050)
Date: 26 Aug 2000 15:28:16 GMT
Subject: Re: Asymmetric Encryption Algorithms
Not online, distributed at a past ANSI X9F1 meeting. Come on Roger, at least
sometimes one would want to distribute a symmetric key with authentication
regarding where it came from!! Of course, key establishment itself is a
different matter, not provided by a signature.
Don Johnson
--
From: "Nathan Williams" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: PGP 6.5.8 test: That's NOT enough !!!
Date: Sat, 26 Aug 2000 15:31:15 GMT
=BEGIN PGP SIGNED MESSAGE=
Hash: SHA1
Keith,
I am surprised at your viewpoint. I would have to agree with the
others. PGP should at least warn the user that the key has
unrecognized elements or even show that the key has been subject to
this kind of attack.
I am assuming that this is a quick patch to stop the loophole in the
ADK and a more robust version will be forth coming.
Nathan Williams
"Keith" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> -BEGIN PGP SIGNED MESSAGE-
>
>
> On Sat, 26 Aug 2000 12:49:17 +0200, Michel Bouissou
> <8o87bf$p7m$[EMAIL PROTECTED]> wrote:
>
> >Where previous versions would show this key as having an ADK, and
> >use the forged ADK, the "fixed" PGP 6.5.8 shows the forged key as
> >being a normal, valid key, without any ADK.
>
> There is no way for PGP to detect a forged key. That is what a
> signature and trust values are for. As long as PGP removes and/or
> doesn't recognize the forged ADK on a tampered key, which will lead
> to the encryption of a file or message to the forged ADK, then that
> is the proper action.
>
>
>
> -BEGIN PGP SIGNATURE-
> Version: PGPfreeware 6.5.8 for non-commercial use
> Comment: pgp keys available at
> http://strongsignals.com/pgpkeys.txt
>
> iQEVAwUBOae+QHbKVHAo46vlAQEXhQgAsz6jNjGzBYeaT4Bpu+h1M3kgeHepXFfk
> n86dx+j54MTiUj6y0fkgmtT2CR5Ev/hdqpLlDOdpOD3IoSJ3jFN1P2kZJWepdr+a
> Aj4i1NVvwfrt5OFMtxlPtCr3GXv6e6JiGsTcoIeq5RmFm16BFHh2Zldryv5qfL+R
> 9HxWtMzoWPq5DZbg6+ZflaprV+VsnpPeWkObcFwryq/ZgrS8eXMrAFsQE7YoNJQB
> 5JgB2TXJSLp/tklR3blToA1XjSefbfZwJZ2YJfoq/n+jm1xC1sb+hSwrxiJS6RlK
> u8qgTzkZenIUSXudLk3szp+JG/Cp5gBZaYmGarNpK5VwbplFi+1dBA==
> =8L4/
> -END PGP SIGNATURE-
>
> --
> Best Regards,
>
> Keith
>
Cryptography-Digest Digest #543
Cryptography-Digest Digest #543, Volume #12 Sat, 26 Aug 00 15:13:01 EDT
Contents:
Re: PGP 6.5.8 test: That's NOT enough !!! ("Greg")
Hey Phil... ("Ed Suominen")
Re: The DeCSS ruling and the big shots (Eric Lee Green)
Re: PRNG Test Theory ([EMAIL PROTECTED])
Re: DeCSS ruling -- More (Eric Lee Green)
Re: Bytes, octets, chars, and characters (Ian Stirling)
Re: Best way! ([EMAIL PROTECTED])
I NEED WEBSITE FOR DOWN LOADIND DVD COPY DEVICE( ORIGIN) NORWAY 0
([EMAIL PROTECTED])
Re: PRNG Test Theory (Tim Tyler)
Re: Best way! ([EMAIL PROTECTED])
Re: PRNG Test Theory ("Paul Pires")
Re: Best way! (Guy Macon)
PGP bug ([EMAIL PROTECTED])
Re: Serious PGP v5 & v6 bug! (Jonathan Thornburg)
Re: PRNG Test Theory ("Paul Pires")
From: "Greg" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: PGP 6.5.8 test: That's NOT enough !!!
Date: Sun, 27 Aug 2000 02:26:45 +0900
Is this a product for the security concious? :-(
Cheese Whiz. I appologize for my naivete. How silly of me to imagine that
*everybody* knew that half of security is detection. Correct me if I'm
wrong: NAI *is* now billing themselves as a data security company, right? I
guess Phil's earlier experiences lulled me into lowering my guard too much.
It is sad to hear the concientious revert to spin. Did I just hear NAI's
credibility hit the main sewer?
I'm sorry guys. Sorry for all of us.
Wish I had time to do a nice shell for GnuPG.
---
Greg
"Keith" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> -BEGIN PGP SIGNED MESSAGE-
>
>
> On Sat, 26 Aug 2000 12:49:17 +0200, Michel Bouissou
> <8o87bf$p7m$[EMAIL PROTECTED]> wrote:
>
> >Where previous versions would show this key as having an ADK, and use
> >the forged ADK, the "fixed" PGP 6.5.8 shows the forged key as being a
> >normal, valid key, without any ADK.
>
> There is no way for PGP to detect a forged key. That is what a signature
and
> trust values are for. As long as PGP removes and/or doesn't recognize the
> forged ADK on a tampered key, which will lead to the encryption of a file
or
> message to the forged ADK, then that is the proper action.
>
>
>
> -BEGIN PGP SIGNATURE-
> Version: PGPfreeware 6.5.8 for non-commercial use
> Comment: pgp keys available at http://strongsignals.com/pgpkeys.txt
>
> iQEVAwUBOae+QHbKVHAo46vlAQEXhQgAsz6jNjGzBYeaT4Bpu+h1M3kgeHepXFfk
> n86dx+j54MTiUj6y0fkgmtT2CR5Ev/hdqpLlDOdpOD3IoSJ3jFN1P2kZJWepdr+a
> Aj4i1NVvwfrt5OFMtxlPtCr3GXv6e6JiGsTcoIeq5RmFm16BFHh2Zldryv5qfL+R
> 9HxWtMzoWPq5DZbg6+ZflaprV+VsnpPeWkObcFwryq/ZgrS8eXMrAFsQE7YoNJQB
> 5JgB2TXJSLp/tklR3blToA1XjSefbfZwJZ2YJfoq/n+jm1xC1sb+hSwrxiJS6RlK
> u8qgTzkZenIUSXudLk3szp+JG/Cp5gBZaYmGarNpK5VwbplFi+1dBA==
> =8L4/
> -END PGP SIGNATURE-
>
> --
> Best Regards,
>
> Keith
> --
---
> Where do you discover free software for Windows? Strongsignals DOT COM is
a
> great place to start: http://Strongsignals.com "If a man hasn't
discovered
> something that he will die for, he isn't fit to live." --Martin Luther
King, Jr
> --
--
--
From: "Ed Suominen" <[EMAIL PROTECTED]>
Subject: Hey Phil...
Date: Sat, 26 Aug 2000 10:23:45 -0700
=BEGIN PGP SIGNED MESSAGE=
Hash: SHA1
"I'm not about to allow a product with my name on it to have any
secret back doors." - PRZ, PGP v.6.5 User's Guide.
Phil, how about inadvertent back doors from code that was implemented
contrary to the OpenPGP standards to accomodate the corporate
snoopers? (I say this as a disappointed admirer.) See the following
post from Adam Back on the GPG user's listserv, at
http://lists.gnupg.org/gnupg-users-28/msg00218.html
"Amazing, and really unfortunate. Those of us who invested large
amounts of effort in ensuring the ADK subpackets were not included in
the ietf openPGP standard can be pleased we succeeded -- otherwise
gnuPG and other implementations may now also have contributed to this
risk. As it is gnuPG doesn't honor ADK requests, and all the rfc2440
says about them is: 10 = placeholder for backward compatibility"
I'd say it's time to start watching for the release of the GNU
Privacy Assistant instead of just PGP 7.0... (See
http://www.gnupg.org/gpa.html).
Ed Suominen
Registered Patent Agent
Web Site: http://eepatents.com
PGP Public Key: http://eepatents.com/key
=BEGIN PGP SIGNATURE=
Version: PGP Personal Privacy 6.5.3
iQA/AwUBOaf9AamKuMvNCWDGEQJuRQCgofp4yVvggi97w01MGFJo5zgN6FsAoOcs
glThuiIwC+Gt3JPPAMXUzrT+
=77k4
=END PGP SIGNATURE=
--
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: The DeCSS ruling and the big shots
Date: Sat, 26 Aug 2000 17:39:52 GMT
Sundial Services wrote:
> Flawed it may be, but "human nature
Cryptography-Digest Digest #544
Cryptography-Digest Digest #544, Volume #12 Sat, 26 Aug 00 18:13:00 EDT
Contents:
Re: Best way! (Guy Macon)
could someone post public key that is tempered & pgp will not detect it (jungle)
Re: Steganography question (Jani Store)
ZixMail? ("Big Boy Barry")
Re: PRNG Test Theory ([EMAIL PROTECTED])
Re: PGP bug ([EMAIL PROTECTED])
Re: ZixMail? ("Big Boy Barry")
Re: Steganography question (Guy Macon)
Re: PRNG Test Theory ("Paul Pires")
Re: ZixMail? ([EMAIL PROTECTED])
Re: ZixMail? (Jim Gillogly)
Re: New algorithm for the cipher contest ("Alexis Machado")
Re: 7 mil, how this usage of PGP has been calculated ? (those who know me have no
need of my name)
Re: Best way! (those who know me have no need of my name)
R: Test on pseudorandom number generator. ("Cristiano")
R: Test on pseudorandom number generator. ("Cristiano")
Re: New algorithm for the cipher contest ("Scott Fluhrer")
R: Test on pseudorandom number generator. ("Cristiano")
Re: 320-bit Block Cipher (Gregory G Rose)
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Best way!
Date: 26 Aug 2000 19:07:25 GMT
Big Boy Barry wrote:
>
>I am a newbie to encryption. Am I right about PGP being insecure?
>
First, let me give you the 100% accurate answer, then the useful
answer.
The 100% accurate answer:
NOTHING is secure. Everything is either in the "known to be
insecure" or "not known whether it is or isn't secure" class.
Now the useful answer:
Who are you wanting to send secure email to? If you can manage
to give them a secret passphrase without anyone else seeing it,
then there is no known flaw in PGP. If you want to use any system
where you don't physically hand the secret passphrase over, you
are only as safe as the method you used to send it is. If you
choose to use a public key system with no secret passphrase handed
directly to your recipient, yuo will have to either study more and
really understand the issues involved, or wait a while while the
experts in sci.crypt hash it out, then ask for advice on what to
do and follow that advice.
--
From: jungle <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: could someone post public key that is tempered & pgp will not detect it
Date: Sat, 26 Aug 2000 15:16:37 -0400
could someone post public key that is tempered & pgp will not detect it ?
--
From: Jani Store <[EMAIL PROTECTED]>
Subject: Re: Steganography question
Date: Sat, 26 Aug 2000 22:10:10 +0300
Guy Macon wrote:
>
> zapzing wrote:
>
> >And, if your message is encrypted it will be
> >indistinguishable from random numbers. So
> >hiding random numbers in random numbers should
> >not be all that difficult.
>
> There is no requirement that encrypted messages
> look like random numbers. It's a common practice,
> but often not done (especially in the header part).
Ok I'd like to post a follow-up on this. Is there a way to prove that
encryption is used (in england for instance) if I rip the PGP headers
and footers off? Let's assume that the receivers public key is available.
--
SS
--
From: "Big Boy Barry" <[EMAIL PROTECTED]>
Subject: ZixMail?
Date: Sat, 26 Aug 2000 19:29:34 GMT
Is Zixmail safe? Thanks...
--
From: [EMAIL PROTECTED]
Subject: Re: PRNG Test Theory
Date: Sat, 26 Aug 2000 19:23:01 GMT
In article <6rUp5.6797$[EMAIL PROTECTED]>,
"Paul Pires" <[EMAIL PROTECTED]> wrote:
>
> Tim Tyler <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> > [EMAIL PROTECTED] wrote:
> >
> > : Since any PRNG test can tell when a stream of bits is empiracly
random
> > : [...]
> >
> > Hmm. Personally, I'd have phrased it as: "no PRNG test alone is
likely to
> > tell you when a stream of bits is empirically random".
> >
> > If you use every test known to man - and they are all passed - that
might
> > qualify the resulting stream as "empirically random".
> >
> > : that should suggest that any PRNG test can be turned into a PRNG
itself.
> >
> > As you mention you might expect - since PRNG tests aren't designed
for
> > this job - unless you included a whole battery of such tests, the
results
> > would pass that particular test used well, and fail other ones
miserably.
> >
> > I expect using a whole battery of tests would probably result in an
> > extremely slow and cumbersome PRNG.
>
> Yes but there is an interesting question here. Can rejecting Non-
random
> (determined by any means) ever result in random? My Knee jerk
reaction is no
> but I never thought of it that way before.
Which is why I posed it.
Let's build a prng with the runs test, poker test, ones/zero test,
DNA/OPSO test, birthday test, that given 'n' prior bits will output the
better of the two bits. Technically the output must pass all the tests
better then any other output.
For simplicity I would li
Cryptography-Digest Digest #545
Cryptography-Digest Digest #545, Volume #12 Sat, 26 Aug 00 21:13:01 EDT
Contents:
Re: Best way! (Wim Lewis)
Re: PGP bug (Lemon Kairy)
Re: PRNG Test Theory ([EMAIL PROTECTED])
Re: Serious PGP v5 & v6 bug! (Ralf Muschall)
Re: Bytes, chars, and I/O (Mark McIntyre)
Re: wincrypt.h ("Jeffrey Walton")
Re: PRNG Test Theory ("Paul Pires")
Re: 7 mil, how this usage of PGP has been calculated ? (jungle)
Re: PRNG Test Theory ([EMAIL PROTECTED])
Re: Test on pseudorandom number generator. ("Paul Pires")
Re: PRNG Test Theory ("Paul Pires")
Re: Memory usage ("Jeffrey Walton")
New Site, Purple/Enigma/Sigaba/Russia Emulators (Charles Petersen)
From: [EMAIL PROTECTED] (Wim Lewis)
Subject: Re: Best way!
Date: 26 Aug 2000 22:45:00 GMT
In article ,
Big Boy Barry <[EMAIL PROTECTED]> wrote:
>I have read several articles outlining that the government can crack PGP.
>There is no way in denying that. Even if it was rumors, I wouldnt want to
>base all my encryption on rumors. So I am better of using other means of
>encryption other than PGP.
You're basing your encryption on rumors anyway, you know. What makes you
think that what you read here is any more or less reliable than some
random scare piece you didn't fully understand about PGP?
Anyway, PGP (or some other implementation of the same format, such
as GnuPG) is still the most secure thing you're likely to find for
sending email. Understanding key management and the physical security
of your computer is still vital to actual security, though.
--
Wim Lewis * [EMAIL PROTECTED] * Seattle, WA, USA
PGP 0x27F772C1: 0C 0D 10 D5 FC 73 D1 35 26 46 42 9E DC 6E 0A 88
The netcom address will be unreliable after September. Use the address.
--
From: [EMAIL PROTECTED] (Lemon Kairy)
Subject: Re: PGP bug
Date: Sat, 26 Aug 2000 22:48:52 GMT
[EMAIL PROTECTED] wrote:
>A bug has been found in PGP that allows hackers to read
>encrypted messages, the BBC reports.
Do you ever read messages here, or do you just write?
--
"Lemon Kairy" is actually 2751 469038 <[EMAIL PROTECTED]>.
01234 56789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
--
From: [EMAIL PROTECTED]
Subject: Re: PRNG Test Theory
Date: Sat, 26 Aug 2000 22:47:16 GMT
In article ,
"Paul Pires" <[EMAIL PROTECTED]> wrote:
>
> <[EMAIL PROTECTED]> wrote in message
> news:8o95ea$6h3$[EMAIL PROTECTED]...
> > In article
> <6rUp5.6797$[EMAIL PROTECTED]>,
> > "Paul Pires" <[EMAIL PROTECTED]> wrote:
> > >
> > > Tim Tyler <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]...
> > > > [EMAIL PROTECTED] wrote:
> > > >
> > > > : Since any PRNG test can tell when a stream of bits
> is empiracly
> > random
> > > > : [...]
> > > >
> > > > Hmm. Personally, I'd have phrased it as: "no PRNG
> test alone is
> > likely to
> > > > tell you when a stream of bits is empirically random".
> > > >
> > > > If you use every test known to man - and they are all
> passed - that
> > might
> > > > qualify the resulting stream as "empirically random".
> > > >
> > > > : that should suggest that any PRNG test can be turned
> into a PRNG
> > itself.
> > > >
> > > > As you mention you might expect - since PRNG tests
> aren't designed
> > for
> > > > this job - unless you included a whole battery of such
> tests, the
> > results
> > > > would pass that particular test used well, and fail
> other ones
> > miserably.
> > > >
> > > > I expect using a whole battery of tests would probably
> result in an
> > > > extremely slow and cumbersome PRNG.
> > >
> > > Yes but there is an interesting question here. Can
> rejecting Non-
> > random
> > > (determined by any means) ever result in random? My Knee
> jerk
> > reaction is no
> > > but I never thought of it that way before.
> >
> > Which is why I posed it.
> >
> > Let's build a prng with the runs test, poker test,
> ones/zero test,
> > DNA/OPSO test, birthday test, that given 'n' prior bits
> will output the
> > better of the two bits. Technically the output must pass
> all the tests
> > better then any other output.
>
> Let's make it easy. Let's say that you posess a random
> evaluation oracle. "REO" (just made it up). It perfectly
> evaluates the provisional output for randomness. If it's
> choice conforms to randomness, then there is a chance, at
> each step that 1' test better, 0's test better, 1 & 0 are
> both "good" and 1 & 0 are both putrid. The second or third
> condition halts your process since a choice cannot be made.
> So you use a coin flip to pick.
>
> Question: Why didn't you just use the coin flip in the first
> place?
>
> My second problem is that any random source when viewed at a
> certain granularity will occasionally pop out some results
> that look ordered. This is natural. If you feed your gizmo
> truely random input and you re
Cryptography-Digest Digest #546
Cryptography-Digest Digest #546, Volume #12 Sun, 27 Aug 00 02:13:00 EDT
Contents:
Re: Serious PGP v5 & v6 bug! (Hendrik)
RSA Security Conference for 2001 ([EMAIL PROTECTED])
Re: RSA Security Conference for 2001 (David A Molnar)
Re: PGP Bug: A note from Ralf Senderek (Harald Milz)
Re: DeCSS ruling -- More ("Stou Sandalski")
Re: DeCSS ruling -- More ("Stou Sandalski")
Re: RSA Security Conference for 2001 ([EMAIL PROTECTED])
Re: DeCSS ruling -- More (Eric Lee Green)
Re: RSA Security Conference for 2001 (Paul Rubin)
Re: Bytes, chars, and I/O (Richard Heathfield)
Re: PGP 6.5.8 test: That's NOT enough !!! ("David Sternlight")
Re: Destruction of CDs ("Thomas W. Barr")
Re: RSA Security Conference for 2001 (David A Molnar)
Re: RSA Security Conference for 2001 (David A Molnar)
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: Serious PGP v5 & v6 bug!
From: [EMAIL PROTECTED] (Hendrik)
Date: Sun, 27 Aug 2000 12:08:40 +0900
Hi,
Nathan Williams <[EMAIL PROTECTED]> wrote:
[...]
> I'm not sure I agree with that. There is no need for a "enterprise"
> environment to have to use the ADK system to have a key escrow.
There may be a need, but there may be better way to satisfy that need
than using ADK.
> Company policy could simply require that employees use keys furnished
> by the IT or security departments. They would keep copies of both
> keys and of its passphases. Simple solution that allows for the use
> of PGP without adding the complexity( and therefore the added risk)
> of a an ADK.
If someones writes encrypted e-mail on behalf of their employer, then it
stands to reason that they should use a key that their employer can use
as well. But your common sense solution has obviously escaped those who
recently have removed the development of PGP from the scrutiniy of the
pubic peer review process - a bad move if there ever was one.
This whole debacle is a nice example of how "market forces" can screw up
what voluntary, open, public cooperation can do much better. :-)
Hendrik
--
You can reach me by e-mail via "NRF8 at HIZ dot BC dot CA"
--
--
From: [EMAIL PROTECTED]
Subject: RSA Security Conference for 2001
Date: Sun, 27 Aug 2000 03:02:19 GMT
I was wondering what type of qualifications I need to present TC5 to
the Cryptographers Track in 2001?
Has anyone ever applied before? I can't seem to find forms/email
addies on their website relating to the conference.
Thanks,
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: David A Molnar <[EMAIL PROTECTED]>
Subject: Re: RSA Security Conference for 2001
Date: 27 Aug 2000 04:28:36 GMT
[EMAIL PROTECTED] wrote:
> I was wondering what type of qualifications I need to present TC5 to
> the Cryptographers Track in 2001?
I would guess that you just need to submit a paper on TC5, and then
have the paper be sufficiently better than everything else that it is
accepted. With all that implies - i.e. it has to be both a good piece of
research and it has to "fit" with what else is happening at the
conference. Ideally they would do blind reviewing and judge the system
completely on its technical merits. In practice, if any of the reviewers
read sci.crypt, they are likely to recognize the name TC5. :-)
(and come to think of it, I don't know if this conference does blind
reviewing or not) I'm not an expert on this, BTW, nor have I applied
beofre, nor am I on the program committee or anything. take my comments
with a grain of salt.
> Has anyone ever applied before? I can't seem to find forms/email
> addies on their website relating to the conference.
Searching using their search engine popped up this link
http://www.rsasecurity.com/conference/rsa2001/
which in turn points to
http://www.rsasecurity.com/conference/rsa2001/cryptotrack.html
and this page has what looks like complete instructions.
Thanks,
-David
--
From: Harald Milz <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,comp.security.pgp.discuss
Subject: Re: PGP Bug: A note from Ralf Senderek
Date: 26 Aug 2000 22:46:10 GMT
Reply-To: [EMAIL PROTECTED]
In comp.security.pgp.discuss Michel Bouissou <[EMAIL PROTECTED]> wrote:
> "Use PGP-classic in a reliably secure environment." That would be my
> advice if I had 49 characters left on the telegram.
> Ralf Senderek
...
> -BEGIN PGP PUBLIC KEY BLOCK-
> Version: PGPfreeware 6.5.8 for non-commercial use
> Comment: Corrigez le bug PGP ADK. Installez PGP 6.5.8 ou plus recent.
Is it just me, or is that ironic?
--
"50 million potential S/Mime users can't be wrong But they can all be
stupid!"
- Sam Simpson in comp.security.pgp.discuss
--
From: "Stou Sandalski"
Subject: Re: DeCSS ruling -- More
Date: Sat, 26 Aug 2000 21:41:54 -0700
How about somethi
