Cryptography-Digest Digest #643
Cryptography-Digest Digest #643, Volume #12 Sat, 9 Sep 00 22:13:00 EDT
Contents:
Re: Intel's 1.13 MHZ chip (Guy Macon)
Re: Security of whitening alone? ("Alexis Machado")
SV: Intel's 1.13 MHZ chip ("Morten Ostberg")
Re: ExCSS Source Code (Eric Lee Green)
Re: ExCSS Source Code (Eric Lee Green)
Re: Intel's 1.13 MHZ chip ("Abyssmal_Unit_#3")
Re: RSA?? ("Abyssmal_Unit_#3")
Re: Intel's 1.13 MHZ chip (S. T. L.)
Re: ExCSS Source Code (Anonymous)
RSA Patent -- Were they entitled to it? ("Aztech")
Re: RSA Patent -- Were they entitled to it? (Larry Kilgallen)
Re: RSA Patent -- Were they entitled to it? ("Aztech")
Re: Carnivore article in October CACM _Inside_Risks ("dog7")
Re: RSA Patent -- Were they entitled to it? (Bill Unruh)
Re: Bytes, octets, chars, and characters ("Dik T. Winter")
Re: blowfish problem ("Dik T. Winter")
Re: SV: Intel's 1.13 MHZ chip (John Savard)
RC5-SAFE? - SAFEBOOT ("lala")
Re: RSA Patent -- Were they entitled to it? (Jim Gillogly)
Re: SV: Intel's 1.13 MHZ chip (S. T. L.)
Carnivore -> Fluffy Bunny? (Jim Gillogly)
From: [EMAIL PROTECTED] (Guy Macon)
Subject: Re: Intel's 1.13 MHZ chip
Date: 09 Sep 2000 21:31:23 GMT
Mok-Kong Shen wrote:
>
>Sorry, please replace MHZ by GHZ.
Good start. Now replace GHZ with GHz.
--
From: "Alexis Machado" <[EMAIL PROTECTED]>
Subject: Re: Security of whitening alone?
Date: Sat, 9 Sep 2000 18:41:53 -0300
"Andru Luvisi" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> Assuming one has a well known good random transformation, for example
> DES encryption with a well known key, what attacks can you see against
> the following algorithm?
>
> Let p(x) be the transformation. Let q(x) be the inverse transformation.
> Let the 128 bit key k have a left part, l, and a right part r.
> ^ means xor.
>
> E_k(x) = p(x^l)^r
> D_k(y) = q(x^r)^l
>
Some questions:
1) "D_k(y)" is a function of "y" ? If so, why "y" doesn't appear in the
function definition ?
2) "x" and "y" are the two halfs of a 128-bit plaintext ?
--
From: "Morten Ostberg" <[EMAIL PROTECTED]>
Subject: SV: Intel's 1.13 MHZ chip
Date: Sat, 9 Sep 2000 23:47:09 +0200
Guy Macon <[EMAIL PROTECTED]> skrev i
diskussionsgruppsmeddelandet:8pea7b$[EMAIL PROTECTED]
> >Sorry, please replace MHZ by GHZ.
>
> Good start. Now replace GHZ with GHz.
Whats your problem ???
I perfectly understood his first posting, wich btw was very interesting!
For f--k sake, get a life!
--
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: ExCSS Source Code
Date: Sat, 09 Sep 2000 15:58:34 -0700
Reply-To: [EMAIL PROTECTED]
Ichinin wrote:
> CSS does NOT protect against copying, you can still copy a DVD
> just as easy as a paper, since the decryption keys are copied
> as well when you copy the DVD data from one medium to another,
> which allows for proper playback in any cd = CSS is bullocks!
I believe that the decryption keys can only be retrieved via a special command
to the hardware, i.e., they are NOT read from the first sectors using the
normal SCSI or IDE READ() command, and do NOT show up on the sector map. In
addition, writable media has the section of media used for the decryption keys
mapped to system WOM (Write Only Memory :-).
> It's only EFFECTIVE MEASURABLE property is the region codes.
True, since pirates don't do byte-by-byte copies to writable media anyhow.
Most pirate copies of DVDs are actually made on the exact same equipment that
makes the "legit" copies, sometimes even in the exact same factories. Amazing,
what a little bribery of factory managers being paid $8 per week will get you
:-).
> (And again... DMCA is VOID outside the US.)
Err, the U.S. has a million men in uniform and billions of dollars in
expensive military hardware that say different. Or as Earl K. Long, former
governor of Louisiana, once said in exasperation when his legislature urged
him to defy an edict of the U.S. government, "Goddammit, we're talking about
the government of the U.S. of A. here, they got the goddamn ATOMIC BOMB!". If
your country refuses to enforce the DMCA, they will shortly be corrected
(unless their name is China). Remember, we're talking about the same rogue
nation that invaded a sovereign country, arrested its leader, and hauled him
off to Miami to jail him because he refused to kow-tow to his former CIA
comptrollers the same rogue nation that willfully and with disdain has
ignored every treaty it has ever made with sovereign native American
nations... the same rogue nation that is currently in default by BILLIONS of
dollars in its dues to the United Nations (which a treaty says it is required
to pay, but hey, we're the U.S. of A., we got the atomic bomb and the cruise
missile, we don't need to obey no steenkin' law...)...
--
Eric Lee Green [EMAIL PR
Cryptography-Digest Digest #642
Cryptography-Digest Digest #642, Volume #12 Sat, 9 Sep 00 17:13:01 EDT
Contents:
Re: Intel's 1.13 MHZ chip (Mok-Kong Shen)
Re: Intel's 1.13 MHZ chip ("m.a.jones01")
Re: RSA patent expiration party still on for the 20th (Rich Wales)
Re: security warning -- "www.etradebank.com" (Neil Y. Kramo)
R: PRNG ("Cristiano")
Re: Intel's 1.13 MHZ chip (Neil Y. Kramo)
Re: Losing AES Candidates Could Be a Good Bet? (SCOTT19U.ZIP_GUY)
Re: could you please tell me how this calculation has been obtained ? ("Nathan
Williams")
Re: PRNG ("Paul Pires")
Re: Carnivore article in October CACM _Inside_Risks (Anonymous)
Re: RSA?? (Bill Unruh)
DCSB: RSA Expiration Fundraiser for EFF, Downtown Harvard Club of Boston (Robert
Hettinga)
Re: PRNG (Terry Ritter)
Re: on a ligher note... ("Cheri & Mike Jackmin")
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Intel's 1.13 MHZ chip
Date: Sat, 09 Sep 2000 18:24:17 +0200
Sorry, please replace MHZ by GHZ.
M. K. Shen
--
From: "m.a.jones01" <[EMAIL PROTECTED]>
Subject: Re: Intel's 1.13 MHZ chip
Date: Sat, 9 Sep 2000 17:16:08 +0100
Wow, 1.13Mhz Pentiums. Suddenly, I feel really lucky that I own a 500Mhz
Pentium ...
Mok-Kong Shen <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
>
> Intel has launched a call-back of its 1.13 MHZ Pentium III,
> leaving currently AMD's 1.1 MHZ Athlon at the head of the
> line.
>
> This shows once again that in information processing there
> is much more to be worried about than algorithmics alone.
> Compatibility of hardware/software of the communication
> partners needs to be assured and diverse forms of
> redundancy may be called for in certain critical
> applications. I guess that such issues are no less
> important than questions like whether the opponent
> can obtain the 2^m pairs of plaintext and ciphertext
> (m sufficiently large) which the theory shows is
> sufficient/necessary for him to get the key.
>
> M. K. Shen
--
From: [EMAIL PROTECTED] (Rich Wales)
Subject: Re: RSA patent expiration party still on for the 20th
Date: 9 Sep 2000 16:16:02 -
"No User" wrote:
> Keeping the invention internal and unproductive
> for the term of the patent is not enough to claim
> the experimental use defense;
If this is true, what implications might it have on the use in the
US of the following:
==> RSA code which was written outside the US, and intended at the
time only for use outside the US?
==> PGP 2.6.3ia or other software using Phil Zimmermann's MPILIB
code, which was written in the US in the 1980's?
Rich Wales [EMAIL PROTECTED] http://www.webcom.com/richw/
PGP 2.6+ key generated 2000-08-26; all previous encryption keys REVOKED.
RSA, 2048 bits, ID 0xFDF8FC65, print 2A67F410 0C740867 3EF13F41 528512FA
--
From: [EMAIL PROTECTED] (Neil Y. Kramo)
Subject: Re: security warning -- "www.etradebank.com"
Date: Sat, 09 Sep 2000 17:51:17 GMT
"Harvey Rook" <[EMAIL PROTECTED]> wrote:
>-When you call in you must know some personal information
>(SSN/Address/Mothers Madden Name/Amount of last deposit or withdrawal )
Although I'm sure many people actually DO give their mother's real maiden
name, it's important to remember that you can give any name that you like
in response to this naive question, so long as you don't later forget what
you said. I generally give a different "mother's maiden name" for each
request that I get, and I make a side note to be skeptical of the security
policies of the company that asked.
--
"Neil Y. Kramo" is actually 8251 074396 <[EMAIL PROTECTED]>.
0123 4 56789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.com.
--
From: "Cristiano" <[EMAIL PROTECTED]>
Subject: R: PRNG
Date: Sat, 9 Sep 2000 19:42:28 +0200
> [EMAIL PROTECTED] (S. T. L.) wrote:
> > /* DIEHARDC ok (no 0.00 no 1.00) */
> >
> > This is not the way to interpret DieHard results.
>
> Technically there is no valid way to interpret DH results...
You too do you think Diehard give "strange" result?
I my many and many tests Diehard seems not to give p-values very
understandable.
Cristiano
--
From: [EMAIL PROTECTED] (Neil Y. Kramo)
Subject: Re: Intel's 1.13 MHZ chip
Date: Sat, 09 Sep 2000 17:59:44 GMT
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>Intel has launched a call-back of its 1.13 MHZ Pentium III,
>leaving currently AMD's 1.1 MHZ Athlon at the head of the
>line.
Don't those idiots realize that there are processors today that are a
thousand times faster? What were they thinking?
--
"Neil Y. Kramo" is actually 8251 074396 <[EMAIL PROTECTED]>.
0123 4 56789 <- Use this key to decode my email address and name.
Play Five by Five Poker at http://www.5X5poker.co
Cryptography-Digest Digest #641
Cryptography-Digest Digest #641, Volume #12 Sat, 9 Sep 00 12:13:01 EDT
Contents:
Re: ExCSS Source Code (Ichinin)
Re: RSA?? ([EMAIL PROTECTED])
Re: PRNG ([EMAIL PROTECTED])
We perform a comprehensive analysis of practical quantum cryptography (QC) (John
Bailey)
Re: RSA?? ("Big Boy Barry")
Re: Losing AES Candidates Could Be a Good Bet? (SCOTT19U.ZIP_GUY)
Re: Losing AES Candidates Could Be a Good Bet? ([EMAIL PROTECTED])
Re: RSA?? ([EMAIL PROTECTED])
Scottu19 Broken ([EMAIL PROTECTED])
Re: Camellia, a competitor of AES ? (Samuel Paik)
Re: Scottu19 Broken (John Savard)
Re: Losing AES Candidates Could Be a Good Bet? (John Savard)
Re: Known Plain Text Attack (Mack)
Re: Losing AES Candidates Could Be a Good Bet? ([EMAIL PROTECTED])
Re: Bytes, octets, chars, and characters (Chris Rutter)
Re: Bytes, octets, chars, and characters (Chris Rutter)
Re: blowfish problem (Chris Rutter)
Re: Security of whitening alone? (David A. Wagner)
Re: Scottu19 Broken ([EMAIL PROTECTED])
Re: How weak is the encryption in the old NORTON NAVIGATOR (NORTON FILE MANAGER)
(Mack)
Intel's 1.13 MHZ chip (Mok-Kong Shen)
Re: blowfish problem (Larry Weiss)
Re: How weak is the encryption in the old NORTON NAVIGATOR (NORTON FILE MANAGER)
(JPeschel)
Re: Known Plain Text Attack (Terry Ritter)
Re: Losing AES Candidates Could Be a Good Bet? (Mok-Kong Shen)
From: Ichinin <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Subject: Re: ExCSS Source Code
Date: Sat, 09 Sep 2000 02:13:09 +0200
Wim Lewis wrote:
> I don't know why you think that what I wrote suggests what you
> wrote. The DMCA prohibits the circumvention of "technological
> protection measures", which CSS is argued to be, regardless of
> distribution, regardless of what it's used for[1]. I believe
> that the DMCA also outlaws distributing information about how
> to circumvent TPMs, which also covers DeCSS.
CSS does NOT protect against copying, you can still copy a DVD
just as easy as a paper, since the decryption keys are copied
as well when you copy the DVD data from one medium to another,
which allows for proper playback in any cd = CSS is bullocks!
It's only EFFECTIVE MEASURABLE property is the region codes.
Regards,
Glenn
(.SE)
(And again... DMCA is VOID outside the US.)
--
From: [EMAIL PROTECTED]
Subject: Re: RSA??
Date: Sat, 09 Sep 2000 11:36:32 GMT
In article ,
"Big Boy Barry" <[EMAIL PROTECTED]> wrote:
> Is RSA encryption unsecure? I know nothing is 100% secure... but I
would
> like your opinion on RSA?
Um, no to the best of my knowledge when used correctly RSA is still
considered secure.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: [EMAIL PROTECTED]
Subject: Re: PRNG
Date: Sat, 09 Sep 2000 11:37:36 GMT
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (S. T. L.) wrote:
> /* DIEHARDC ok (no 0.00 no 1.00) */
>
> This is not the way to interpret DieHard results.
Technically there is no valid way to interpret DH results...
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: [EMAIL PROTECTED] (John Bailey)
Subject: We perform a comprehensive analysis of practical quantum cryptography (QC)
Date: Sat, 09 Sep 2000 12:36:18 GMT
MITRE TECHNICAL REPORT
Practical Quantum Cryptography: A Comprehensive Analysis
by G. Gilbert and M. Hamrick
September 2000
http://xyz.lanl.gov/abs/quant-ph/0009027
should be of interest.
(quoting from the abstract)
We perform a comprehensive analysis of practical quantum cryptography
(QC)systems implemented in actual physical environments
(1) We obtain the complete universal expressions for the effective
secrecy capacity and rate for QC systems
(2) We perform for the first time a detailed, explicit analysis of all
systems losses due to and errors and noises.
(3) We calculate for the first time all system load costs associated
to classical communication and computational constraints that are
ancillary to, but essential for carrying out, the pure QC protocol
itself.
(4) We introduce an extended family of generalizations of the
Bennett-Brassard (BB84) QC protocol that equally provide unconditional
secrecy .(BB84 = C.H. Bennett and G. Brassard, in Proc. IEEE Int.
Conference on Computers, Systems and Signal Processing, IEEE Press,
New York (1984))
(5) We obtain universal predictions for maximal rates that can be
achieved with practical system designs
(end quote)
Quantum Communications (not computing )sounds like its ready for prime
time. (No pun intended)
John
--
From: "Big Boy Barry" <[EMAIL PROTECTED]>
Subject: Re: RSA??
Date: Sat, 09 Sep 2000 12:39:43 GMT
Can any government in the world crack it?
<[EMAIL PROTECTED]> wrote in message news:8pd7c1$ck6$[EMAIL PROTECTED]...
> In article ,
> "Big Boy Barry" <[EMAIL PROTECTED]> wrote:
> >
Cryptography-Digest Digest #640
Cryptography-Digest Digest #640, Volume #12 Sat, 9 Sep 00 06:13:00 EDT
Contents:
Re: Security of whitening alone? ([EMAIL PROTECTED])
Re: RSA patent expiration party still on for the 20th (Paul Rubin)
Re: Carnivore article in October CACM _Inside_Risks (No User)
Re: ExCSS Source Code (Wim Lewis)
Re: could you please tell me how this calculation has been obtained ? (Your Name)
Re: could you please tell me how this calculation has been obtained ? (Your Name)
Re: Security of whitening alone? ("Scott Fluhrer")
Re: ExCSS Source Code (Bill Unruh)
Re: How weak is the encryption in the old NORTON NAVIGATOR (NORTON FILE MANAGER)
(nym_test)
RSA?? ("Big Boy Barry")
Re: ExCSS Source Code ("John A. Malley")
could you please tell me how this calculation has been obtained ? 3rd (jungle)
Re: Losing AES Candidates Could Be a Good Bet? (Mok-Kong Shen)
Re: Camellia, a competitor of AES ? (Mok-Kong Shen)
Re: Camellia, a competitor of AES ? (David A Molnar)
Re: could you please tell me how this calculation has been obtained ? (Mok-Kong
Shen)
Re: Losing AES Candidates Could Be a Good Bet? (Chris Rutter)
From: [EMAIL PROTECTED]
Subject: Re: Security of whitening alone?
Date: Sat, 09 Sep 2000 00:57:05 GMT
In article <[EMAIL PROTECTED]>,
Andru Luvisi <[EMAIL PROTECTED]> wrote:
>
> Assuming one has a well known good random transformation, for example
> DES encryption with a well known key, what attacks can you see against
> the following algorithm?
>
> Let p(x) be the transformation. Let q(x) be the inverse
transformation.
> Let the 128 bit key k have a left part, l, and a right part r.
> ^ means xor.
>
> E_k(x) = p(x^l)^r
> D_k(y) = q(x^r)^l
>
> In other words, the key is *only* used for whitening before and after
> applying the transformation.
Since the key in the rounds is known differential cryptanalysis is much
easier I would think. Perhaps I am wrong. But if you get the right
difference into the last round 'r' will be easy to find in the
encryption direction and 'l' in the decryption direction.
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
--
From: [EMAIL PROTECTED] (Paul Rubin)
Subject: Re: RSA patent expiration party still on for the 20th
Date: 9 Sep 2000 01:38:04 GMT
In article <[EMAIL PROTECTED]>,
No User <[EMAIL PROTECTED]> wrote:
>Keeping the invention internal and unproductive for the term of the
>patent is not enough to claim the experimental use defense; if you
>were actually trying to develop a product for later public release (as
>opposed to merely playing around to see if you could get the invention
>to work), the courts would probably regard that as infringement.
I seem to remember that a lot of phone companies used step by step
(SXS) switches while waiting for the crossbar phone switch patent to
expire. When the crossbar patent finally did expire, SXS exchanges
cut over to crossbar switches en masse. So I think there must have
been some pre-expiration development going on. Anyone know more?
--
Date: Fri, 8 Sep 2000 19:55:32 -0500
From: No User <[EMAIL PROTECTED]>
Subject: Re: Carnivore article in October CACM _Inside_Risks
>>> Why wouldn't the ISPs just unplug Carnivore, reboot, and
>>> tell the FBI that they'll plug it back in when it works?
>>
>> Because anybody who did so would immediately be thrown in jail for
>> violating a court order.
>
> A "court order" that dictates inclusion of foreign software
> into one's core business system should never be complied with
> in the first place. Do "court orders" require that automobile
> manufacturers install FBI-created mechanical boxes in drive
> trains? It would be absurd.
Attention cave-dweller: the feds require all types of things installed
in all sorts of products foisted upon unwary public. CALEA requires
telcos to build LEO-access directly into their CO switch fabric for ease
of wiretapping conventional switched-circuit conversations. Carnivore and
the laws governing its use achieve the same goal for ISPs and packetized
info. E911 requires wireless communications service providers to build in
cellphone-locating ability into their systems. And of course there's ECHELON.
Carnivore is simply another facet of govt's tireless quest to create a
pervasive total surveillance system - if you talk on a hardwired phone line,
you can be tapped with a flick of a switch. If you talk on a cell phone you
can be both tapped AND pinpointed. If you send an email it can be snatched.
Got a new driver's license lately? - if so your photo has been digitized and
stored in a state database linked to all other states' databases for instant
access by the feds to comb over with facial-recognition software.
But using your strictly Clintoneque lawyerspeak language, you are correct.
"Court orders" do not require these things be built into a companys product -
either law
