Cryptography-Digest Digest #562
Cryptography-Digest Digest #562, Volume #12 Tue, 29 Aug 00 04:13:01 EDT Contents: Re: secrets and lies in stores (S. T. L.) Re: New algorithm for the cipher contest (David Hopwood) Re: encryption scheme output - samples table? (David Hopwood) Re: Asymmetric Encryption Algorithms (David Hopwood) Re: "Warn when encrypting to keys with an ADK" (David Hopwood) Re: UNIX Passwords (David Hopwood) Re: Future computing power (Anders Thulin) Re: could someone post public key that is tempered ? (jungle) Re: Steganography vs. Security through Obscurity (Benjamin Goldberg) Re: On pseudo-random permutation (Bryan Olson) Re: On pseudo-random permutation (Markku-Juhani Saarinen) Re: Looking for Book Recommendations ([EMAIL PROTECTED]) From: [EMAIL PROTECTED] (S. T. L.) Date: 29 Aug 2000 05:15:15 GMT Subject: Re: secrets and lies in stores Because it doesn't deny the above. It points this out. Then notes that having a perfect lock is not enough. There is a lot more to security, and the way people think about it, and act in a society which has certain kinds of locks, than the lock itself. So much else that often focusing on the lock alone leads us to miss much larger points. That's what I meant by "hardly relevant. Hmmm. I still don't like the idea of calling any field of mathematics or science hardly relevant, no matter how it fits into society. You could call supersymmetry in particle physics completely irrelevant because it'll never affect society. But that doesn't say anything about how important it is to investigate this area. Same with cryptography. Of course, now I'll have to read this danged book to see what it's all about. Heh. Too little time, too many books. If there's such a thing as too many books, that is. :-P -*---*--- S.T.L. My Quotes Page * http://quote.cjb.net * leads to my NEW site. My upgraded Book Reviews Page: * http://sciencebook.cjb.net * Optimized pngcrush executable now on my Download page! Long live pngcrush! :- -- Date: Tue, 29 Aug 2000 06:38:48 +0100 From: David Hopwood [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Re: New algorithm for the cipher contest =BEGIN PGP SIGNED MESSAGE= Scott Fluhrer wrote: I believe I have a way that, given K[3] (which is the fourth multiplicative key), distinguishes it from randomness with a relatively few amount of chosen plaintexts and effort, and the actual chosen plaintexts do not depend on K[3]. This immediately leads to a method of rederiving K[3] with about O(2**64) effort and circa 100-1000 chosen plaintexts. Drat, beat me to it :-) I was working on exactly the same attack; I'd done the second case for the distinguisher, and was close to working out the first one. - -- David Hopwood [EMAIL PROTECTED] Home page PGP public key: http://www.users.zetnet.co.uk/hopwood/ RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01 Nothing in this message is intended to be legally binding. If I revoke a public key but refuse to specify why, it is because the private key has been seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip =BEGIN PGP SIGNATURE= Version: 2.6.3i Charset: noconv iQEVAwUBOasmtTkCAxeYt5gVAQG4Mgf9Hgnap4TeE8+IhK4yTGYnENF5sRbp52ox Ynrod5UkcDm/3YDcflsFnwo92uHtNrYumCTqUpuPwx9R5Igr4ZcB5of2aoLHcBRB vtA8iNz2mXMdsFo7PkBdZDQLd/1RYk+Su3NdIZBm19g60OUvhThPGJf1ASoXpCy/ MxL/ggwaG2oRpFEqwa4mEfEihQmMAHWUsu7MGXX21+kwHADHfjVJ4gOijYTMUDI8 dqXzpdbMamIFmHM0cD0zZALukn9Zx+96B5U54iRflzQzeKiPc5xNSSQMr+xa570O Qd/uuhloDCLdgD9ZXtE9Jw4/PV5oioWl6LrknzrAJYye1rz99fRBXw== =Y3LY =END PGP SIGNATURE= -- Date: Tue, 29 Aug 2000 06:38:55 +0100 From: David Hopwood [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Re: encryption scheme output - samples table? =BEGIN PGP SIGNED MESSAGE= kihdip wrote: Most encryption schemes result in a bitstream. To be more precise, most modern encryption schemes treat plaintext and ciphertext as streams of octets (8-bit bytes), or occasionally as streams of larger words (e.g. 32 bits). The order of bits within an octet or word is usually not defined. - -- David Hopwood [EMAIL PROTECTED] Home page PGP public key: http://www.users.zetnet.co.uk/hopwood/ RSA 2048-bit; fingerprint 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01 Nothing in this message is intended to be legally binding. If I revoke a public key but refuse to specify why, it is because the private key has been seized under the Regulation of Investigatory Powers Act; see www.fipr.org/rip =BEGIN PGP SIGNATURE= Version: 2.6.3i Charset: noconv iQEVAwUBOasxBjkCAxeYt5gVAQGRQwgAk0DXNEeFse75HCp5GyVRCXhmAlCMi57p Qw75mKHyP2LeK0FccuN+okTRyn0JzKSFVYY63wKK7UUHhySdzdjqkjo6WjCwn6XQ lGlBap2WB4TXVB7Pwm9XDWPC2UVOtqmO+1n90vNSEiBqIeRClf1Ovq7x58cQ0Rb1
Cryptography-Digest Digest #563
Cryptography-Digest Digest #563, Volume #12 Tue, 29 Aug 00 08:13:01 EDT Contents: Re: Patent, Patent is a nightmare, all software patent shuld not be allowed (Sundial Services) Re: Patent, Patent is a nightmare, all software patent shuld not be (Sundial Services) Re: Patent, Patent is a nightmare, all software patent shuld not be allowed (Sundial Services) Re: Future computing power ("Sam Simpson") Re: Looking for Book Recommendations ([EMAIL PROTECTED]) Re: e-cash protocol concept, comments wanted (Ragni Ryvold Arnesen) Re: On pseudo-random permutation (Tim Tyler) Re: Serious PGP v5 v6 bug! (Phil Harrison) Re: "Warn when encrypting to keys with an ADK" (S.R. Heller) Re: Future computing power ([EMAIL PROTECTED]) Re: secrets and lies in stores (Mok-Kong Shen) Re: Bytes, octets, chars, and characters (Richard Bos) [Q] Do you know a good german newsserver for sci.crypt ? (Runu Knips) Re: Looking for Book Recommendations (David A Molnar) Re: Future computing power (Guy Macon) Re: Future computing power (Jeffrey Williams) Re: when does PGP start to support key server (Matt Johnston) Date: Tue, 29 Aug 2000 01:13:03 -0700 From: Sundial Services [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Re: Patent, Patent is a nightmare, all software patent shuld not be allowed Mack wrote: hmm seems to cover most of what PGP servers have done for a while and kerberos and various other methods. wonder when the patent was applied for. It may be facially invalid due to prior art. Thomas Edison once succintly described patents as "a license to steal," although he owned more of them than almost anyone. They are a wonderful lawyer-esque invention, because even after you spend a boatload of legal fees to acquire one, you still have to defend it against all comers, any one of whom could [successfully] claim that (essentially) you or the patent-examiner screwed-up and your claim was invalid from the start .. as Mack essentially suggests here. So a patent provides what is actually a very dubious level of protection, especially in the software business, and it endlessly requires you to "defend it or lose it." The patent examiners simply can't, and don't, affirm that your claim is in fact worth the paper it is printed on. What they say is essentially what you heard in a game of "Clue," namely "I cannot disprove it," which when you think about it is -not- saying terribly much at all. In the very best of circumstances, patent law requires you to COMPLETELY DISCLOSE your invention in exchange for the right to (maybe..) exclude others from using it for a period of many years. That can be awful in the software business because your secrets are fully exposed to competitors who, likely as not, can simply "trump your trick" and have you begging them for a license. Even the slightest change to your algorithm can qualify as an "improvement" which is not only legal -- but blocks you from adopting the improvement in your own implementation! In my not-so-humble I'm-not-a-lawyer opinion, patents were an idea steeped in manufacturing .. and that is where they ought to stay. Computer software is much too close to the direct expression of "ideas" (which are unpatentable) and offer too many alternate ways of expressing the same "idea" (all of which qualify as "prior art" or "improvements" or simply "patent killers" .. and all of which you discover only after the patent has been granted and before you discover that it's worthless). If you're gonna make money with software, you're gonna have to do it by producing an altogether "better product," not by planting stakes around a particular embodiment of a particular idea or trick in your code, disclosing it to the world and proclaiming to all comers that "It's Mine!" I fear that good Mr. Edison was right after all. -- Date: Tue, 29 Aug 2000 01:16:42 -0700 From: Sundial Services [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Re: Patent, Patent is a nightmare, all software patent shuld not be And of course, Mok-Kong, we also know that most of these anaerobic bacteria eat .. umm .. ahh ... that is ... :-) Mok-Kong Shen wrote: [...] there is really a risk of what I mentioned sacarstically long time ago, namely oneday someone will get a patent of how a human being breathes the air and from that point on those who can't afford to pay royalities must find a way of living an-aerobically (there are organisms of that sort). M. K. Shen -- Date: Tue, 29 Aug 2000 01:21:38 -0700 From: Sundial Services [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Re: Patent, Patent is a nightmare, all software patent shuld not be allowed Now they get to start paying the lawyers MORE. First they pay the lawyers to figure out everyone who might have been infringing upon their patent. This
Cryptography-Digest Digest #566
Cryptography-Digest Digest #566, Volume #12 Tue, 29 Aug 00 16:13:01 EDT Contents: Re: Patent, Patent is a nightmare, all software patent shuld not be (Mok-Kong Shen) Re: Idea for creating primes (Mok-Kong Shen) Re: A little technical note about intepreters (Daniel Leonard) Re: [Q] Do you know a good german newsserver for sci.crypt ? ("Duran Castore") Re: I need ADK tampered key that PGP will not detect ADK, on it ... (Rich Wales) Re: RSA n-bit key...is p and q n or is the mod n? ([EMAIL PROTECTED]) Re: RSA n-bit key...is p and q n or is the mod n? (Roger Schlafly) Re: [Q] Do you know a good german newsserver for sci.crypt ? (Mok-Kong Shen) Re: On pseudo-random permutation (wtshaw) Re: 320-bit Block Cipher (Zulfikar Ramzan) Re: [Q] Do you know a good german newsserver for sci.crypt ? (Brian Kraft) Re: Serious PGP v5 v6 bug! ("Nathan Williams") R: Test on pseudorandom number generator. ("Cristiano") R: R: R: Test on pseudorandom number generator. ("Cristiano") R: R: R: Test on pseudorandom number generator. ("Cristiano") Re: Idea for creating primes ([EMAIL PROTECTED]) R: Optimal length of the sieve before a Miller-Rabin test ("Cristiano") R: RSA n-bit key...is p and q n or is the mod n? ("Cristiano") From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Patent, Patent is a nightmare, all software patent shuld not be Date: Tue, 29 Aug 2000 20:51:25 +0200 Sundial Services wrote: [snip] In the very best of circumstances, patent law requires you to COMPLETELY DISCLOSE your invention in exchange for the right to (maybe..) exclude others from using it for a period of many years. That can be awful in the software business because your secrets are fully exposed to competitors who, likely as not, can simply "trump your trick" and have you begging them for a license. Even the slightest change to your algorithm can qualify as an "improvement" which is not only legal -- but blocks you from adopting the improvement in your own implementation! [snip] I wonder in the case in question how much is actually 'disclosed' in the text that one can read on the web page cited. Are there more texts about that patent that one can read? Or are these texts inaccessible to the public? Since the patent apparently has the potential of attacking at the very root of PK applications, if I don't err, we should pay due attention to the issue, I suppose. M. K. Shen http://home.t-online.de/home/mok-kong.shen -- From: Mok-Kong Shen [EMAIL PROTECTED] Subject: Re: Idea for creating primes Date: Tue, 29 Aug 2000 20:51:32 +0200 [EMAIL PROTECTED] wrote: [snip] You can test to see if a number is a genrerator by performing g^(p/q) ! = 1 for various 'q's that divide your testing prime 'p'. [snip] I suspect there is a printing error here. If one knows that there is a q that divides p, then p is certainly not a prime, isn't it? Or how should one properly interpret that phrase above? Thanks. M. K. Shen -- From: Daniel Leonard [EMAIL PROTECTED] Subject: Re: A little technical note about intepreters Date: Tue, 29 Aug 2000 18:44:27 GMT On Tue, 29 Aug 2000, Andrew Carol wrote: In article [EMAIL PROTECTED], Daniel Leonard [EMAIL PROTECTED] wrote: =20 What I told in CS course as TA was that you should put comments as if y= ou would put footpage notes in an article or a book. That are comments in = the code, not function header comments. More often than not, the code speak= s for itself. =20 Code is telling the computer exactly WHAT to do. Comments tells other programmers WHY you did it that way. =20 They might also explain assumptions about external state which MUST be true for the code, as written, to work. =20 There is a huge difference. =20 Anybody who has put significant code away for a year or two and tried to pick it back up. Or taken over someone elses code knows what I'm talking about. =20 If code is written very cleanly, without clever optimisations, the code might speak for itself. =20 The instant you do something "clever", like take advantage of some trick of twos complement math, or a sneaky xor trick, or rely on a subtle side-effect of another routine you've got problems. Even things like assuming you can access unaligned integers is probably worth a comment. =20 Oh well. =20 Well, if you do something clever, as you say, then it worths a footpage note, doesn't iy ? == Daniel L=E9onard OGMP Informatics DivisionE-Mail: [EMAIL PROTECTED] D=E9partement de Biochimie Tel : (514) 343-6111 ext 5149 Universit=E9 de Montr=E9al Fax : (514) 343-2210 Montr=E9al, Quebec Office: Pavillon Principal G-312 Canada H3C 3J7 WWW : -- From: "Duran Castore" [EMAIL PROTECTED] Subject: Re: [Q] Do you know a good german
Cryptography-Digest Digest #567
Cryptography-Digest Digest #567, Volume #12 Tue, 29 Aug 00 18:13:01 EDT Contents: Re: NEWBIE!!! Zodiac killer's encryption... (John C. King) Blowfish IC? ("Richard Sloan") Re: On pseudo-random permutation (David A. Wagner) 4096 BIT RSA Key (No User) Re: A little technical note about intepreters (Andrew Carol) Re: 4096 BIT RSA Key (Tom McCune) Re: I need ADK tampered key that PGP will not detect ADK, on it ... ("David E. Ross") Re: Idea for creating primes (Mok-Kong Shen) Re: Test on pseudorandom number generator. ("Niels J=?ISO-8859-1?B?+A==?=rgen Kruse") Re: [Q] Do you know a good german newsserver for sci.crypt ? ("Jeffrey Walton") Re: R: Test on pseudorandom number generator. (Mok-Kong Shen) Re: A little technical note about intepreters (Mok-Kong Shen) Re: PRNG Test Theory (Tim Tyler) Re: PGP ADK Bug: What we expect from N.A.I. (David Hopwood) Re: Patent, Patent is a nightmare, all software patent shuld not be allowed ("Paul Pires") Re: Patent, Patent is a nightmare, all software patent shuld not be allowed (Terry Ritter) Re: "Warn when encrypting to keys with an ADK" (Björn Persson) Re: Serious PGP v5 v6 bug! (Björn Persson) Re: "Warn when encrypting to keys with an ADK" (Björn Persson) Re: Number theory book ("Dann Corbit") From: John C. King [EMAIL PROTECTED] Subject: Re: NEWBIE!!! Zodiac killer's encryption... Date: Tue, 29 Aug 2000 20:21:13 GMT In article 8oeiu3$3bk$[EMAIL PROTECTED], John C. King [EMAIL PROTECTED] wrote: If anyone knows of any other "solutions" I would like to know. I know of one other book (seems to be self published). It too provides a "solution" which is a result of what Kahn calls "hypercryptanalysis". I'll try to find it and post the book. The book is "Times 17: The Amazing Story of the Zodiac Murders in California and Massachusetts, 1966-1981" by Gareth Penn. It's listed as out-of-print on Amazon.com but isn't worth trying to get unless you want to see some really goofy cryptanalysis. Sent via Deja.com http://www.deja.com/ Before you buy. -- From: "Richard Sloan" [EMAIL PROTECTED] Subject: Blowfish IC? Date: Tue, 29 Aug 2000 20:31:14 GMT Has anyone seen a manufacturer for a Blowfish IC? Richard. -- From: [EMAIL PROTECTED] (David A. Wagner) Crossposted-To: comp.programming Subject: Re: On pseudo-random permutation Date: 29 Aug 2000 13:45:01 -0700 David A. Wagner [EMAIL PROTECTED] wrote: The latter can be done by treating the random bits as the binary expansion of a random real number R in the interval [0,1). A simple strategy is to say that we output the integer i (where 1 = i = n!) if (i-1)/n! = R i/n!. Note that we don't need all the binary digits of R to determine which bucket R falls into; it suffices to know a finite prefix of the binary expansion of R, since (i-1)/n! and i/n! must differ at some bit position of finite index. (Or did I make some stupid mistake?) Uhhh... As others have pointed, that doesn't always terminate in finite time. (Oops.) I apologize for the error, and widthdraw the proposed algorithm. -- Date: Tue, 29 Aug 2000 15:06:39 -0500 From: No User [EMAIL PROTECTED] Subject: 4096 BIT RSA Key How can I make a 4096 bit RSA Key for use in PGP 6.5.8? I tried generating one using the Cybernights Templar 2.6.3 version. But when I import the key into 6.5.8. It says the key is invalid. --- This message did not originate from the Sender address above. It was posted with the use of anonymizing software at http://anon.xg.nu --- -- From: Andrew Carol [EMAIL PROTECTED] Subject: Re: A little technical note about intepreters Date: Tue, 29 Aug 2000 14:07:55 -0700 In article [EMAIL PROTECTED], Daniel Leonard [EMAIL PROTECTED] wrote: Well, if you do something clever, as you say, then it worths a footpage note, doesn't iy ? You are comparing apples and oranges. Foot notes, while often on a minor or side point, are PART of the discourse itself. Comments are ABOUT the item. For example; A "Commentary of the Bible" would contain the text of the bible, but in addition has an independant content which points out things of interest, clarifies difficult points, sets out interesting notes from the translation, etc. It can be as long as the thing it comments on. Footnotes are meant for minor asides which are part of the main theme of the work. Programs are detailed instructions to an unthinking machine. Comments provide a much richer context suitable for humans and meant to provide a background for a maintainer or developer. Having worked on projects with MILLIONS of lines of code, I can assure you that detailed comments in particularly tricky bits of code are a wonderful treasure. I have spent countless hours hand tracing some code which made altogether too many access to global state,
Cryptography-Digest Digest #568
Cryptography-Digest Digest #568, Volume #12 Tue, 29 Aug 00 21:13:00 EDT Contents: Re: Idea for creating primes ([EMAIL PROTECTED]) Re: 4096 BIT RSA Key ([EMAIL PROTECTED]) Re: RSA n-bit key...is p and q n or is the mod n? (Gregory G Rose) Re: Idea for creating primes ("Big Boy Barry") Re: R: R: R: Test on pseudorandom number generator. ("Douglas A. Gwyn") Re: 320-bit Block Cipher (Gregory G Rose) Secure Deletion of Data ("Jeffrey Walton") Re: Serious PGP v5 v6 bug! (Björn Persson) Re: A little technical note about intepreters ("Douglas A. Gwyn") Re: Idea for creating primes ([EMAIL PROTECTED]) Re: A little technical note about intepreters (Andrew Carol) Re: e-cash protocol concept, comments wanted (Julian Morrison) Re: e-cash protocol concept, comments wanted (Julian Morrison) Re: Serious PGP v5 v6 bug! (Shawn Willden) Re: Optimal length of the sieve before a Miller-Rabin test (Bryan Olson) Re: 4096 BIT RSA Key (No User) Schneier's RC 2-Cracking Screen Saver (Champerty) Re: 4096 BIT RSA Key ([EMAIL PROTECTED]) Re: 4096 BIT RSA Key (Steve) Re: R: R: R: Test on pseudorandom number generator. (Terry Ritter) From: [EMAIL PROTECTED] Subject: Re: Idea for creating primes Date: Tue, 29 Aug 2000 21:59:25 GMT In article [EMAIL PROTECTED], Mok-Kong Shen [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: Mok-Kong Shen [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: [snip] You can test to see if a number is a genrerator by performing g^ (p/q) ! = 1 for various 'q's that divide your testing prime 'p'. [snip] I suspect there is a printing error here. If one knows that there is a q that divides p, then p is certainly not a prime, isn't it? Or how should one properly interpret that phrase above? Thanks. Simple typo. You have your list of smaller primes N1, N2, N3 ... then you have the value p' = 2*N1*N2*N3*N4*... Then you have the value p = p' + 1 Sorry for the confusion. You are looking for a value q that divides the value p' Questions: (1) Your g is such that (g,p)=1 and g^p' = 1 and g^s != 1 for all s equal to p' divided by one of its factors? Is that right? Yea, you want to make sure that g doesn't belong to a sub-group. (2) How much do the tests g^s != 1 help in practice (in comparison to omitting these but retaining the other conditions) for the purpose of finding primes? Once you find one g that doesn't belong to any subgroups you know that p is prime. (3) Could some of the factors of p' be equal or must they be distinct? (In the latter case why?) They need only be known, and they must be prime for this to be provably exact. (4) What is the rationale of having the N's of the same magnitude (the same number of bits)? It makes finding real primes easier. All theprime factors of p' must in fact be provably prime for this whole scheme to work. It's easier to find a whole bunch of provable primes if they are smaller. Tom Sent via Deja.com http://www.deja.com/ Before you buy. -- From: [EMAIL PROTECTED] Subject: Re: 4096 BIT RSA Key Date: Tue, 29 Aug 2000 22:00:07 GMT In article [EMAIL PROTECTED], No User [EMAIL PROTECTED] wrote: How can I make a 4096 bit RSA Key for use in PGP 6.5.8? I tried generating one using the Cybernights Templar 2.6.3 version. But when I import the key into 6.5.8. It says the key is invalid. Why on earth are you making RSA keys that big? Tom Sent via Deja.com http://www.deja.com/ Before you buy. -- From: [EMAIL PROTECTED] (Gregory G Rose) Subject: Re: RSA n-bit key...is p and q n or is the mod n? Date: 29 Aug 2000 15:17:18 -0700 In article [EMAIL PROTECTED], John Matzen jmatzen(at)origin(d0t)ea(d0t)com wrote: When one speaks of a 512-bit RSA key, are p and q 512-bits, or is the modulus 512-bits (meaning p and q are 256 bits)? The size of the modulus is what is being referred to. Greg. -- Greg Rose INTERNET: [EMAIL PROTECTED] QUALCOMM AustraliaVOICE: +61-2-9181 4851 FAX: +61-2-9181 5470 Suite 410, Birkenhead Point http://people.qualcomm.com/ggr/ Drummoyne NSW 2047 B5 DF 66 95 89 68 1F C8 EF 29 FA 27 F2 2A 94 8F -- From: "Big Boy Barry" [EMAIL PROTECTED] Subject: Re: Idea for creating primes Date: Tue, 29 Aug 2000 22:17:56 GMT did you patent this? [EMAIL PROTECTED] wrote in message news:8ogq3t$l9f$[EMAIL PROTECTED]... Say you want to make an 'n' bit prime that is some multiple of 128 (I chose this out of my head). What you do is make n/128 128-bit primes as described below then multiply them all together (and multiply by two) then add one. Next using all the known prime factors try to find a primitive generator. If you can find one then you know for a fact that the number
Cryptography-Digest Digest #569
Cryptography-Digest Digest #569, Volume #12 Wed, 30 Aug 00 01:13:00 EDT Contents: Re: Patent, Patent is a nightmare, all software patent shuld not be allowed (qun ying) Re: Serious PGP v5 v6 bug! ("Nathan Williams") Re: The DeCSS ruling (Eric Smith) Re: The DeCSS ruling (Roger Schlafly) Re: Future computing power (David A Molnar) Re: Future computing power (David A Molnar) Re: Best way! (Eric Smith) Re: Destruction of CDs (Eric Smith) Re: PRNG Test Theory ("Trevor L. Jackson, III") Re: The DeCSS ruling (David A. Wagner) Re: "Warn when encrypting to keys with an ADK" (Philip Stromer) Re: Patent, Patent is a nightmare, all software patent shuld not be allowed (John Savard) Re: Best way! (Edward A. Falk) Re: 4096 BIT RSA Key ([EMAIL PROTECTED]) Re: Bytes, octets, chars, and characters (Brian Inglis) From: qun ying [EMAIL PROTECTED] Subject: Re: Patent, Patent is a nightmare, all software patent shuld not be allowed Date: Wed, 30 Aug 2000 02:03:24 GMT In article [EMAIL PROTECTED], Mok-Kong Shen [EMAIL PROTECTED] wrote: I wonder in the case in question how much is actually 'disclosed' in the text that one can read on the web page cited. Are there more texts about that patent that one can read? Or are these texts inaccessible to the public? Since the patent apparently has the potential of attacking at the very root of PK applications, if I don't err, we should pay due attention to the issue, I suppose. M. K. Shen http://home.t-online.de/home/mok-kong.shen The actual patent is not much more than you can see from the web, just a few more diagrams. I get the impression that it is some kind of hotmail services with PKI system. But I don't think that will qualify for the patent. The company also selling products based on the patent. the company's address: http://www.tumbleweed.com/ Sent via Deja.com http://www.deja.com/ Before you buy. -- From: "Nathan Williams" [EMAIL PROTECTED] Crossposted-To: alt.security.pgp,comp.security.pgp.discuss Subject: Re: Serious PGP v5 v6 bug! Date: Wed, 30 Aug 2000 02:17:45 GMT =BEGIN PGP SIGNED MESSAGE= Hash: SHA1 No it doesn't. Reread my post Shawn. The "master" KEY is SPLIT!!! No one person could decrypt and use the stored keys. "Shawn Willden" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... No, this solution is far worse than the ADK solution. This solution gives someone else control of your private key, meaning they can impersonate you. This scenario allows a tie-dyed, sockless, ponytailed, late-to-work-every-day geek who hasn't been fired yet only because HR isn't sure they could find a replacement in this unbelievably tight technical-labor market to impersonate the CEO; not a good idea. [Nothing against tie-dye, ponytails, Tevas or going to work late, BTW; I fit that profile whenever possible.] Really, there is no weakness created by an ADK in a proper implementation. The only "badness" about ADKs in general is that they create yet another opportunity for making mistakes. But then *any* key escrow solution creates another opportunity for error. IMO, ADKs are a reasonable solution, as long as they are properly authenticated (part of the signed public key package). Shawn. =BEGIN PGP SIGNATURE= Version: PGP 6.5.8 iQA/AwUBOaxugd8G10zX/RREEQJdJACferMr1c1UW2brQ0Sflf39Iyb2Bw8AoPRl WNRGF+eeSyEbIE3nPLY4jdPO =T15t =END PGP SIGNATURE= -- From: Eric Smith [EMAIL PROTECTED] Subject: Re: The DeCSS ruling Date: 29 Aug 2000 19:20:36 -0700 "Trevor L. Jackson, III" [EMAIL PROTECTED] writes: Does a security system that publishes the cipher key count as copy protection? Calling it copy protection does not make it copy protection. US Code, Title 17, Chapter 12, Section 1201 (b)(2)(B) sets the legal standard: a technological measure `effectively protects a right of a copyright owner under this title' if the measure, in the ordinary course of its operation, prevents, restricts, or otherwise limits the exercise of a right of a copyright owner under this title. -- From: Roger Schlafly [EMAIL PROTECTED] Subject: Re: The DeCSS ruling Date: Tue, 29 Aug 2000 19:27:32 -0700 Eric Smith wrote: US Code, Title 17, Chapter 12, Section 1201 (b)(2)(B) sets the legal standard: a technological measure `effectively protects a right of a copyright owner under this title' if the measure, in the ordinary course of its operation, prevents, restricts, or otherwise limits the exercise of a right of a copyright owner under this title. The word "effectively" is the interesting one. The whole purpose is to give legal protection to broken schemes. The unbroken schemes do not need protection.