Re: RC4 source as a literate program

2000-09-01 Thread Gary Jeffers

Fellow Cypherpunks,
   I was aware that posting binary/executables of crypt code from the
U.S. was illegal. Is source posting of crypt from U.S. illegal too?

Yours Truly,
Gary Jeffers

BEAT STATE
_
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 
http://profiles.msn.com.




New Sports Message Boards!!!

2000-09-01 Thread announce

This is not a spam! You are receiving this message as an opt-in subscriber to our opt-in mailing list. If this is not the case, PLEASE accept our sincerest apologies and reply with "remove" in the subject field or click here http://www.email-it.com/remove/remove.html. We will remove your name immediately! 

Attn: Message Board Users!!!

It's time to get in the game!!!

If you're a message board maniac like we are, we've got a great new FREE forum to tell you about.

FanVoices.com the premier sports message boards.

Every professional team is represented with dedicated threads for all your favorites in the NFL, NBA, Baseball, Hockey, Pro Boxing, Wrestling, NASCAR and more.

We also offer detailed discussions about Fantasy Leagues just like those kicking off around America this Labor Day weekend. Head over to find the tips about the best leagues and who's taking who this weekend.

We've also got forums on Sports Betting with seasoned posters straight out of Vegas with the inside skinny on what those in the know are putting their money on. 

Maybe best of all, we believe we offer the first real forum for Sports Collectibles, a place for eBayers, sports card collectors, autograph hounds etc., to talk about their hobby and investments.

You'll find some of the most insightful commentary around from guys who play collectibles like Wall Street, with proven track records of healthy profits or tips on making it more fun.

Better yet, FanVoices.com is GIVING AWAY free ROOKIE CARDS just for registering on our FREE site. Click here for your shot.  Click to win. 

No strings attached, random posters will win Vince Carter, Mark McGwire, Edgerrin James and other high-end rookie cards with triple digit price tags… just for a free sign-up.

So stop by today, see what the word is on your favorite team, hobby and more and let your voice be heard at FanVoices.com… the premier sports message board.

Click here http://www.fanvoices.com  to go straight to the action at FanVoices.com



New Sports Message Boards!!!

2000-09-01 Thread announce

This is not a spam! You are receiving this message as an opt-in subscriber to our opt-in mailing list. If this is not the case, PLEASE accept our sincerest apologies and reply with "remove" in the subject field or click here http://www.email-it.com/remove/remove.html. We will remove your name immediately! 

Attn: Message Board Users!!!

It's time to get in the game!!!

If you're a message board maniac like we are, we've got a great new FREE forum to tell you about.

FanVoices.com the premier sports message boards.

Every professional team is represented with dedicated threads for all your favorites in the NFL, NBA, Baseball, Hockey, Pro Boxing, Wrestling, NASCAR and more.

We also offer detailed discussions about Fantasy Leagues just like those kicking off around America this Labor Day weekend. Head over to find the tips about the best leagues and who's taking who this weekend.

We've also got forums on Sports Betting with seasoned posters straight out of Vegas with the inside skinny on what those in the know are putting their money on. 

Maybe best of all, we believe we offer the first real forum for Sports Collectibles, a place for eBayers, sports card collectors, autograph hounds etc., to talk about their hobby and investments.

You'll find some of the most insightful commentary around from guys who play collectibles like Wall Street, with proven track records of healthy profits or tips on making it more fun.

Better yet, FanVoices.com is GIVING AWAY free ROOKIE CARDS just for registering on our FREE site. Click here for your shot.  Click to win. 

No strings attached, random posters will win Vince Carter, Mark McGwire, Edgerrin James and other high-end rookie cards with triple digit price tags… just for a free sign-up.

So stop by today, see what the word is on your favorite team, hobby and more and let your voice be heard at FanVoices.com… the premier sports message board.

Click here http://www.fanvoices.com  to go straight to the action at FanVoices.com



Re: Re: Is kerberos broken?

2000-09-01 Thread petro

>On Thu, 31 Aug 2000, Tom Vogt wrote:
>
>>>  would put it at about 26^3200, which is on the order of 2^12000. Go
>>>  ahead, I await your method of brute forcing that.
>>
>>yes, but would you TYPE 3200 characters every morning to log in?
>
>Besides, it is quite likely that such long passwords would actually be taken
>from known texts. It is relatively easy to track what texts a given
>adversary is likely to have read, obtain them in electronic form and run a
>brute force based on that. That's would usually bring us far below
>O(2^12000).

Of course, a *simple* substitution of one word (or even 
spaces) would make this *much* harder.

"Friends, Romulans, fellow countrymen, lend me your beers..."

(I probably buthered the hell out of that, never having heard 
or read the original, but I think it gets the point across)
-- 
A quote from Petro's Archives:   ***
Today good taste is often erroneously rejected as old-fashioned
because ordinary man, seeking approval of his so-called personality,
prefers to follow the dictates of his own peculiar style rather than
submit to any objective criterion of taste.--Jan Tschichold




Re: Good work by FBI and SEC on Emulex fraud case

2000-09-01 Thread petro

Mr. May said:

>(News services still have some role, of course.)

Of course, one of there roles could be "verification" of the 
press release, i.e. Emulex signs it, and rather than having to have 
985,234,003 keys on my key ring to verify every press release I read, 
the News Service can sign the whole thing saying "we witness that 
this press release was signed with the proper key"..
-- 
A quote from Petro's Archives:   ***
Today good taste is often erroneously rejected as old-fashioned
because ordinary man, seeking approval of his so-called personality,
prefers to follow the dictates of his own peculiar style rather than
submit to any objective criterion of taste.--Jan Tschichold




No Subject

2000-09-01 Thread Dean Mannion



 


"..do not count on the anonymity of the Internet to serve as a shield for your illegal conduct"

2000-09-01 Thread Bill Orme

TRIAL BY WIRE ---

Law enforcement officials quickly identified and
apprehended
the person responsible for the fake press release that
sent
Emulex shares tumbling. According to one law
enforcement
spokesperson: "Anyone who would use the Internet to
commit
a crime should understand one thing -- do not count on
the
anonymity of the Internet to serve as a shield for
your illegal
conduct. As technology advances, so do our
investigative techniques
and our abilities to protect the public."



and...
A lawfirm has filed a class action suit against
Internet
Wire and Bloomberg for the distribution of the
fake release.





=
For the fastest response to any query,
please send all correspondence to:

Thank-You.

__
Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/




VMware for Linux License Key

2000-09-01 Thread WebForm



** Please do not reply to this email **

Dear Joe Cypherpunk,

Thank you for downloading VMware for Linux.


Please find attached to this email message a file containing your 
license. 

Save the attached file using a file name that begins with "license" in
a directory named ".vmware" in your home directory. Note the "."
before "vmware" in the directory name. You may, for example, save the
license as "license-2.0".

If you own a license for VMware 1.x for Linux, you will already have a
file named "license" in the .vmware directory. Be sure not to 
overwrite it with this new license file so you have the option of 
returning to using version 1.x.

In case your email reader does not support MIME encoding, the file is 
included as text at the bottom of this message. Copy the text between 
the "Cut Here" lines and save it as the license file, as described above.

As a reminder, you may report any problems, issues, or comments 
you may have in using the product to the VMware Technical Support 
team. To file an incident report, please go to
http://www.vmware.com/forms/Incident_Login.cfm
and complete the form provided. 

You may raise questions and share tips with other users in the VMware
newsgroups. The VMware nntp news server is at news://news.vmware.com.

Thank you for your interest in VMware, we hope you have a successful
experience in using our product.

Best Regards,
- The VMware Team

--- Cut Here ---
# VMware software license
Fields = "Cpt, Name, Email, LicenseType, LicenseClass, LicenseFeature, Count, 
LicenseKey, ProductID, ProductType, Expiration"
StartFields = "Cpt, Name, Email, LicenseType, Field2"
Field2 = "LicenseClass, LicenseFeature, Count, Field3"
Field3 = "LicenseKey, ProductID, ProductType, Expiration"
Cpt = "COPYRIGHT (c) 1998-2000 VMware, Inc."
Name = "Joe Cypherpunk"
Email = "[EMAIL PROTECTED]"
LicenseType = "User"
LicenseClass = "Evaluation"
LicenseFeature = "None"
Count = "1 of 1"
LicenseKey = "34752_001"
ProductID = "VMware for Linux"
ProductType = "2.0"
Expiration = "2000-10-1"

Hash = bc064bf2-e57ef484-6de55c14-8120589c-e72d0efc

--- Cut Here ---


 license_34752_001


RE: Re: Is kerberos broken?

2000-09-01 Thread Minow, Martin
Title: RE: Re: Is kerberos broken?





Bill Stewart [mailto:[EMAIL PROTECTED]] writes:
>Typical estimates for the entropy of English text are 1 bit/character;
>I'd expect most alphabet-based human languages are similar.


However, a good strategy is to use a phrase as a memory aid, but
construct the password from, say, the first letter of each word.
For example, if you use Gilbert and Sullivan as your guide,
"The flowers that bloom in the spring, tra la la. have nothing
to do with the case." becomes "Tftbits,tll,hntdwtc"


I rather doubt that your local script-kiddie will break that
password. (ps: I don't use this or anything similar.)


Martin Minow
[EMAIL PROTECTED]





Re: Good work by FBI and SEC on Emulex fraud case

2000-09-01 Thread Sampo A Syreeni

On Thu, 31 Aug 2000, Eric Murray wrote:

>A small note: IW digitally-signing the releases would not
>have made a difference in this case--  the guy used his knowledge
>of IW's procedures to social-engineer IW into accepting the
>fake release without doing their usual checking procedures.

So essentially what you are saying is that this was not computer crime. We
do not need a Big Brotherish society to thwart computer crime, especially if
it's not computer crime in the first place.

>When/if we do ever have the common use of digitally-signed PR, documents
>etc, I wonder how much people will be fooled into thinking that the
>contents must be correct, because after all, they're signed?

Well at least in that case, assuming those holding the authentication keys
know what they're doing and guard their bits, the source of the information
is attributable to someone, which enormously facilitates plain old police
work.

Sampo Syreeni <[EMAIL PROTECTED]>, aka decoy, student/math/Helsinki university




Re: Whipped Europeans

2000-09-01 Thread Sampo A Syreeni

On Thu, 31 Aug 2000, Tim May wrote:

>And when Denmark and Norway, say, decide to leave the Union, look for 
>the fascists to dust off the speeches of Lincoln.

Nitpickin': Norway never joined.

Sampo Syreeni <[EMAIL PROTECTED]>, aka decoy, student/math/Helsinki university




Re: PRNG server

2000-09-01 Thread Bill Stewart

At 11:09 PM 8/29/00 -0700, petro wrote:
>   The trust issue can be dealt with by a combination of 2 
>methods, first the traditional trust model--provide a consistent 
>source of randomness over a long enough time, and people will trust 
>it.
>
>   Secondly, encrypt the random bits for delivery--that way the 
>receiver can trust that the bits they get, they alone get.

You can't provide cryptographically trustable random numbers that way.
Run DES in counter mode, with a key and starting value known only to
the perpetrator, and you'll get high quality random numbers
which pass all the statistical tests gamers need,
but are still entirely owned, so not very useful cryptographically.

The main thing it does is lets gamers trust each other, 
because it's a common stream of bits that none of them controls, 
unless somebody hacks the transmission paths or the server itself.

The receiver has no way to trust that the bits they get aren't sent
to anybody else, because that requires knowing the server is Not Cheating,
and there's no way to know that.  (Actually, you can do a bit better,
in that the receiver can decrypt the bits without the sender needing to
encrypt them first.)  

It's not useless - you can use it to help seed PRNGs along with other
sources of entropy you've got locally, for times you need something
better than just the system clock and there's nobody at the console
to throw dice or wave a mouse.  
Thanks! 
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639