California Wants GPS Tracking Device in Every Car

[Eugen Leitl]

Link: http://slashdot.org/article.pl?sid=05/02/15/201217
Posted by: Zonk, on 2005-02-15 20:48:00

   from the now-this-is-a-good-use-of-engineering dept.
   [1]HTS Member writes "California has a new excuse for more taxes.
   Claiming losses due to fuel-efficient cars, such as Gasoline/Electric
   Hybrids, California is cooking-up a new system to punish people who
   aren't using enough gasoline. They want to [2]tax commuters by the
   mile. How would this be accomplished? By requiring everyone to install
   a GPS device in their vehicle, and charge them their "taxes" every
   time they fuel-up. From the article: 'Drivers will get charged for how
   many miles they use the roads, and it's as simple as that.. [a] team
   at Oregon State University equipped a test car with a global
   positioning device to keep track of its mileage. Eventually, every car
   would need one.'"


References

   1. http://www.hackthissite.org/
   2. http://www.cbsnews.com/stories/2005/02/14/eveningnews/main674120.shtml

- End forwarded message -
-- 
Eugen* Leitl http://leitl.org";>leitl
__
ICBM: 48.07078, 11.61144http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net


pgpGswpztxjJ2.pgp
Description: PGP signature

Re: [p2p-hackers] SHA1 broken?

[R.A. Hettinga]

--- begin forwarded text


Delivered-To: [EMAIL PROTECTED]
Date: Wed, 16 Feb 2005 01:10:13 -0800
From: "Gordon Mohr (@ Bitzi)" <[EMAIL PROTECTED]>
User-Agent: Mozilla Thunderbird 1.0 (X11/20041206)
To: "Peer-to-peer development." <[EMAIL PROTECTED]>
Subject: Re: [p2p-hackers] SHA1 broken?
Reply-To: "Peer-to-peer development." <[EMAIL PROTECTED]>
Sender: [EMAIL PROTECTED]

Serguei Osokine wrote:
>>#   * collisions in the the full SHA-1 in 2**69 hash operations,
>># much less than the brute-force attack of 2**80 operations...
>
>
> Okay, so the effective SHA-1 length is 138 bits instead of full
> 160 - so what's the big deal?

If the results hold up:

SHA1 is not as strong as it was designed to be, and its effective
strength is being sent in the wrong direction, rather than being
confirmed, by new research.

Even while maintaining that SHA1 was unbroken and likely to
remain so just last week, NIST was still recommending that SHA1 be
phased out of government use by 2010:

   http://www.fcw.com/fcw/articles/2005/0207/web-hash-02-07-05.asp

One more paper from a group of precocious researchers anywhere in
the world, or unpublished result exploited in secret, could topple
SHA1 from practical use entirely. Of course, that's remotely possible
with any hash, but the pattern of recent results suggest that a
further break is now more likely with SHA1 (and related hashes)
than others.

So the big deal would be: don't rely on SHA1 in any applications
you intend to have a long effective life.

> It is still way more than, say, MD5
> length. And MD5 is still widely used for stuff like content id'ing
> in various systems, because even 128 bits is quite a lot, never
> mind 138 bits.

Just because it's widely used doesn't mean it's a good idea.

MD5 should not be used for content identification, given the ability
to create content pairs with the same MD5, with one version being
(and appearing and acquiring a reputation for being) innocuous, and
the other version malicious.

- Gordon @ Bitzi
___
p2p-hackers mailing list
[EMAIL PROTECTED]
http://zgp.org/mailman/listinfo/p2p-hackers
___
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences

--- end forwarded text


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

RE: [p2p-hackers] SHA1 broken?

[R.A. Hettinga]

--- begin forwarded text


Delivered-To: [EMAIL PROTECTED]
From: "Serguei Osokine" <[EMAIL PROTECTED]>
To: "Peer-to-peer development." <[EMAIL PROTECTED]>
Subject: RE: [p2p-hackers] SHA1 broken?
Date: Wed, 16 Feb 2005 00:11:07 -0800
Reply-To: [EMAIL PROTECTED],
"Peer-to-peer development." <[EMAIL PROTECTED]>
Sender: [EMAIL PROTECTED]

> #   * collisions in the the full SHA-1 in 2**69 hash operations,
> # much less than the brute-force attack of 2**80 operations...

Okay, so the effective SHA-1 length is 138 bits instead of full
160 - so what's the big deal? It is still way more than, say, MD5
length. And MD5 is still widely used for stuff like content id'ing
in various systems, because even 128 bits is quite a lot, never
mind 138 bits.

Best wishes -
S.Osokine.
16 Feb 2005.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Behalf Of Gordon Mohr (@ Bitzi)
Sent: Tuesday, February 15, 2005 9:41 PM
To: p2p-hackers
Subject: [p2p-hackers] SHA1 broken?


Via Slashdot, as reported by Bruce Schneier:

 http://www.schneier.com/blog/archives/2005/02/sha1_broken.html

Schneier writes:

#   SHA-1 Broken
#
# SHA-1 has been broken. Not a reduced-round version. Not a
# simplified version. The real thing.
#
# The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu
# (mostly from Shandong University in China) have been quietly
# circulating a paper announcing their results:
#
#   * collisions in the the full SHA-1 in 2**69 hash operations,
# much less than the brute-force attack of 2**80 operations
# based on the hash length.
#
#   * collisions in SHA-0 in 2**39 operations.
#
#   * collisions in 58-round SHA-1 in 2**33 operations.
#
# This attack builds on previous attacks on SHA-0 and SHA-1, and
# is a major, major cryptanalytic result. It pretty much puts a
# bullet into SHA-1 as a hash function for digital signatures
# (although it doesn't affect applications such as HMAC where
# collisions aren't important).
#
# The paper isn't generally available yet. At this point I can't
# tell if the attack is real, but the paper looks good and this
# is a reputable research team.
#
# More details when I have them.

- Gordon @ Bitzi
___
p2p-hackers mailing list
[EMAIL PROTECTED]
http://zgp.org/mailman/listinfo/p2p-hackers
___
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences

___
p2p-hackers mailing list
[EMAIL PROTECTED]
http://zgp.org/mailman/listinfo/p2p-hackers
___
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences

--- end forwarded text


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

New Factor in Iraq: Irregular Brigades Fill Security Void

[R.A. Hettinga]

The Wall Street Journal

  February 16, 2005

 PAGE ONE


Bands of Brothers
 New Factor in Iraq:
 Irregular Brigades
 Fill Security Void
Jailed by Hussein, Gen. Thavit
 Is Leading Thousands Now;
 Questions About Loyalty
'Toughest Force We've Got'

By GREG JAFFE
Staff Reporter of THE WALL STREET JOURNAL
February 16, 2005; Page A1


BAGHDAD, Iraq -- In the battle against insurgents here, two kinds of Iraqi
military forces are emerging: the planned units and the pop-ups.

The planned units of the Iraq Army, about 57,000 soldiers strong, are the
result of careful preparation this summer between the U.S. and Iraqi
commanders. The pop-ups started to emerge last fall out of nowhere,
catching the American military by surprise. These dozen disconnected units
totaling as many as 15,000 soldiers are fast becoming one of the most
significant developments in the new Iraq security situation.

The unplanned units -- commanded by friends and relatives of cabinet
officers and tribal sheiks -- go by names like the Defenders of Baghdad,
the Special Police Commandos, the Defenders of Khadamiya and the Amarah
Brigade. The new units generally have the backing of the Iraqi government
and receive government funding.

While regular units of the Iraq Army have taken up residence on
rehabilitated army bases, the others camp out in places like looted
Ministry of Defense buildings, a former women's college, an old Iraqi war
monument and an abandoned aircraft hangar. Frequently, U.S. officials don't
find out about them until they stumble across them. Some Americans consider
them a welcome addition to the fight against the insurgency -- though
others worry about the risks.

"We don't call them militias. Militias are...illegal," says Maj. Chris
Wales, who spent most of January tracking down and finding these new
forces. "I've begun calling them 'Irregular Iraqi ministry-directed
brigades.' " The "pop up" label comes from other U.S. military officials in
Baghdad.

Troops who might have otherwise joined the regular Iraqi Army are drawn to
these units because they are often led by a particularly inspirational
commander or made up of people with similar tribal and religious
backgrounds. This makes the units more cohesive and potentially effective
against the insurgency. "Just show us where to go and we will eat the
insurgents alive," an Iraqi in one of these units told Maj. Wales earlier
this month when he tracked them down at a long-shuttered Baghdad airport.

Dangerous Uncertainty

The bad news is that these new units can inject dangerous uncertainty and
confusion into an already complex battlefield. On Election Day, the Special
Police Commandos were rushing one of their wounded soldiers to the hospital
when they accidentally ran into an Iraqi Army checkpoint. The Iraqi Army
officers opened fire on the Commandos' black SUV, killing the three people
in the car.
1
See complete coverage2 of The Fight for Iraq.

Some U.S. officials worry about the new units' allegiances, which often
seem split between their religious and tribal sponsors and the central
government, creating the risk that the units could be used as militias if
Iraq falls into civil war. U.S. military commanders in Baghdad are
especially concerned about the Defenders of Khadamiya, which is forming to
guard a major Shiite shrine on the city's northern edge at the behest of
Shiite cleric Hussein al Sadr. U.S. military officials worry that the
group, which now numbers about 120 men but plans to grow to more than 800,
could be used to settle internal Shiite scores or deployed in a
Sunni-Shiite conflict.

As these irregular units proliferate, U.S. officials face a thorny dilemma:
whether to encourage these forces, whose training and experience varies
wildly, or to try to rein them in. "There is a tension between on the one
hand encouraging and fostering initiative and on the other executing the
plan for the Iraqi Security Forces that everyone agreed on," says Lt. Gen.
David Petraeus, who is overseeing the massive U.S. effort to help train and
equip Iraqi military units. "To be candid, I would err on the side of
fostering initiative. I want to get the hell out of here."

The first of these military units, the Special Police Commandos, was formed
in September by Gen. Adnan Thavit, the uncle of Iraq's interim interior
minister. The unit started with about 1,000 soldiers. When Col. James
Coffman, a senior aide to Gen. Petraeus, found them they were occupying a
heavily damaged Republican Guard base a few miles from the U.S. embassy.
"It was basically 1,000 guys at the time living in a bombed-out building
with no electricity, no plumbing and no bathrooms," the colonel says.

Col. Coffman, however, was struck by the unit's arms room, which was
stocked with rocket-propelled-grenade launchers, mortar tubes and lots of
ammunition. "The weapons were clean and organized," he says. He immediately
went on a patrol with the u

Gates: security concerns propel IE7 launch

[R.A. Hettinga]

The Register


 Biting the hand that feeds IT

The Register » Security » Network Security »

 Original URL: http://www.theregister.co.uk/2005/02/15/gates_rsa_2005/

Gates: security concerns propel IE7 launch
By John Leyden (john.leyden at theregister.co.uk)
Published Tuesday 15th February 2005 19:17 GMT

RSA 2005 Information security concerns have prompted Microsoft to release a
new version of Internet Explorer before the next version of Windows ships.
Contrary to previous plans, Microsoft will release IE7 as a beta in "early
summer" 2005. Longhorn, the next iteration of Windows, isdue late next year.

Microsoft chairman Bill Gates today said IE7 will offer Windows XP SP2
advances in defending against phishing and malware but failed to go into
any details. IE7 will also be included in Longhorn but its availability on
other platforms remains unclear.

In a keynote address at the RSA Conference in San Francisco, Gates singled
out spyware and social engineering such as phishing and spyware attacks as
the "fastest growing challenge".

"There's no exploit involved," he said. "Social engineering attacks take
the privilege of a user and fool them into running code they don't want to
run."

Microsoft has decided to make its Windows Anti-Spyware, released as a beta
earlier this year and downloaded by 5m users, available at no extra charge
to licensed Windows users, Gates announced. Microsoft also intends to
introduce a consumer-focused anti-virus product by the end of the year.

Gates repeatedly highlighted information security as a "top priority" for
Microsoft. "It's the one thing we need to make sure that we get absolutely
right to deliver the digital revolution," he said. Microsoft is spending
$2bn of its $6bn research and development budget on security.

Windows XP SP2 is a key building block in Microsoft's efforts to make its
software more resistant to attack. More than 170m users have downloaded the
product since its release late last year, Gates said. More users have
applied the update after obtaining it on a CD. To make it easier for
customers to apply patches, Microsoft intends to bring its separate Office
and Windows Update services under one umbrella from March 2005. This
service will be aimed at consumers and small businesses.

Gates appeared relaxed during his 45-minute keynote as RSA, even cracking a
decent joke. He produced a spoofed version of doodles he made at the recent
World Economic Forum, which were mistaken by a UK paper
(http://news.bbc.co.uk/1/hi/uk_politics/4220473.stm) for the jottings of
Prime Minister Tony Blair. The spoof notes contained remarks such as "Why
does Bill Clinton sit next to Angelina Jolie?" "Need cheeseburger" (a
reference perhaps to Gates' expanding waistline) and his "password".


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Passwords? We don't need no stinking passwords

[R.A. Hettinga]

The Register


 Biting the hand that feeds IT

The Register » Security » Network Security »

 Original URL: http://www.theregister.co.uk/2005/02/16/rsa_consumer_survey/

Passwords? We don't need no stinking passwords
By John Leyden (john.leyden at theregister.co.uk)
Published Wednesday 16th February 2005 01:41 GMT

RSA 2005 Concerns over online security are continuing to slow consumer
e-commerce growth. A quarter of the respondents in a recent survey have
reduced their online purchases in the past year and 21 per cent refuse to
conduct business with their financial institutions online because of
security fears. More than half (53 per cent) of the 1,000 consumers quizzed
believe that basic passwords fail to provide sufficient protection for
sensitive personal information.

According to the RSA Security-sponsored telephone survey, poor management
of PINs and passwords for access to online services, desktop computer
systems, ATMs and other electronic accounts is a major vulnerability. As a
major supplier of two-factor authentication products and services that
offer an alternative to traditional static passwords, the issues raised by
RSA Security's survey are more than a little self-serving. That doesn't
mean its analysis is necessarily wrong, though. More and more security
experts are lining up against the use of static passwords for e-banking; in
part because the technique makes consumers easy prey for phishers. Even so,
obituaries for the humble password may be premature.

Adi Shamir, professor at Israel's Weizmann Institute of Science and noted
cryptographer, said: "Passwords are not completely dead. For low level
security apps they are still sufficiently good. It depends on the
application".

One PIN to rule them all

More than two in three respondents (65 per cent) quizzed in RSA Security's
survey use fewer than five passwords for all electronic information access
and 15 percent use a single password for everything. These figures are
unchanged from a similar survey last year.

John Worrall, VP of worldwide marketing at RSA Security, said: "The
majority of consumers are aware of the problems associated with passwords,
but until they are presented with a reliable, easy-to-use alternative,
they're going to continue to exhibit poor password management practices." ®


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: How to Stop Junk E-Mail: Charge for the Stamp

[Ian G]

Peter Gutmann wrote:
Barry Shein <[EMAIL PROTECTED]> writes:
 

Eventually email will just collapse (as it's doing) and the RBOCs et al will
inherit it and we'll all be paying 15c per message like their SMS services.
   

And the spammers will be using everyone else's PC's to send out their spam, 
so
the spam problem will still be as bad as ever but now Joe Sixpack will be
paying to send it.
Hmmm, and maybe *that* will finally motivate software companies, end users,
ISPs, etc etc, to fix up software, systems, and usage habits to prevent this.
 

My view - as controversial as ever - is that the problem
is unfixable, and mail will eventually fade away.  That
which will take its place is p2p / IM / chat / SMS based.
In that world, it is still reasonable to build ones own IM
system for the needs of ones own community, and not
to have to worry about standards.  Which means one can
build in the defences that are needed, when they are
needed.
Chat is already higher volume (I read somewhere) in
raw quantity of messages sent than email.
A fate for email is that as spam grows to take over more
of the share of the shrinking pie, but consumes more of
the bandwidth, the ISPs will start to charge people for
email, and not for IM.  Those left paying for it are going
to discover it is cheaper to ditch it and let the spammers
fight over the shreds.  That's just one plausible future,
tho.
iang
--
News and views on what matters in finance+crypto:
   http://financialcryptography.com/

Re: [p2p-hackers] SHA1 broken?

[Eric Murray]

On Wed, Feb 16, 2005 at 07:55:15AM -0500, R.A. Hettinga wrote:
> From: "Serguei Osokine" <[EMAIL PROTECTED]>
> To: "Peer-to-peer development." <[EMAIL PROTECTED]>
> Subject: RE: [p2p-hackers] SHA1 broken?
> Date: Wed, 16 Feb 2005 00:11:07 -0800
> 
> Okay, so the effective SHA-1 length is 138 bits instead of full
> 160 - so what's the big deal? It is still way more than, say, MD5

In applications where collisions are important, SHA1 is now
effectively 69 bits as opposed to 80.

That's not very much, and odds are there will be an improvement on
this attack in the near future. 

Eric

Re: How to Stop Junk E-Mail: Charge for the Stamp

[Damian Gerow]

Thus spake Peter Gutmann ([EMAIL PROTECTED]) [16/02/05 01:04]:
: Hmmm, and maybe *that* will finally motivate software companies, end users,
: ISPs, etc etc, to fix up software, systems, and usage habits to prevent this.

Doubt it'll motivate the ISPs.  They'll be the ones making the 15c/msg.  If
they clean it up, that's lost income.

Re: How to Stop Junk E-Mail: Charge for the Stamp

[Eric Murray]

On Wed, Feb 16, 2005 at 03:29:21PM +, Ian G wrote:
> Peter Gutmann wrote:
> 
> >Barry Shein <[EMAIL PROTECTED]> writes:
> >>Eventually email will just collapse (as it's doing) and the RBOCs et al will
> >>inherit it and we'll all be paying 15c per message like their SMS services.
> >
> >And the spammers will be using everyone else's PC's to send out their spam, 
> >so
> >the spam problem will still be as bad as ever but now Joe Sixpack will be
> >paying to send it.
> >
> >Hmmm, and maybe *that* will finally motivate software companies, end users,
> >ISPs, etc etc, to fix up software, systems, and usage habits to prevent this.
> >  
> 
> My view - as controversial as ever - is that the problem
> is unfixable, and mail will eventually fade away.  That
> which will take its place is p2p / IM / chat / SMS based.
> In that world, it is still reasonable to build ones own IM
> system for the needs of ones own community, and not
> to have to worry about standards.  Which means one can
> build in the defences that are needed, when they are
> needed.

Better start on those defenses now then-
there is already significant amounts of IM and SMS spam.

I would be suprised if the people designing IM and SMS systems
have learned much from the failures of SMTP et al.  


Eric

Re: SHA1 broken?

[R.A. Hettinga]

--- begin forwarded text


Date: Wed, 16 Feb 2005 11:13:23 -0500 (EST)
From: Atom Smasher <[EMAIL PROTECTED]>
OpenPGP: id=0xB88D52E4D9F57808; algo=1 (RSA); size=4096;
url=http://atom.smasher.org/pgp.txt
To: [EMAIL PROTECTED]
Subject: Re: SHA1 broken?
Sender: [EMAIL PROTECTED]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, 16 Feb 2005, David Shaw wrote:

> In terms of GnuPG: it's up to you whether you want to switch hashes or
> not.  GnuPG supports all of the SHA-2 hashes, so they are at least
> available.  Be careful you don't run up against compatibility problems:
> PGP doesn't support 384 or 512, and only recently started supporting
> 256.  GnuPG before 1.2.2 (2003-05-01), doesn't have any of the new
> hashes.  Finally, if you have a DSA signing key (most people do) you are
> required to use either SHA-1 or RIPEMD/160.  RSA signing keys can use
> any hash.


there's more to it than that. openPGP specifies SHA-1 (and nothing else)
as the hash used to generate key fingerprints, and is what key IDs are
derived from.

a real threat if this can be extended into a practical attack is
substituting a key with a *different* key having the same ID and
fingerprint. it would be difficult for average users (and impossible for
the current openPGP infrastructure) to tell bob's key from mallory's key
that claims to be bob's.

it can also be used (if the attack becomes practical) to forge key
signatures. mallory can create a bogus key and "sign" it with anyone's
real key. this would turn the web of trust into dust.

the openPGP spec seemed to have assumed that SHA-1 just wouldn't fail.
ever. this was the same mistake made in the original version of pgp that
relied on md5. the spec needs to allow a choice of hash algorithms for
fingerprints and key IDs, or else we'll play this game every time someone
breaks a strong hash algorithm.


- --
 ...atom

  _
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -

"Any sufficiently advanced technology
 is indistinguishable from magic."
-- Arthur C. Clarke

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJCE3EoAAoJEAx/d+cTpVcinwsIAKnjw1AqwY0guPtdxMagoZC2
Rv7mCZt3QnpH4uEaWNLh5R3VImVwOBevW9VdYm+UdMwdmodD79Bc0MyPOaHDuUiP
okmo0PigWIht2vGWK7F6xLtUwLUlGyuAWO5w8g/hNCt0ftdb1jUam0wQtqnTTarM
B1kyTWU0sHsjyloSh0umQ8kC0nt9nNhLIasp84oIo+D3b0r6yKIWjMS7dHr1hIbx
2gXBdVw01HJng/BtF/THfZwAD2IE+OLNPg4Q6v6QnVf3BGBBPSiiD2mXrizuknA8
RevXGYgBc4plOWOlDmx2ydbRqFHe5obGMGFCk4muFh8veFhPbFxCKvfBwsawi+U=
=f0+g
-END PGP SIGNATURE-

___
Gnupg-users mailing list
[EMAIL PROTECTED]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

--- end forwarded text


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: How to Stop Junk E-Mail: Charge for the Stamp

[Tyler Durden]

Wrong. We already solved this problem on Cypherpunks a while back.
A spammer will have to pay to send you spam, trusted emails do not. You'll 
have a settable Spam-barrier which determines how much a spammer has to pay 
in order to lob spam over your barrier (you can set it to 'infinite' of 
course).

A new, non-spam mailer can request that their payment be returned upon 
receipt, but they'll have to include the payment unless you were expecting 
them.

This way, the only 3rd parties are those that validate the micropayments.
-TD
From: Barry Shein <[EMAIL PROTECTED]>
To: "R.A. Hettinga" <[EMAIL PROTECTED]>
CC: cryptography@metzdowd.com, [EMAIL PROTECTED]
Subject: Re: How to Stop Junk E-Mail: Charge for the Stamp
Date: Tue, 15 Feb 2005 17:29:05 -0500
Oh no, the idiotic penny black idea rides again.
Like the movie "War Games" when a young Matthew Broderick saves the
world by causing the WOPR computer to be distracted into playing
itself tic-tac-toe rather than launching a pre-emptive nuclear strike.
It was a MOVIE, made in 1983 nonetheless, get over it.
More seriously, what attracts people to this penny black idea is that
they realize that the only thing which will stop spammers is to
interject some sort of economic constraint. The obvious constraint
would be something like stamps since that's a usage fee.
But the proposer (and his/her/its audience) always hates the idea of
paying postage for their own email, no, no, there must be a solution
which performs that economic miracle of only charging for the behavior
I don't like! An economic Maxwell's demon!
So, just like the terminal seeking laetrile shots or healing waters,
they turn to not even half-baked ideas such as penny black. Don't
charge you, don't charge me, charge that fellow behind the tree!
Oh well.
Eventually email will just collapse (as it's doing) and the RBOCs et
al will inherit it and we'll all be paying 15c per message like their
SMS services.
I know, we'll work around it. Of course by then they'll have a
multi-billion dollar messaging business to make sure your attempts to
by-step it are outlawed and punished. Consider what's going on with
the music-sharing world, as another multi-billion dollar business
people thought they could just defy with anonymous peer-to-peer
services...
The point: I think the time is long past due to "grow up" on this
issue and accept that some sort of limited, reasonable-usage-free,
postage system is necessary to prevent collapse into monopoly.
--
-Barry Shein
Software Tool & Die| [EMAIL PROTECTED]   | 
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202| Login: 617-739-WRLD
The World  | Public Access Internet | Since 1989 *oo*

CMA 05 - Politics, Business & Opportunity

[conferences]

We are pleased to present the program for Shipping 2005, to be heldMarch 21-23, 2005 at the Westin Stamford Hotel, Stamford, CT.
The CMA has developed a vital program mixing important business, market andnetworking opportunities with discussion and activism on some of thepotentially most challenging and costly political and regulatory initiativesof today.
Whether you want a high level briefing on yard capacity, costs and deliverydata, a sophisticated market forecast or to engage leading experts on issuesof regulation and enforcement, the program has something for you.
We always remember though that our goal is to deliver value to you, so thereare exhibits, receptions, lunches and dinners for networking and 1000s ofpeople with whom to conduct business.
Please link to the conference page at our show website to download thelatest program and for registration:
http://www.shipping2005.com/confer2005.html
If you have already signed up, thank you and look forward to seeing yousoon, if not yet, we hope to welcome you again and to help build yourbusiness.
Sincerely,
Lorraine ParsonsEvent DirectorCMA Shipping 2005Tel: +1.203.406.0109 Ext 3717Fax: +1.203.406.0110Website: www.shipping2005.com

 






 

+++
TO BE REMOVED FROM OUR MGN EMAIL DISTRIBUTION LIST, VISIT:
HTTP://WWW.MGN.COM/[EMAIL PROTECTED]&blastid=3073&code=FMXDHL337AN87BLYLRGJ 
YOU CAN ALSO CONTACT US DIRECTLY AT:
MARITIME GLOBAL NET
PO BOX 207
BRISTOL, RHODE ISLAND 02809 USA
TEL: (401)247-7780
FAX: (401)247-7756

THANK YOU.

Code: FMXDHL337AN87BLYLRGJ
+++

Re: What is a cypherpunk?

[Steve Thompson]

 --- Justin <[EMAIL PROTECTED]> wrote: 
> On 2005-02-15T13:23:37-0500, Steve Thompson wrote:
> >  --- "James A. Donald" <[EMAIL PROTECTED]> wrote: 
> > [snip]
> > > As governments were created to smash property rights, they are 
> > > always everywhere necessarily the enemy of those with property, 
> > > and the greatest enemy of those with the most property.
> > 
> > Uh-huh.  Perhaps you are using the term 'government' in a way that is
> not
> > common to most writers of modern American English?
> 
> I think it's fair to say that governments initially formed to protect
> property rights (although we have no historical record of such a
> government because it must have been before recorded history began).

I think it's fair to say that governments were initially, and still
largely remain today, the public formalisation of religious rule applied
to the  civil sphere of existence.  It's more complicated than that, but
generally speaking, somewhat disparate religious populations (protestant,
catholic, jew, etc.) accepted the fiction of secular civil governance when
in reality religious groups have tended to dominate the shape and
direction of civil government, while professing to remain at arms-length.

'Fiction' is the operative term here, and I contend that nowhere is this
more evident in the closed world of clandestine affairs -- civilian OR
military.  Religion has always been about 'powerful' and educated in-sect
sub-populations organising civil and intellectuall affairs in such a way
as to mobilise the serfs to the advantage of the privilaged, all the while
presenting convenient systems of fiction to the masses that are expected
to suffice as the broad official reality of society; a reality fully
accessable to some who quite naturally use their position of possibly
intellectual privilage to order the affairs of the serf/slaves.

> They then developed into monarchies which were only really set up to
> protect property rights of the ruler(s).

If I'm not mistaken, it was in Germany where the concept of public
figureheads-as-leaders was evolved to a system in which the figurehead
(king, pontiff, leader) was presented as the soruce of state power, but
who in actuality was groomed, controlled, and ruled by a non-public
contingent of privilaged political and intellectual elite who, in general,
ran the affairs of state and/or religion from the back room, so to speak.

This way of organising the public affairs of government has, I think,
roots that date back to the ancient Greeks, but is also largely in favour
today.
 
> With the advent of various quasi-democratic forms of government, the law
> has been compromised insofar as it protects property rights.  You no
> longer have a right to keep all your money (taxes), no longer have a
> right to grow 5' weeds in your front yard if you live in a city, and no
> longer have a right to own certain evil things at all, at least not
> without special governmental permission.  There were analogous
> compromises in democratic Athens and quasi-democratic Rome.

It's rather different today.  
 
> When democratic states inevitably fold into tyranny, some of those
> restrictions remain.  Right now most states have a strange mix of
> property rights protections (e.g. the Berne convention and the DMCA) and
> property rights usurpations (e.g. no right to own certain weapons; equal
> protection).

Agreements and accords such as the Berne convention and the DCMA, to say
nothing of human-rights legislation, are hobbled by the toothlessness of
enforcement, pulic apathy to others' rights, and a load of convenient
exceptions to such rules made for the agents of state.  For instance, the
copyright on my computer software was blithely subverted by the fascist
ubermench involved and responsible for the surveillance detail that I have
suffered over the past two decades.  I listened to some of these people
make excuses for stealing my intellectual property, fashioning rumours to
lessen the wrong of their theft, or 'merely' applying pressure or making
plans to 'encourage' the release of my code in the public domain so their
prior theft could be buried.  Failing that, they have simply stolen all my
computer equipment and delayed my life, possibly so my code could be
`developed' by their own programmers and a history shown -- perhaps with
the partial aim of finally accusing me of stealing "their" intellectual
property after it is released in their own product.

These people are nothing more than jack-booted thugs, and whether they are
Nazis or not is immaterial to the fact that their methods and ideology
closely resemble a modernised version of it.   Whatever the EXCUSE
offered, it is a triumph of putocratic-fascist zeaotry in the sense that
nominally modern and democratic institutions and groups in this world have
acquired some of the memes that drove the Gestapo/SS/Abwher.  There is no
excuse, but since Orwellian political and intellectual abdications and
maneuvers are quite well in fashion t

Re: What is a cypherpunk?

[Steve Thompson]

 --- "R.A. Hettinga" <[EMAIL PROTECTED]> wrote: 
[snip]
> Property is like rights. We create it inherently, because we're human,
> it
> is not bestowed upon us by someone else. Particularly if that property
> is
> stolen from someone else at tax-time.

Bzzt.  I call you on your bullshit.

Supposedly by convention, individuals attach some of a set of symbol
relations to physical objects and ideas and processes.   Such relations,
when observed consistently, confer rights of posession and use to groups
or individuals.  Individuals employed by governments, as well as special
interest groups, are certainly no longer satisfied with a democratic
arrangement of property rights and have manufactured consent, as it were,
to establish a bunch of exceptions to property rights that allow for
`legalised' theft.

But as long as property rights are generally considered to be a tenet and
characteristic of society, excuses for officiated theft, for instance,
merely put a veneer of legitimacy over certain kinds of theft.  I doubt
that RMS will ever be framed, arrested and thrown in to the gulag, his
property confiscated; but for someone like myself, that is certainly an
option, eh?  


Regards,

Steve


__ 
Post your free ad now! http://personals.yahoo.ca

Watching Outgoing E-mail

[R.A. Hettinga]

Forbes



Ten O'Clock Tech
Watching Outgoing E-mail
Arik Hesseldahl,   02.16.05, 10:00 AM ET

Sometimes it's amazing that people in the business world continue to use
e-mail at all.

 Sure it's convenient and fast, but it's also an increasingly difficult
method of communication to manage, especially if your company is covered by
some of the new regulatory rules like Sarbanes-Oxley, HIPAA and the like.
There are new rules governing how long a company must store your e-mail,
and if someone takes your company to court, how quickly you must be able to
produce copies of e-mail messages covered by a subpoena.

 There are new standards coming in to play governing the level of an
employer's legal responsibility for the e-mail that their employees send
around the office. One case frequently cited is that of Chevron, now part
of ChevronTexaco (nyse:  CVX -  news  - people  ), which in 1995 paid a
$2.2 million out-of-court settlement to four female employees after the
women said that an e-mail circulating around the office containing some
tasteless jokes created a hostile work environment.

 A startup company called InBoxer, demonstrating a new software product
here at the Demo Conference this week, has shown that companies can and
will try to minimize their exposure to these kinds of legal risks by
screening the e-mails that employees attempt to send.

 InBoxer, which used to be called Audiotrieve, calls its new product
OutBoxer, and it scans outgoing e-mail messages looking for inappropriate
content, unauthorized disclosure of information and tries to encourage
senders to clean up their messages before they actually send them.

 CEO and Founder Roger Matus says as part of building its technology the
company scanned and analyzed more than a half million e-mail messages
written by senior executives at Enron. Those messages, which have been made
public as part of the investigation into Enron by the Federal Energy
Regulatory Commission, proved useful, he said, for the purpose of analysis
and testing an e-mail filtering technology.

 Matus says OutBoxer uses a technique called "linguistic processing" that
is in part derived from related work in speech recognition by his
co-founder and chief technologist, Sean True. Using its methods against the
Enron mails, the company found that 20% of those messages contained some
"non-business" content. Another 4% of the messages--or about one in 25--in
the Enron collection contained content that was either pornographic,
racially or ethnically insensitive or which contained questionable images.

 So, people pass around obnoxious e-mails. Big deal, right? Well, you may
have a thick skin or simply not be offended easily, but how about when it
comes to company secrets being passed around? What's to stop somebody who
just got passed over for a promotion from sending out some sensitive
information about your best customers to an old friend who happens to work
for a competitor?

 OutBoxer works with Microsoft's  (nasdaq:  MSFT -  news  -  people  )
Exchange server and will in time extend its reach to Research In Motion's
(nasdaq:  RIMM -  news  -  people  ) Blackberry wireless e-mail devices as
well. When it's running, it gives a range of responses to e-mails you try
to send that it thinks you should at least think twice about. In some cases
it will simply raise a red flag and point out that you may want to delete
something in the message.

 If nothing else, if gives you a chance to listen to second thoughts and
make sure you really want to send that e-mail. But in other cases it can be
configured to prevent a user from sending a particular e-mail entirely.

 What it misses--and this raises another set of information security
questions altogether--is the fact that many employees who would be likely
to e-mail sensitive company information around would also tend to be
naturally suspicious that their e-mail activity is already being watched by
the company, even though it probably isn't. If they really want to send
something they're not supposed to, they'll find a way to take it home and
send it from a personal e-mail account not subject to the screening process
in use at the office.

 OutBoxer is expected to be available this summer, and it will join
InBoxer's other product, an anti-spam screening product called InBoxer. A
price has yet to be set.

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

FSTC Project Update

[R.A. Hettinga]

--- begin forwarded text


Date: Wed, 16 Feb 2005 12:18:56 -0500
From: Jim Salters <[EMAIL PROTECTED]>
Subject: FSTC Project Update
To: members@ls.fstc.org
Thread-Index:
 AcRB0A9Y0sS8MgYzStq91o5SaD2dkAAAEYTwFfSLIoABaGIp8AdNSbaAFYh3pBAABNa4UAAAoCYw

To: FSTC Members and Friends
From: Jim Salters, Director of Tech Initiatives and Project Development

*** January/February Project Update ***

Since our last update, we have launched two new projects (Business
Continuity Compliance and Status Reporting, Image Quality and Usability
Assurance Phase II), completed one project (Counter-Phishing Phase I), and
have added two new projects to our pipeline (Better Mutual Authentication,
Resiliency Maturity Model) in addition to Interoperable Verification of
Check Security Features.

[As a reminder, projects show up in this update only after it has a high
probability of launching.  We have a number of initiatives in earlier stages
of development.]

Our Standing Committees (SCOMs) and Special Interest Groups (SIGs) continue
to provide a forum for discussion that results in networking, knowledge
sharing, and action in the form of projects and workshops.  If you are not
yet active in one or more committees, please contact me or the committee's
Managing Executive.  SCOMs and SIGs are still open to non-members, however,
projects are members-only.

FSTC provides an action-oriented, collaborative forum for our members to
address shared business opportunities and challenges through technology
projects and knowledge-sharing.  We view our projects as our core activity,
and one of the key benefits of FSTC membership is eligibility to participate
in these projects.  In our efforts to keep our members and friends
up-to-date on the latest developments in these active and developing
initiatives, we provide our colleagues this periodic project update  As
always, please contact me or Zach Tumin, FSTC Executive Director, for more
information.  Or visit our website at http://fstc.org.

Active Projects:

1.  Counter-Phishing Phase I (completed Dec 2004)
2.  e-Authentication: Business and Technology Proof-of-Concept (launched Oct
2004)
3.  Business Continuity: Compliance and Status Reporting (launched Nov 2004)

4.  Image Quality and Usability Assurance Phase II  (launched Nov 2004)

Projects in Formation (soliciting commitments):

[coming soon]

Projects in Development:

1.  Interoperable Verification of Check Security Features
2.  Resilience Maturity Model (RMM): Phase I
3.  Better Mutual Authentication: Phase I
__

ACTIVE PROJECTS:

1.  Counter-Phishing Phase I (completed Dec 2004)

http://fstc.org/projects/counter-phishing-phase-1/

FSTC has completed a first-phase initiative to address the problem of
phishing and related threats in financial services, as it affects the
relationship between customer and firm.  In collaboration with other
industry groups, the project team developed a suite of documents and tools
that allowed institutions to understand the comprehensive nature of the
problem, and understand the available solution options available to the
industry.  The project developed a detailed model of the problem, a
cost/impact model, the solution space, and a survey of over 60 solution
providers.  In addition, the project developed a next-phase proposal draft
for coordinated industry action to enable Better Mutual Authentication
(described below).

12 financial institutions and over 15 technology companies participated in
the initiative, and recently published the project's core findings and
recommendations to the public.  These documents are available from the FSTC
web site (link above).  A core group is currently developing a next-phase
initiative in Better Mutual Authentication, which is described below, and
other areas.  This project originated from the Security SCOM: co-chaired by
Mike McCormick of Wells Fargo, and Mike Versace of NEC.
(http://fstc.org/advisory/security.cfm)
__

2.  FSTC/GSA e-Authentication: Business and Technology Proof-of-Concept
(launched Oct 2004, to complete in late March)

http://fstc.org/projects/new.cfm#eauth

This 5-month project is assessing the viability of the potential business
opportunity that exists for financial institutions to leverage their online
customer relationships and provide a federated identity-driven
authentication service to government agencies, and to integrate these
services into financial institutions' online applications. FSTC, jointly
with the GSA's E-Authentication Initiative Project Management Office (EAI
PMO), have launched a three-track project to ascertain the business model,
legal framework, and technical viability of using institutions' identity
credentials to permit consumers and businesses to access secure online
government applications through federation.

There are 7 financial institutions and 10 technology companies and other
organizations participating in the project.  An in-person meeting is
currently scheduled for mid-March in Atlanta, host

Re: SHA1 broken?

[R.A. Hettinga]

--- begin forwarded text


To: [EMAIL PROTECTED]
From: Werner Koch <[EMAIL PROTECTED]>
Organisation: g10 Code GmbH
OpenPGP: id=5B0358A2; url=finger:[EMAIL PROTECTED]
Mail-Followup-To: [EMAIL PROTECTED]
Date: Wed, 16 Feb 2005 19:54:35 +0100
User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux)
Subject: Re: SHA1 broken?
Sender: [EMAIL PROTECTED]

On Wed, 16 Feb 2005 11:57:36 -0500, David Shaw said:

> Yes it is.  Assuming this is true, we must start migrating away from
> SHA-1.  Actually, we should start this anyway - even the NIST
> recommends moving away from SHA-1 for long-term security.

The real problem with the breakthrough is, that it seems that they
have developed a new cryptoanalytical method and that might pave the
way for further improvements.  Over the last 2 decades the art of
cryptoanalysis has changed dramatically in the area of symmetric
ciphers.  This will probably also happen to hash algorithms now.

There is however a huge problem replace SHA-1 by something else from
now to tomorrow: Other algorithms are not as well anaylyzed and
compared against SHA-1 as for example AES to DES are; so there is no
immediate successor of SHA-1 of whom we can be sure to withstand the
possible new techniques.  Second, SHA-1 is tightly integrated in many
protocols without a fallback algorithms (OpenPGP: fingerprints, MDC,
default signature algorithm and more).


Salam-Shalom,

   Werner



___
Gnupg-users mailing list
[EMAIL PROTECTED]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

--- end forwarded text


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: What is a cypherpunk?

[Justin]

On 2005-02-16T13:18:16-0500, Steve Thompson wrote:
>  --- Justin <[EMAIL PROTECTED]> wrote: 
> > On 2005-02-15T13:23:37-0500, Steve Thompson wrote:
> > >  --- "James A. Donald" <[EMAIL PROTECTED]> wrote: [snip]
> > > > As governments were created to smash property rights, they are
> > > > always everywhere necessarily the enemy of those with property,
> > > > and the greatest enemy of those with the most property.
> > > 
> > > Uh-huh.  Perhaps you are using the term 'government' in a way that
> > > is not common to most writers of modern American English?
> > 
> > I think it's fair to say that governments initially formed to
> > protect property rights (although we have no historical record of
> > such a government because it must have been before recorded history
> > began).

As I said, I think this is wrong.  Mammals other than primates recognize
property in a sense, but it depends entirely on social status.  There is
no recognition of property rights independent of social position.  If a
lion loses a fight, he loses all his property.

Chimp and gorilla communities have the beginnings of monarchy.  Yet they
don't care about religion, and their conception of property rights still
derives from their position in the social ladder.  If not primates, do
any animals besides humans recognize property rights independent of
social position?

> I think it's fair to say that governments were initially, and still
> largely remain today, the public formalisation of religious rule
> applied to the  civil sphere of existence.  It's more complicated than
> that, but generally speaking, somewhat disparate religious populations
> (protestant, catholic, jew, etc.) accepted the fiction of secular
> civil governance when in reality religious groups have tended to
> dominate the shape and direction of civil government, while professing
> to remain at arms-length.

I think it's fair to say that religion post-dates government, at least
informal government.  Maybe the first monarchs/oligarchs came up with
religious schemes to keep the peons in line, but I would think that was
incidental, as was the notion of property rights.  Both property rights
and religion depend heavily on the ability for communication, but
monarchy can be established without it.  All the monarch needs is a big
stick and an instinctual understanding of some of the principles much
later described by our good Italian friend Niccolo M.

> 'Fiction' is the operative term here, and I contend that nowhere is this
> more evident in the closed world of clandestine affairs -- civilian OR
> military.  Religion has always been about 'powerful' and educated in-sect
> sub-populations organising civil and intellectuall affairs in such a way

I think it's fair to say that religion may be more important than
property rights for keeping people in line.  But I think they're both
incidental.

> > When democratic states inevitably fold into tyranny, some of those
> > restrictions remain.  Right now most states have a strange mix of
> > property rights protections (e.g. the Berne convention and the DMCA) and
> > property rights usurpations (e.g. no right to own certain weapons; equal
> > protection).
> 
> Agreements and accords such as the Berne convention and the DCMA, to say
> nothing of human-rights legislation, are hobbled by the toothlessness of
> enforcement, pulic apathy to others' rights, and a load of convenient
> exceptions to such rules made for the agents of state.

Okay.  So it's fair to say, then, that we have compromises between
property rights protections and other (perceived yet imaginary?)
property rights protections.  Which is really what it boils down to.
There's no property rights usurpation without some motive behind it.
And motives generally stem from wanting to redistribute property or deny
it to another individual, group, or an entire nation.  Sometimes that
property is land (the excuse for such property redistribution or denial
of ownership is called "self determination"), sometimes it is
intellectual property (the excuse is "information wants to be free")...
sometimes it's explosives (they're TOO DANGEROUS, and only terrorists
have them... are you a terrorist?).

-- 
Certainly there is no hunting like the hunting of man, and those who
have hunted armed men long enough and liked it, never really care for
anything else thereafter.   --Hemingway, Esquire, April 1936

Re: What is a cypherpunk?

[Justin]

On 2005-02-16T13:31:14-0500, Steve Thompson wrote:
>  --- "R.A. Hettinga" <[EMAIL PROTECTED]> wrote: 
> [snip]
> > Property is like rights. We create it inherently, because we're human,
> > it
> > is not bestowed upon us by someone else. Particularly if that property
> > is
> > stolen from someone else at tax-time.
> 
> But as long as property rights are generally considered to be a tenet and
> characteristic of society, excuses for officiated theft, for instance,
> merely put a veneer of legitimacy over certain kinds of theft.  I doubt
> that RMS will ever be framed, arrested and thrown in to the gulag, his
> property confiscated; but for someone like myself, that is certainly an
> option, eh?  

Is there a difference between property rights in a society like a pride
of lions, and property rights that are respected independent of social
status?  Or are they essentially the same?  They seem to be different,
but I can't articulate why.  Obviously the latter needs enforcement,
possibly courts, etc., but I can't identify a more innate difference,
other than simply as I described it -- property rights depending on
social status, and property rights not depending on social status.

I don't think any society has ever managed to construct a pure property
rights system where nobody has any advantage.  Without government it's
the strong.  With government, government agents have an advantage, and
rich people have an advantage because they can hire smart lawyers to get
unfair court decisions.  So maybe this is just silly, in which case I
believe even more strongly that formal status-independent property
rights are not the basis of government.

-- 
Certainly there is no hunting like the hunting of man, and those who
have hunted armed men long enough and liked it, never really care for
anything else thereafter.   --Hemingway, Esquire, April 1936

Re: What is a cypherpunk?

[Steve Thompson]

 --- Justin <[EMAIL PROTECTED]> wrote: 
> On 2005-02-16T13:31:14-0500, Steve Thompson wrote:
> >  --- "R.A. Hettinga" <[EMAIL PROTECTED]> wrote: 
> > [snip]
> > > Property is like rights. We create it inherently, because we're
> human,
> > > it
> > > is not bestowed upon us by someone else. Particularly if that
> property
> > > is
> > > stolen from someone else at tax-time.
> > 
> > But as long as property rights are generally considered to be a tenet
> and
> > characteristic of society, excuses for officiated theft, for instance,
> > merely put a veneer of legitimacy over certain kinds of theft.  I
> doubt
> > that RMS will ever be framed, arrested and thrown in to the gulag, his
> > property confiscated; but for someone like myself, that is certainly
> an
> > option, eh?  
> 
> Is there a difference between property rights in a society like a pride
> of lions, and property rights that are respected independent of social
> status?  Or are they essentially the same?  They seem to be different,
> but I can't articulate why.  Obviously the latter needs enforcement,
> possibly courts, etc., but I can't identify a more innate difference,
> other than simply as I described it -- property rights depending on
> social status, and property rights not depending on social status.
> 
> I don't think any society has ever managed to construct a pure property
> rights system where nobody has any advantage.  Without government it's
> the strong.  With government, government agents have an advantage, and
> rich people have an advantage because they can hire smart lawyers to get
> unfair court decisions.  So maybe this is just silly, in which case I
> believe even more strongly that formal status-independent property
> rights are not the basis of government.

Whatever.  See the sentence I wrote last in my previous message.
When you grow the fuck up, drop me a line.


Regards,

Steve

__ 
Post your free ad now! http://personals.yahoo.ca

Re: What is a cypherpunk?

[Steve Thompson]

[snip]
> > Agreements and accords such as the Berne convention and the DCMA, to
> say
> > nothing of human-rights legislation, are hobbled by the toothlessness
> of
> > enforcement, pulic apathy to others' rights, and a load of convenient
> > exceptions to such rules made for the agents of state.
> 
> Okay.  So it's fair to say, then, that we have compromises between
> property rights protections and other (perceived yet imaginary?)
> property rights protections.  Which is really what it boils down to.

Absolutely.

> There's no property rights usurpation without some motive behind it.

Unless if it's by accident.

> And motives generally stem from wanting to redistribute property or deny
> it to another individual, group, or an entire nation.  Sometimes that
> property is land (the excuse for such property redistribution or denial
> of ownership is called "self determination")

Operative word:  excuse.

>  , sometimes it is
> intellectual property (the excuse is "information wants to be free")...

Or like maybe the NSA needs to steal something that they can't buy because
they "NEED" to conceal the project that requires the stolen item.  Or
maybe a wealthy interest has a commercial interest to protect and bribes
an official to steal land that threatens said interest.  Or maybe it's a
Klan member who thinks that niggers shouldn't own property, and so he
steals it.  Or perhaps it's a Xtian who believes it's God's will to deny
property rights to heathens, as a lesson in coming to God.  Or maybe it's
a bunch of fucking theives who use any excuse they have at hand to justify
their own greed.

> sometimes it's explosives (they're TOO DANGEROUS, and only terrorists
> have them... are you a terrorist?).

Sometimes it's a complete load of shit, and there's no real valid reason
that will stand intelligent scrutiny as to why some people are allowed to
do one thing that is denied to another people.

Personally, I believe that the people who run the US, the dirty ones, are
too well aware of the liabilities they have assumed as a matter of course
in their history, and who will do anything rather than face paying the
debt.  Anything.   And futher, this conclusion is not so foreign as to be
beyond comprehension, but rather represents a problem that no-one is
willing to deal with -- thus compounding the error.


Since you still aren't bothering to address messages I write in good
faith, I suggest that you should go fuck yourself.


Regards,

Steve


__ 
Post your free ad now! http://personals.yahoo.ca

Mudge Lives: China seeks hackers for information warfare, follows Clinton's lead

[R.A. Hettinga]

World Tribune.com --


 China seeks hackers for information warfare, cites Clinton's example

 Special to World Tribune.com
EAST-ASIA-INTEL.COMWednesday, February 16, 2005

 Zhang Zhaozhong, director of the Military and Equipment Teaching and
Research Center of the National Defense University, said the government is
hoping to recruit computer hackers as part of its information warfare
operations.

 Zhang noted that former U.S. President Bill Clinton invited hackers to the
White House for a discussion of network security. China could also follow
this example to mine the skills of hackers, Zhang said.

 He said that recruiting hackers would enhance information security levels.

 The comments appeared in the Hong Kong newspaper Wen Wei Po. The newspaper
reported Feb. 10 that a well-known Chinese hacker organization, the Honker
Union, had disbanded. The group claimed thousands of members, including
network security professionals.

 The group claimed to have successfully attacked the White House Internet
site, and it was part of a joint Chinese effort to conduct attacks on U.S.
websites following the April 2001 mid-air collision of a Chinese F-8 jet
and U.S. EP-3 surveillance aircraft.

 Other hacker groups that reportedly took part in the attacks were the
Hacker Union for China and China Eagles.


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

'SS Jimma: The American Mystery Sub

[R.A. Hettinga]

Code-named "Killer Rabbit"...

Cheers,
RAH
--



StrategyPage.com

February 16, 2005

SUBMARINES: The American Mystery Sub


January 14, 2005: The USS Jimmy Carter (SSN 23),  a modified Seawolf-class
submarine, is used for missions the navy does not like to talk about. The
Carter displaces 12,151 tons submerged, is 100 feet longer than a baseline
Seawolf (453 feet compared to 353 feet). She is also slightly slower than a
baseline Seawolf (61.1 kilometers per hour compared to 64.8 for the
baseline Seawolf), and carries the same armament (eight 30-inch torpedo
tubes with fifty weapons).

 The Jimmy Carter, though, was not designed  for combat patrols. She is
officially a testbed, much like the Los Angeles-class submarine USS
Memphis. However, her real role is to eventually replace the Sturgeon-class
submarine USS Parche, which was taken out of service in October, 2004. The
USS Parche also has a 100-foot long extension - although that was installed
during a refit that lasted from 1987-1991. The Navy is very reluctant to
give out details about the Jimmy Carter, and she is often placed in a
covered drydock (to keep her away from prying eyes in space as well as on
the ground). This is not surprising. The methods and sources of
intelligence are protected very closely by the intelligence community, and
the Jimmy Carter is going to be one of the prime sources of intelligence.

 The Jimmy Carter is capable of carrying 50 special operations personnel,
but her primary mission will be intelligence gathering. The Navy doesn't
talk much about the intelligence-gathering missions it has carried out in
the past, or currently. One of the missions Parche carried out was the
maintenance of taps on undersea phone lines between the Russian naval bases
of Petropavalosk and Vladivostok (the famous "Ivy Bells" mission). Other
missions involved electronic intelligence. Submarines are ideal for this
mission - they can often supplement coverage by aircraft and satellites.
This supplementary coverage it vital. Aircraft can be detected and have
limited range and satellites have predictable orbits. Dummy transmissions
can be used to throw them off. Submarines, on the other hand, are
unpredictable things - particularly nuclear-powered submarines. There is no
way to know a submarine is thereŠ unless it either chooses to reveal its
presence (usually through the creation of a flaming datum) or something
goes wrong (a collision - like which happened with the USS Tautog).
Submarines often get data on new naval units - often shadowing them and
collecting "hull shots" (pictures of the hull of a ship or submarine) and a
very good idea of the ship's acoustic signature (for future identification).

 In time of war, the Jimmy Carter will provide support for various
missions, like raids by SEALs and other special operations units. Often,
these groups will split up for missions, which could run the gamut of raids
or advising partisans, or a single large mission could be carried out.
Often, their delivery will be by the Advanced SEAL Delivery System,
supported in a Dry Dock Shelter. She will also have additional command and
control facilities, and storage for additional munitions and fuel.

 You will not hear much about what the Jimmy Carter does if the United
States Navy has its way. The submarines are called the Silent Service. This
is doubly true for those submarines like Jimmy Carter and Parche - which
engage in intelligence gathering. Their successes remain secret - failures
will probably make the press. 


 
Seawolf
 Jimmy Carter
Parche

Length (feet)
 353
453
401.5

Displ. (tons)
 9,137
12,151
7,800

Speed (km/h)
 61.1
64.8
46.3

Crew
 130
 130+
 50 SF 179+

Torpedo tubes
8 30"
8 30"
4 21"

Weapons
50
50
23

 


 Comparison of special operations subs Jimmy Carter and Parche. Seawolf 
 included for comparison to Carter.- Harold C. Hutchison
([EMAIL PROTECTED])




-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: SHA1 broken?

[James A. Donald]

--
> There is however a huge problem replace SHA-1 by something
> else from now to tomorrow: Other algorithms are not as well
> anaylyzed and compared against SHA-1 as for example AES to
> DES are; so there is no immediate successor of SHA-1 of whom
> we can be sure to withstand the possible new techniques.
> Second, SHA-1 is tightly integrated in many protocols without
> a fallback algorithms (OpenPGP: fingerprints, MDC, default
> signature algorithm and more).

They reduced the break time of SHA1 from 2^80 to 2^69.

Presumably they will succeed in reducing the break time of
SHA256 from 2^128 to a mere 2^109 or so.

So SHA256 should be OK.

2^69 is damn near unbreakable.  2^80 is really unbreakable. 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 IQqit8pqSokARYxy1xVLrTaVRSKMAGvz2MXbQqXi
 4DAQZgw0sbP3OcD3kgO+x7f+VfsPD4E8EBsB96d/D

Re: What is a cypherpunk?

[James A. Donald]

--
James A. Donald
> > > As governments were created to smash property rights,
> > > they are always everywhere necessarily the enemy of those
> > > with property, and the greatest enemy of those with the
> > > most property.

Steve Thompson
> > Uh-huh.  Perhaps you are using the term 'government' in a
> > way that is not common to most writers of modern American
> > English?

Justin <[EMAIL PROTECTED]>
> I think it's fair to say that governments initially formed to
> protect property rights

Where we have historical record, this is not the case.  Romulus
was made King in order that the Romans could abduct and rape
women.  William the bastard became William the conqueror by
stealing land and enserfing people.

After George Washington defeated the British, his next
operation was to crush the Whisky rebellion.   You could say
that he defeated the British in order to protect property
rights, but his next military operation was to violate property
rights, not uphold them. 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 h5r7X0d4z7lq2vVpAOdecOCy2txrOnv9O/ymDY+3
 4VE2saGBeSH+48fFJ9nuHVOypb45jH6pBBteu3f+Z

Re: What is a cypherpunk?

[James A. Donald]

--
On 16 Feb 2005 at 0:30, Justin wrote:
> Judging from social dynamics and civil advancement in the 
> animal kingdom, monarchies developed first and property 
> rights were an afterthought.

Recently existent neolithic agricultural peoples, for example 
the New Guineans, seldom had kings, and frequently had no form 
of government at all other than that some people were 
considerably wealthier and more influential than others, but 
they always had private property.

This corresponds to the cattle herding people we read depicted 
in the earliest books of the old testament.  They had private 
property, wage labor, and all that from the beginning, but they 
do not develop kings until the book of Samuel, long after they 
had settled down and developed vineyards and other forms of 
sedentary agriculture: Judges 17:6 "In those days there was no 
king in Israel; every man did what was right in his own eyes"

Thus both our recent observation of primitive peoples, and our 
written historical record, shows that private property rights 
long preceded government.

Our observations of governments being formed show that 
governments are formed primarily for the purpose of attacking 
private property rights.   You want to steal something like 
land or women, you need a really big gang. 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 of/pZSLkKATIjG0fWzPvEZnxIsBE/Q0Se80Gx178
 4LGYWiIfc2+Us4l38hwPX8mK0CR7hBpVkJ952v8/D

Re: How to Stop Junk E-Mail: Charge for the Stamp

[Barry Shein]

Bingo, that's the whole point, spam doesn't get "fixed" until there's
a robust economics available to fix it. So long as it's treated merely
an annoyance or security flaw there won't be enough economic
backpressure.


On February 16, 2005 at 18:38 [EMAIL PROTECTED] (Peter Gutmann) wrote:
 > Barry Shein <[EMAIL PROTECTED]> writes:
 > 
 > >Eventually email will just collapse (as it's doing) and the RBOCs et al will
 > >inherit it and we'll all be paying 15c per message like their SMS services.
 > 
 > And the spammers will be using everyone else's PC's to send out their spam, 
 > so
 > the spam problem will still be as bad as ever but now Joe Sixpack will be
 > paying to send it.
 > 
 > Hmmm, and maybe *that* will finally motivate software companies, end users,
 > ISPs, etc etc, to fix up software, systems, and usage habits to prevent this.
 > 
 > Peter.

-- 
-Barry Shein

Software Tool & Die| [EMAIL PROTECTED]   | http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202| Login: 617-739-WRLD
The World  | Public Access Internet | Since 1989 *oo*

Re: How to Stop Junk E-Mail: Charge for the Stamp

[Barry Shein]

And how do you fund all this, make it attain an economic life of its
own?

That's the big problem with all micropayment schemes. They sound good
until you try to work the business plan, then they prove themselves
impossible because it costs 2c to handle each penny. And more if
issues such as collections and enforcement (e.g., against frauds) is
taken into account.

This is why, for example, we have a postal system which manages
postage, rather than some scheme whereby every paper mail recipient
charges every paper mail sender etc etc etc.

On February 16, 2005 at 12:38 [EMAIL PROTECTED] (Tyler Durden) wrote:
 > Wrong. We already solved this problem on Cypherpunks a while back.
 > 
 > A spammer will have to pay to send you spam, trusted emails do not. You'll 
 > have a settable Spam-barrier which determines how much a spammer has to pay 
 > in order to lob spam over your barrier (you can set it to 'infinite' of 
 > course).
 > 
 > A new, non-spam mailer can request that their payment be returned upon 
 > receipt, but they'll have to include the payment unless you were expecting 
 > them.
 > 
 > This way, the only 3rd parties are those that validate the micropayments.
 > 
 > -TD
 > 
 > >From: Barry Shein <[EMAIL PROTECTED]>
 > >To: "R.A. Hettinga" <[EMAIL PROTECTED]>
 > >CC: cryptography@metzdowd.com, [EMAIL PROTECTED]
 > >Subject: Re: How to Stop Junk E-Mail: Charge for the Stamp
 > >Date: Tue, 15 Feb 2005 17:29:05 -0500
 > >
 > >Oh no, the idiotic penny black idea rides again.
 > >
 > >Like the movie "War Games" when a young Matthew Broderick saves the
 > >world by causing the WOPR computer to be distracted into playing
 > >itself tic-tac-toe rather than launching a pre-emptive nuclear strike.
 > >
 > >It was a MOVIE, made in 1983 nonetheless, get over it.
 > >
 > >More seriously, what attracts people to this penny black idea is that
 > >they realize that the only thing which will stop spammers is to
 > >interject some sort of economic constraint. The obvious constraint
 > >would be something like stamps since that's a usage fee.
 > >
 > >But the proposer (and his/her/its audience) always hates the idea of
 > >paying postage for their own email, no, no, there must be a solution
 > >which performs that economic miracle of only charging for the behavior
 > >I don't like! An economic Maxwell's demon!
 > >
 > >So, just like the terminal seeking laetrile shots or healing waters,
 > >they turn to not even half-baked ideas such as penny black. Don't
 > >charge you, don't charge me, charge that fellow behind the tree!
 > >
 > >Oh well.
 > >
 > >Eventually email will just collapse (as it's doing) and the RBOCs et
 > >al will inherit it and we'll all be paying 15c per message like their
 > >SMS services.
 > >
 > >I know, we'll work around it. Of course by then they'll have a
 > >multi-billion dollar messaging business to make sure your attempts to
 > >by-step it are outlawed and punished. Consider what's going on with
 > >the music-sharing world, as another multi-billion dollar business
 > >people thought they could just defy with anonymous peer-to-peer
 > >services...
 > >
 > >The point: I think the time is long past due to "grow up" on this
 > >issue and accept that some sort of limited, reasonable-usage-free,
 > >postage system is necessary to prevent collapse into monopoly.
 > >
 > >--
 > > -Barry Shein
 > >
 > >Software Tool & Die| [EMAIL PROTECTED]   | 
 > >http://www.TheWorld.com
 > >Purveyors to the Trade | Voice: 617-739-0202| Login: 617-739-WRLD
 > >The World  | Public Access Internet | Since 1989 *oo*
 > 

-- 
-Barry Shein

Software Tool & Die| [EMAIL PROTECTED]   | http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202| Login: 617-739-WRLD
The World  | Public Access Internet | Since 1989 *oo*

Re: How to Stop Junk E-Mail: Charge for the Stamp

[R.A. Hettinga]

At 8:12 PM -0500 2/16/05, Barry Shein wrote:
>And how do you fund all this, make it attain an economic life of its
>own?

I can send you a business plan, if you like. Post-Clinton-Bubble talent's
still cheap, I bet...

;-)

Still estivating, here, in Roslindale,
RAH

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: How to Stop Junk E-Mail: Charge for the Stamp

[Tyler Durden]

Well, basically it's pretty simple. Someone will eventually recognize that 
the idea has a lot of economic potential and they'll go to Sand Hill and get 
some venture funds. 6 months later you'll be able to sign up for "Spam 
Mail". Eventually the idea will spread and Spammers, who are already 
squeezed via Men With Guns, will start running out of options and so will be 
willing to pay, for instance, 1 cent per email. After that, of course, the 
price will likely go up, except for crummier demographics that are willing 
to read email for 1 cent/spam.

Actually, this points to why Spam is Spam...Spam is Spam because it has zero 
correlation to what you want. Look at Vogue, etc...it's a $10 magazine 
consisting mostly of advertisements, but they're the advertisements women 
want. Pay-to-Spam will work precisely because it will force Spammers to 
become actual marketers, delivering the right messages to the right 
demographics..in that context the Price to send spam is a precise measure of 
Spammers lack-of-marketing savvy and/or information. Hell, if they're good 
enough at it they'll probably get women to pay THEM to spam 'em.

-TD
From: Barry Shein <[EMAIL PROTECTED]>
To: "Tyler Durden" <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED], [EMAIL PROTECTED], cryptography@metzdowd.com,   
[EMAIL PROTECTED]
Subject: Re: How to Stop Junk E-Mail: Charge for the Stamp
Date: Wed, 16 Feb 2005 20:12:59 -0500

And how do you fund all this, make it attain an economic life of its
own?
That's the big problem with all micropayment schemes. They sound good
until you try to work the business plan, then they prove themselves
impossible because it costs 2c to handle each penny. And more if
issues such as collections and enforcement (e.g., against frauds) is
taken into account.
This is why, for example, we have a postal system which manages
postage, rather than some scheme whereby every paper mail recipient
charges every paper mail sender etc etc etc.
On February 16, 2005 at 12:38 [EMAIL PROTECTED] (Tyler Durden) 
wrote:
 > Wrong. We already solved this problem on Cypherpunks a while back.
 >
 > A spammer will have to pay to send you spam, trusted emails do not. 
You'll
 > have a settable Spam-barrier which determines how much a spammer has to 
pay
 > in order to lob spam over your barrier (you can set it to 'infinite' of
 > course).
 >
 > A new, non-spam mailer can request that their payment be returned upon
 > receipt, but they'll have to include the payment unless you were 
expecting
 > them.
 >
 > This way, the only 3rd parties are those that validate the 
micropayments.
 >
 > -TD
 >
 > >From: Barry Shein <[EMAIL PROTECTED]>
 > >To: "R.A. Hettinga" <[EMAIL PROTECTED]>
 > >CC: cryptography@metzdowd.com, [EMAIL PROTECTED]
 > >Subject: Re: How to Stop Junk E-Mail: Charge for the Stamp
 > >Date: Tue, 15 Feb 2005 17:29:05 -0500
 > >
 > >Oh no, the idiotic penny black idea rides again.
 > >
 > >Like the movie "War Games" when a young Matthew Broderick saves the
 > >world by causing the WOPR computer to be distracted into playing
 > >itself tic-tac-toe rather than launching a pre-emptive nuclear strike.
 > >
 > >It was a MOVIE, made in 1983 nonetheless, get over it.
 > >
 > >More seriously, what attracts people to this penny black idea is that
 > >they realize that the only thing which will stop spammers is to
 > >interject some sort of economic constraint. The obvious constraint
 > >would be something like stamps since that's a usage fee.
 > >
 > >But the proposer (and his/her/its audience) always hates the idea of
 > >paying postage for their own email, no, no, there must be a solution
 > >which performs that economic miracle of only charging for the behavior
 > >I don't like! An economic Maxwell's demon!
 > >
 > >So, just like the terminal seeking laetrile shots or healing waters,
 > >they turn to not even half-baked ideas such as penny black. Don't
 > >charge you, don't charge me, charge that fellow behind the tree!
 > >
 > >Oh well.
 > >
 > >Eventually email will just collapse (as it's doing) and the RBOCs et
 > >al will inherit it and we'll all be paying 15c per message like their
 > >SMS services.
 > >
 > >I know, we'll work around it. Of course by then they'll have a
 > >multi-billion dollar messaging business to make sure your attempts to
 > >by-step it are outlawed and punished. Consider what's going on with
 > >the music-sharing world, as another multi-billion dollar business
 > >people thought they could just defy with anonymous peer-to-peer
 > >services...
 > >
 > >The point: I think the time is long past due to "grow up" on this
 > >issue and accept that some sort of limited, reasonable-usage-free,
 > >postage system is necessary to prevent collapse into monopoly.
 > >
 > >--
 > > -Barry Shein
 > >
 > >Software Tool & Die| [EMAIL PROTECTED]   |
 > >http://www.TheWorld.com
 > >Purveyors to the Trade | Voice: 617-739-0202| Login: 
617-739-WRLD
 > >The World  | Public Access Internet

Enterprise-Class NAS from MPAK

[MPAK Technologies, Inc.]

Title: NetFORCE 900 Promotion











  
 
  To 
view online, please click on the following link: http://www.mpaktech.com/Newsletter_February.html

  


  
 
  

  
   

  Request a Quote 
  l  Contact


  
  

  

  
  

   
   
   
 Receive a $200 
Amazon Gift Certificate for Yourself From MPAK With a NetFORCE 
900!
  That's right! MPAK will e-mail an Amazon 
gift certificate directly to you with your purchase. The NetFORCE 
900 is a cost-effective solution providing up to 4.8 terabytes 
of raw storage capacity in a mere 3U (5.25-inch) enclosure. 
Such a cost-effective and powerful solution makes the NetFORCE 
900 ideal for small- and medium-sized businesses, workgroups, 
and departments of large organizations that need heavy amounts 
of very economical storage that is easy to deploy and manage. 
 Click 
for more details.
  
  
   

  
   
 
  
 
  
   

  
  
  
  · 
Serial-ATA technology
· Up to 4.8TB raw capacity
· Only 3U (5.25") high
· Hot-swappable drives, power supplies & fans
· OS boots from reliable solid state memory 
· Embedded monitoring of operating environment 

  · 
UPS monitoring
· Installs in minutes
· Intel® Xeon™ powered
· Hardware RAID data protection
· Embedded dual Gigabit NIC ports 
  

  
  
   

  
   
 
  
  


  
   
  

   
MPAK Intros New 
  NAS Product Line with the First Enterprise-Class Device at a 
  Sub $10,000 Price Tag
  
   
The 
  new NetFORCE 900 filer provides up to 4.8 terabytes of raw storage 
  capacity in a mere 3U (5.25-inch) enclosure with prices starting 
  at only $9,995!
  
   
 
  
   

   
  Click 
  here for more details
  
   
 
  
   
MPAK Expands its 
  Application Specific Architecture to Include Ruggedized Solutions
  
   
MPAK 
  announces its new partnership with Z-Micro Systems to offer 
  ruggedized computing platforms, mass storage and digitized video 
  solutions. Are your storage solutions field ready? Now they 
  can be!
  

  
   

  
  

  
  

  

 
  To Unsubscribe, please send an e-mail to [EMAIL PROTECTED] 
with REMOVE in the subject line. 

  
  
  
  
  
  
  
  
  


  
  

  

Re: SHA1 broken?

[Joseph Ashwood]

- Original Message - 
From: "James A. Donald" <[EMAIL PROTECTED]>
Subject: Re: SHA1 broken?


2^69 is damn near unbreakable.
I believe you are incorrect in this statement. It is a matter of public 
record that RSA Security's DES Challenge II was broken in 72 hours by 
$250,000 worth of semi-custom machine, for the sake of solidity let's assume 
they used 2^55 work to break it. Now moving to a completely custom design, 
bumping up the cost to $500,000, and moving forward 7 years, delivers ~2^70 
work in 72 hours (give or take a couple orders of magnitude). This puts the 
2^69 work well within the realm of realizable breaks, assuming your 
attackers are smallish businesses, and if your attackers are large 
businesses with substantial resources the break can be assumed in minutes if 
not seconds.

2^69 is completely breakable.
   Joe 

Re: SHA-1 broken?

[Andrew S. Morrison]

All this chatter and everyone pointing to the same page ... but no paper,
no proof ... just mindless chatter.

Anyone know where this ghost paper is?

pgpufblUQzI8b.pgp
Description: PGP signature