Cryptography-Digest Digest #643
Cryptography-Digest Digest #643, Volume #12 Sat, 9 Sep 00 22:13:00 EDT Contents: Re: Intel's 1.13 MHZ chip (Guy Macon) Re: Security of whitening alone? ("Alexis Machado") SV: Intel's 1.13 MHZ chip ("Morten Ostberg") Re: ExCSS Source Code (Eric Lee Green) Re: ExCSS Source Code (Eric Lee Green) Re: Intel's 1.13 MHZ chip ("Abyssmal_Unit_#3") Re: RSA?? ("Abyssmal_Unit_#3") Re: Intel's 1.13 MHZ chip (S. T. L.) Re: ExCSS Source Code (Anonymous) RSA Patent -- Were they entitled to it? ("Aztech") Re: RSA Patent -- Were they entitled to it? (Larry Kilgallen) Re: RSA Patent -- Were they entitled to it? ("Aztech") Re: Carnivore article in October CACM _Inside_Risks ("dog7") Re: RSA Patent -- Were they entitled to it? (Bill Unruh) Re: Bytes, octets, chars, and characters ("Dik T. Winter") Re: blowfish problem ("Dik T. Winter") Re: SV: Intel's 1.13 MHZ chip (John Savard) RC5-SAFE? - SAFEBOOT ("lala") Re: RSA Patent -- Were they entitled to it? (Jim Gillogly) Re: SV: Intel's 1.13 MHZ chip (S. T. L.) Carnivore -> Fluffy Bunny? (Jim Gillogly) From: [EMAIL PROTECTED] (Guy Macon) Subject: Re: Intel's 1.13 MHZ chip Date: 09 Sep 2000 21:31:23 GMT Mok-Kong Shen wrote: > >Sorry, please replace MHZ by GHZ. Good start. Now replace GHZ with GHz. -- From: "Alexis Machado" <[EMAIL PROTECTED]> Subject: Re: Security of whitening alone? Date: Sat, 9 Sep 2000 18:41:53 -0300 "Andru Luvisi" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]... > > Assuming one has a well known good random transformation, for example > DES encryption with a well known key, what attacks can you see against > the following algorithm? > > Let p(x) be the transformation. Let q(x) be the inverse transformation. > Let the 128 bit key k have a left part, l, and a right part r. > ^ means xor. > > E_k(x) = p(x^l)^r > D_k(y) = q(x^r)^l > Some questions: 1) "D_k(y)" is a function of "y" ? If so, why "y" doesn't appear in the function definition ? 2) "x" and "y" are the two halfs of a 128-bit plaintext ? -- From: "Morten Ostberg" <[EMAIL PROTECTED]> Subject: SV: Intel's 1.13 MHZ chip Date: Sat, 9 Sep 2000 23:47:09 +0200 Guy Macon <[EMAIL PROTECTED]> skrev i diskussionsgruppsmeddelandet:8pea7b$[EMAIL PROTECTED] > >Sorry, please replace MHZ by GHZ. > > Good start. Now replace GHZ with GHz. Whats your problem ??? I perfectly understood his first posting, wich btw was very interesting! For f--k sake, get a life! -- From: Eric Lee Green <[EMAIL PROTECTED]> Subject: Re: ExCSS Source Code Date: Sat, 09 Sep 2000 15:58:34 -0700 Reply-To: [EMAIL PROTECTED] Ichinin wrote: > CSS does NOT protect against copying, you can still copy a DVD > just as easy as a paper, since the decryption keys are copied > as well when you copy the DVD data from one medium to another, > which allows for proper playback in any cd = CSS is bullocks! I believe that the decryption keys can only be retrieved via a special command to the hardware, i.e., they are NOT read from the first sectors using the normal SCSI or IDE READ() command, and do NOT show up on the sector map. In addition, writable media has the section of media used for the decryption keys mapped to system WOM (Write Only Memory :-). > It's only EFFECTIVE MEASURABLE property is the region codes. True, since pirates don't do byte-by-byte copies to writable media anyhow. Most pirate copies of DVDs are actually made on the exact same equipment that makes the "legit" copies, sometimes even in the exact same factories. Amazing, what a little bribery of factory managers being paid $8 per week will get you :-). > (And again... DMCA is VOID outside the US.) Err, the U.S. has a million men in uniform and billions of dollars in expensive military hardware that say different. Or as Earl K. Long, former governor of Louisiana, once said in exasperation when his legislature urged him to defy an edict of the U.S. government, "Goddammit, we're talking about the government of the U.S. of A. here, they got the goddamn ATOMIC BOMB!". If your country refuses to enforce the DMCA, they will shortly be corrected (unless their name is China). Remember, we're talking about the same rogue nation that invaded a sovereign country, arrested its leader, and hauled him off to Miami to jail him because he refused to kow-tow to his former CIA comptrollers the same rogue nation that willfully and with disdain has ignored every treaty it has ever made with sovereign native American nations... the same rogue nation that is currently in default by BILLIONS of dollars in its dues to the United Nations (which a treaty says it is required to pay, but hey, we're the U.S. of A., we got the atomic bomb and the cruise missile, we don't need to obey no steenkin' law...)... -- Eric Lee Green [EMAIL PR
Cryptography-Digest Digest #642
Cryptography-Digest Digest #642, Volume #12 Sat, 9 Sep 00 17:13:01 EDT Contents: Re: Intel's 1.13 MHZ chip (Mok-Kong Shen) Re: Intel's 1.13 MHZ chip ("m.a.jones01") Re: RSA patent expiration party still on for the 20th (Rich Wales) Re: security warning -- "www.etradebank.com" (Neil Y. Kramo) R: PRNG ("Cristiano") Re: Intel's 1.13 MHZ chip (Neil Y. Kramo) Re: Losing AES Candidates Could Be a Good Bet? (SCOTT19U.ZIP_GUY) Re: could you please tell me how this calculation has been obtained ? ("Nathan Williams") Re: PRNG ("Paul Pires") Re: Carnivore article in October CACM _Inside_Risks (Anonymous) Re: RSA?? (Bill Unruh) DCSB: RSA Expiration Fundraiser for EFF, Downtown Harvard Club of Boston (Robert Hettinga) Re: PRNG (Terry Ritter) Re: on a ligher note... ("Cheri & Mike Jackmin") From: Mok-Kong Shen <[EMAIL PROTECTED]> Subject: Re: Intel's 1.13 MHZ chip Date: Sat, 09 Sep 2000 18:24:17 +0200 Sorry, please replace MHZ by GHZ. M. K. Shen -- From: "m.a.jones01" <[EMAIL PROTECTED]> Subject: Re: Intel's 1.13 MHZ chip Date: Sat, 9 Sep 2000 17:16:08 +0100 Wow, 1.13Mhz Pentiums. Suddenly, I feel really lucky that I own a 500Mhz Pentium ... Mok-Kong Shen <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]... > > Intel has launched a call-back of its 1.13 MHZ Pentium III, > leaving currently AMD's 1.1 MHZ Athlon at the head of the > line. > > This shows once again that in information processing there > is much more to be worried about than algorithmics alone. > Compatibility of hardware/software of the communication > partners needs to be assured and diverse forms of > redundancy may be called for in certain critical > applications. I guess that such issues are no less > important than questions like whether the opponent > can obtain the 2^m pairs of plaintext and ciphertext > (m sufficiently large) which the theory shows is > sufficient/necessary for him to get the key. > > M. K. Shen -- From: [EMAIL PROTECTED] (Rich Wales) Subject: Re: RSA patent expiration party still on for the 20th Date: 9 Sep 2000 16:16:02 - "No User" wrote: > Keeping the invention internal and unproductive > for the term of the patent is not enough to claim > the experimental use defense; If this is true, what implications might it have on the use in the US of the following: ==> RSA code which was written outside the US, and intended at the time only for use outside the US? ==> PGP 2.6.3ia or other software using Phil Zimmermann's MPILIB code, which was written in the US in the 1980's? Rich Wales [EMAIL PROTECTED] http://www.webcom.com/richw/ PGP 2.6+ key generated 2000-08-26; all previous encryption keys REVOKED. RSA, 2048 bits, ID 0xFDF8FC65, print 2A67F410 0C740867 3EF13F41 528512FA -- From: [EMAIL PROTECTED] (Neil Y. Kramo) Subject: Re: security warning -- "www.etradebank.com" Date: Sat, 09 Sep 2000 17:51:17 GMT "Harvey Rook" <[EMAIL PROTECTED]> wrote: >-When you call in you must know some personal information >(SSN/Address/Mothers Madden Name/Amount of last deposit or withdrawal ) Although I'm sure many people actually DO give their mother's real maiden name, it's important to remember that you can give any name that you like in response to this naive question, so long as you don't later forget what you said. I generally give a different "mother's maiden name" for each request that I get, and I make a side note to be skeptical of the security policies of the company that asked. -- "Neil Y. Kramo" is actually 8251 074396 <[EMAIL PROTECTED]>. 0123 4 56789 <- Use this key to decode my email address and name. Play Five by Five Poker at http://www.5X5poker.com. -- From: "Cristiano" <[EMAIL PROTECTED]> Subject: R: PRNG Date: Sat, 9 Sep 2000 19:42:28 +0200 > [EMAIL PROTECTED] (S. T. L.) wrote: > > /* DIEHARDC ok (no 0.00 no 1.00) */ > > > > This is not the way to interpret DieHard results. > > Technically there is no valid way to interpret DH results... You too do you think Diehard give "strange" result? I my many and many tests Diehard seems not to give p-values very understandable. Cristiano -- From: [EMAIL PROTECTED] (Neil Y. Kramo) Subject: Re: Intel's 1.13 MHZ chip Date: Sat, 09 Sep 2000 17:59:44 GMT Mok-Kong Shen <[EMAIL PROTECTED]> wrote: >Intel has launched a call-back of its 1.13 MHZ Pentium III, >leaving currently AMD's 1.1 MHZ Athlon at the head of the >line. Don't those idiots realize that there are processors today that are a thousand times faster? What were they thinking? -- "Neil Y. Kramo" is actually 8251 074396 <[EMAIL PROTECTED]>. 0123 4 56789 <- Use this key to decode my email address and name. Play Five by Five Poker at http://www.5X5poker.co
Cryptography-Digest Digest #641
Cryptography-Digest Digest #641, Volume #12 Sat, 9 Sep 00 12:13:01 EDT Contents: Re: ExCSS Source Code (Ichinin) Re: RSA?? ([EMAIL PROTECTED]) Re: PRNG ([EMAIL PROTECTED]) We perform a comprehensive analysis of practical quantum cryptography (QC) (John Bailey) Re: RSA?? ("Big Boy Barry") Re: Losing AES Candidates Could Be a Good Bet? (SCOTT19U.ZIP_GUY) Re: Losing AES Candidates Could Be a Good Bet? ([EMAIL PROTECTED]) Re: RSA?? ([EMAIL PROTECTED]) Scottu19 Broken ([EMAIL PROTECTED]) Re: Camellia, a competitor of AES ? (Samuel Paik) Re: Scottu19 Broken (John Savard) Re: Losing AES Candidates Could Be a Good Bet? (John Savard) Re: Known Plain Text Attack (Mack) Re: Losing AES Candidates Could Be a Good Bet? ([EMAIL PROTECTED]) Re: Bytes, octets, chars, and characters (Chris Rutter) Re: Bytes, octets, chars, and characters (Chris Rutter) Re: blowfish problem (Chris Rutter) Re: Security of whitening alone? (David A. Wagner) Re: Scottu19 Broken ([EMAIL PROTECTED]) Re: How weak is the encryption in the old NORTON NAVIGATOR (NORTON FILE MANAGER) (Mack) Intel's 1.13 MHZ chip (Mok-Kong Shen) Re: blowfish problem (Larry Weiss) Re: How weak is the encryption in the old NORTON NAVIGATOR (NORTON FILE MANAGER) (JPeschel) Re: Known Plain Text Attack (Terry Ritter) Re: Losing AES Candidates Could Be a Good Bet? (Mok-Kong Shen) From: Ichinin <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Subject: Re: ExCSS Source Code Date: Sat, 09 Sep 2000 02:13:09 +0200 Wim Lewis wrote: > I don't know why you think that what I wrote suggests what you > wrote. The DMCA prohibits the circumvention of "technological > protection measures", which CSS is argued to be, regardless of > distribution, regardless of what it's used for[1]. I believe > that the DMCA also outlaws distributing information about how > to circumvent TPMs, which also covers DeCSS. CSS does NOT protect against copying, you can still copy a DVD just as easy as a paper, since the decryption keys are copied as well when you copy the DVD data from one medium to another, which allows for proper playback in any cd = CSS is bullocks! It's only EFFECTIVE MEASURABLE property is the region codes. Regards, Glenn (.SE) (And again... DMCA is VOID outside the US.) -- From: [EMAIL PROTECTED] Subject: Re: RSA?? Date: Sat, 09 Sep 2000 11:36:32 GMT In article , "Big Boy Barry" <[EMAIL PROTECTED]> wrote: > Is RSA encryption unsecure? I know nothing is 100% secure... but I would > like your opinion on RSA? Um, no to the best of my knowledge when used correctly RSA is still considered secure. Tom Sent via Deja.com http://www.deja.com/ Before you buy. -- From: [EMAIL PROTECTED] Subject: Re: PRNG Date: Sat, 09 Sep 2000 11:37:36 GMT In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] (S. T. L.) wrote: > /* DIEHARDC ok (no 0.00 no 1.00) */ > > This is not the way to interpret DieHard results. Technically there is no valid way to interpret DH results... Tom Sent via Deja.com http://www.deja.com/ Before you buy. -- From: [EMAIL PROTECTED] (John Bailey) Subject: We perform a comprehensive analysis of practical quantum cryptography (QC) Date: Sat, 09 Sep 2000 12:36:18 GMT MITRE TECHNICAL REPORT Practical Quantum Cryptography: A Comprehensive Analysis by G. Gilbert and M. Hamrick September 2000 http://xyz.lanl.gov/abs/quant-ph/0009027 should be of interest. (quoting from the abstract) We perform a comprehensive analysis of practical quantum cryptography (QC)systems implemented in actual physical environments (1) We obtain the complete universal expressions for the effective secrecy capacity and rate for QC systems (2) We perform for the first time a detailed, explicit analysis of all systems losses due to and errors and noises. (3) We calculate for the first time all system load costs associated to classical communication and computational constraints that are ancillary to, but essential for carrying out, the pure QC protocol itself. (4) We introduce an extended family of generalizations of the Bennett-Brassard (BB84) QC protocol that equally provide unconditional secrecy .(BB84 = C.H. Bennett and G. Brassard, in Proc. IEEE Int. Conference on Computers, Systems and Signal Processing, IEEE Press, New York (1984)) (5) We obtain universal predictions for maximal rates that can be achieved with practical system designs (end quote) Quantum Communications (not computing )sounds like its ready for prime time. (No pun intended) John -- From: "Big Boy Barry" <[EMAIL PROTECTED]> Subject: Re: RSA?? Date: Sat, 09 Sep 2000 12:39:43 GMT Can any government in the world crack it? <[EMAIL PROTECTED]> wrote in message news:8pd7c1$ck6$[EMAIL PROTECTED]... > In article , > "Big Boy Barry" <[EMAIL PROTECTED]> wrote: > >
Cryptography-Digest Digest #640
Cryptography-Digest Digest #640, Volume #12 Sat, 9 Sep 00 06:13:00 EDT Contents: Re: Security of whitening alone? ([EMAIL PROTECTED]) Re: RSA patent expiration party still on for the 20th (Paul Rubin) Re: Carnivore article in October CACM _Inside_Risks (No User) Re: ExCSS Source Code (Wim Lewis) Re: could you please tell me how this calculation has been obtained ? (Your Name) Re: could you please tell me how this calculation has been obtained ? (Your Name) Re: Security of whitening alone? ("Scott Fluhrer") Re: ExCSS Source Code (Bill Unruh) Re: How weak is the encryption in the old NORTON NAVIGATOR (NORTON FILE MANAGER) (nym_test) RSA?? ("Big Boy Barry") Re: ExCSS Source Code ("John A. Malley") could you please tell me how this calculation has been obtained ? 3rd (jungle) Re: Losing AES Candidates Could Be a Good Bet? (Mok-Kong Shen) Re: Camellia, a competitor of AES ? (Mok-Kong Shen) Re: Camellia, a competitor of AES ? (David A Molnar) Re: could you please tell me how this calculation has been obtained ? (Mok-Kong Shen) Re: Losing AES Candidates Could Be a Good Bet? (Chris Rutter) From: [EMAIL PROTECTED] Subject: Re: Security of whitening alone? Date: Sat, 09 Sep 2000 00:57:05 GMT In article <[EMAIL PROTECTED]>, Andru Luvisi <[EMAIL PROTECTED]> wrote: > > Assuming one has a well known good random transformation, for example > DES encryption with a well known key, what attacks can you see against > the following algorithm? > > Let p(x) be the transformation. Let q(x) be the inverse transformation. > Let the 128 bit key k have a left part, l, and a right part r. > ^ means xor. > > E_k(x) = p(x^l)^r > D_k(y) = q(x^r)^l > > In other words, the key is *only* used for whitening before and after > applying the transformation. Since the key in the rounds is known differential cryptanalysis is much easier I would think. Perhaps I am wrong. But if you get the right difference into the last round 'r' will be easy to find in the encryption direction and 'l' in the decryption direction. Tom Sent via Deja.com http://www.deja.com/ Before you buy. -- From: [EMAIL PROTECTED] (Paul Rubin) Subject: Re: RSA patent expiration party still on for the 20th Date: 9 Sep 2000 01:38:04 GMT In article <[EMAIL PROTECTED]>, No User <[EMAIL PROTECTED]> wrote: >Keeping the invention internal and unproductive for the term of the >patent is not enough to claim the experimental use defense; if you >were actually trying to develop a product for later public release (as >opposed to merely playing around to see if you could get the invention >to work), the courts would probably regard that as infringement. I seem to remember that a lot of phone companies used step by step (SXS) switches while waiting for the crossbar phone switch patent to expire. When the crossbar patent finally did expire, SXS exchanges cut over to crossbar switches en masse. So I think there must have been some pre-expiration development going on. Anyone know more? -- Date: Fri, 8 Sep 2000 19:55:32 -0500 From: No User <[EMAIL PROTECTED]> Subject: Re: Carnivore article in October CACM _Inside_Risks >>> Why wouldn't the ISPs just unplug Carnivore, reboot, and >>> tell the FBI that they'll plug it back in when it works? >> >> Because anybody who did so would immediately be thrown in jail for >> violating a court order. > > A "court order" that dictates inclusion of foreign software > into one's core business system should never be complied with > in the first place. Do "court orders" require that automobile > manufacturers install FBI-created mechanical boxes in drive > trains? It would be absurd. Attention cave-dweller: the feds require all types of things installed in all sorts of products foisted upon unwary public. CALEA requires telcos to build LEO-access directly into their CO switch fabric for ease of wiretapping conventional switched-circuit conversations. Carnivore and the laws governing its use achieve the same goal for ISPs and packetized info. E911 requires wireless communications service providers to build in cellphone-locating ability into their systems. And of course there's ECHELON. Carnivore is simply another facet of govt's tireless quest to create a pervasive total surveillance system - if you talk on a hardwired phone line, you can be tapped with a flick of a switch. If you talk on a cell phone you can be both tapped AND pinpointed. If you send an email it can be snatched. Got a new driver's license lately? - if so your photo has been digitized and stored in a state database linked to all other states' databases for instant access by the feds to comb over with facial-recognition software. But using your strictly Clintoneque lawyerspeak language, you are correct. "Court orders" do not require these things be built into a companys product - either law