Re: cryptome log downloads
On Wed, 26 Feb 2003 23:50:06 +0100 (CET), you wrote: > > These IPs downloaded access log from cryptome during hacked state. Didn't everybody who wanted to know who had downloaded the log, which includes you, have to download the log? Idiot.
Re: Trivial OTP generation method? (makernd.c)
> >After that, you actually want to feed the entropy you're getting
> >from the radio tuner *into* /dev/[u]random.
>
> He may wish to pre-process the raw bits to remove any potential
> bias they may have.
>
> Here's what I do for random bits:
> http://www.etoan.com/random-number-generation/index.html
Nice!!! :) I wasn't aware such electronics is so cheap!
Here is the final version of the OTP generator:
Hints and constructive criticism welcomed.
News: Elementary sanity check on input data is performed.
//-- cut here - makernd.c -- cut here
/*
## ###
##
## makernd - program for generation of random files suitable for one-time
## pads. Uses audio signal from soundcard input.
##
## Performs basic sanity check for sufficient entropy on the input.
## Reads 64 bytes from DSP, checks if there is at least one pair of
## adjanced bytes where the bytes are different by more than 16
## (arbitrarily chosen value). This should be replaced with some kind
## of statistical analysis. The check is also done on each block read
## from the input, discarding suspicious input data.
##
## Reads blocks of 128 bytes from RANDOMINPUT, hashes them with MD5,
## outputs 16-byte blocks to output file and RANDOMDEV (so as the side
## effect it feeds the entropy pool).
##
## Takes one mandatory parameter (number of random bytes to produce) and
## one optional parameter (output file name - uses stdout if not present).
##
## ###
*/
#include
#include
#include
#define RANDOMDEV "/dev/urandom"
#define RANDOMINPUT "/dev/dsprandom"
char output[18];
FILE*fo,*frnd;
void outputbinary(char*s,long n)
{ while(n>0)
{fprintf(fo,"%c",s[0] & 0xff);s++;n--;}
}
// FIXME: Replace with real statistical check
int isinsufficiententropy(char*data,int n)
{ int t;
for(t=0;t16)return 0;
return 1;
}
int checkinputentropy(FILE*f)
{ char data[64];
fread(data,64,1,f);
return isinsufficiententropy(data,64);
}
int output16bytes(FILE*f,long n)
{ char data[128];
MD5_CTX c;
MD5_Init(&c);
MD5_Update(&c,output,16);
for(;;){fread(data,128,1,f);
if(!isinsufficiententropy(data,128))break;
fprintf(stderr,"Insufficient input entropy. Rereading block.\n");}
MD5_Update(&c,data,128);
MD5_Final(output,&c);
if(n>16)n=16;if(n<0)n=0;
outputbinary(output,n);
if(frnd)fwrite(output,16,1,frnd);
return 0;
}
int main(int argc,char*argv[])
{
FILE*f;
long n;
if(argc<2)
{printf("makernd [output.file]\n"
"Creates LENGTH bytes of random numbers derived from "RANDOMINPUT", "
"which should be a symlink to eg. /dev/dsp0 fed with analog signal "
"from eg. a white noise generator.\n"
"Outputs to stdout if output.file is not specified.\n"
"Feeds the output also to "RANDOMDEV".\n");
return 0;}
n=atol(argv[1]);
if(n<=0)
{fprintf(stderr,"Argument '%s' has to be greater than zero.\n",argv[1]);
return 111;}
f=fopen(RANDOMINPUT,"r");
if(!f)
{perror("ERROR: Cannot open "RANDOMINPUT);
fprintf(stderr,"Check if the symlink or device exists.\n");
return 111;}
if(checkinputentropy(f))
{fprintf(stderr,"ERROR: Input entropy seems to be insufficient.\n"
"No two adjanced bytes in "RANDOMINPUT" that are different by more
than 16.\n"
"Check the input signal volume.\n"
"Cowardly refusing to create any output.\n");
return 1;}
frnd=fopen(RANDOMDEV,"rw");
if(frnd){fread(output,16,1,frnd);}
else{fprintf(stderr,"Cannot open "RANDOMDEV", cannot initialize output. Proceeding
anyway.\n");}
if(argc>2){fo=fopen(argv[2],"w");
if(!fo){perror("ERROR: Cannot open output file");return(111);}}
else fo=stdout;
while(n>0){output16bytes(f,n);n-=16;}
fclose(f);fclose(frnd);
return 0;
}
Re: Say Bush is Nuts, Go to Jail
On Wednesday 26 February 2003 17:15, Tyler Durden wrote: > Gulp. But then again, are they going to arrest all 250 million of us? cf The Asylum from Douglas Adams' _So Long and Thanks for All the Fish_. Just turn the entire US into a jail with a few, small "not jail" locations. -- Steve FurlongComputer Condottiere Have GNU, Will Travel Guns will get you through times of no duct tape better than duct tape will get you through times of no guns. -- Ron Kuby
cryptome log downloads
These IPs downloaded access log from cryptome during hacked state. pcp259331pcs.howard01.md.comcast.net 212.54.205.184 host.159-142-70-179.gsa.gov c-889471d5.021-3-73746f50.cust.bredbandsbolaget.se 217.167.197.20 193.128.179.38 217.167.197.20 host.21.88.68.195.rev.coltfrance.com 216.155.104.95 204.249.177.229 c-889471d5.021-3-73746f50.cust.bredbandsbolaget.se 206.180.129.0.dial-ip.hal-pc.org mchesnik.resnet.bucknell.edu logos.relcom.ru pcp03280952pcs.nrockv01.md.comcast.net pool-138-88-125-69.res.east.verizon.net adsl441.estpak.ee 194.90.22.83 h219-110-056-001.catv01.itscom.jp host33-206.pool80181.interbusiness.it 213-140-14-139.fastres.net pcp03280952pcs.nrockv01.md.comcast.net server2.gescenter.com c-889471d5.021-3-73746f50.cust.bredbandsbolaget.se user142.intonet.co.uk p50902fb5.dip.t-dialin.net 217.19.80.197 adsl441.estpak.ee bragi.fh-brandenburg.de esprx02x.nokia.com 62.92.119.47 washdc3-ar2-4-64-017-068.washdc3.elnk.dsl.genuity.net bragi.fh-brandenburg.de mail.emainc.com cf2.andrews.af.mil cachix1.tele.net stop.justice.gc.ca 218.1.37.179 212.137.60.106 m206-5.dsl.tsoft.com 195.243.47.34 host91-189.pool80181.interbusiness.it 130.94.106.228 folsom.officedepot.com 63.171.232.247 gateway1.scottish-southern.co.uk 19.203.252.64.snet.net 156.54.249.179 esprx02x.nokia.com 156.54.249.179 ip68-108-169-227.lv.lv.cox.net ip-192.landsend.com 212.54.205.184 dssback.smsu.edu adsl441.estpak.ee nycmny1-ar5-4-41-204-222.nycmny1.elnk.dsl.genuity.net ip68-12-36-71.ok.ok.cox.net spock.ti.telenor.net h00e018b87996.ne.client2.attbi.com 146.7.100.197 194.102.45.134 ppp011.datacom.bg paginiaurii.rdsnet.ro 12.146.66.131 segfault.net host18-121.pool8021.interbusiness.it 212.54.205.184 server.olgastift.s.bw.schule.de adsl441.estpak.ee anancy-104-1-2-19.abo.wanadoo.fr 12-238-233-6.client.attbi.com ppp011.datacom.bg adsl-154-201-4.clt.bellsouth.net 193.1.100.103 section.eu.org adsl-65-69-105-82.dsl.tulsok.swbell.net 65.123.207.130 www-cache.rz.uni-karlsruhe.de interlock.doeal.gov pcp01686411pcs.wchstr01.pa.comcast.net px2o.wpafb.af.mil adsl441.estpak.ee 1cust113.tnt14.stk3.swe.da.uu.net js.bitnux.com dsl081-198-094.nyc2.dsl.speakeasy.net gussie.cs.queensu.ca 62.173.76.47 65.213.245.17 netcache-2002.public.lawson.webtv.net 65.213.245.17 mail.targettv.com paginiaurii.rdsnet.ro grossetto.cinetic.de 212.185.163.2 grossetto.cinetic.de rnet.riss.net adsl-208-190-44-194.dsl.rcsntx.swbell.net 199.195.109.4 user-0ccskj1.cable.mindspring.com webcacheh02a.cache.pol.co.uk 202.166.126.229 supercache.qualitynet.net 210.187.2.163 170.red-80-58-4.pooles.rima-tde.net adsl441.estpak.ee 207.140.171.115 mail.targettv.com 62.118.206.245 gozer.adams.edu h36n1fls23o1073.telia.com webcacheh02a.cache.pol.co.uk mix-poitiers-106-4-203.abo.wanadoo.fr valis.net.pl 210.187.2.163 200.60.244.210 paginiaurii.rdsnet.ro user31.net518.tx.sprint-hsd.net rd.centennialrd.com grossetto.cinetic.de doc.atstake.com paginiaurii.rdsnet.ro user-2ivfj0h.dialup.mindspring.com dyn325.win.tue.nl doc.atstake.com us1.pharmacia.com 199.67.140.75 198.65.201.34 pf.epsa.pl cache4.ihug.com.au 24-90-126-37.nyc.rr.com 217.206.228.15 adsl441.estpak.ee sigsegv.us 199.195.109.4 www.japet.si el8.net acb4aa08.ipt.aol.com ocw-fl6.mit.edu cache-da03.proxy.aol.com radio-15.cvairnet.com ocw-fl6.mit.edu eric.mvc.mcc.ac.uk 65.213.245.17 host70-246.pool8173.interbusiness.it adsl-216-102-104-158.dsl.scrm01.pacbell.net host18-121.pool8021.interbusiness.it 65.213.245.17 india.dsnethosting.com 12.146.66.131 adsl-66-140-35-4.dsl.rcsntx.swbell.net cc37206-b.ensch1.ov.home.nl hiryu.st.ryukoku.ac.jp cc37206-b.ensch1.ov.home.nl 0x50a1be60.abnxx5.adsl.tele.dk 62.13.170.12 130.156.3.254 dhcp80ffaf1a.residence-rooms.uiowa.edu 193.122.21.42 dpc6682075068.direcpc.com mke-65-29-141-70.wi.rr.com 12-246-108-182.client.attbi.com 209-102-194-133.ipv4.intur.net unknown1.ne.client2.attbi.com adsl-66-140-96-228.dsl.lbcktx.swbell.net makkai1.mfa.kfki.hu 63-216-250-91.sdsl.cais.net 198.143.25.22 63-216-250-91.sdsl.cais.net pool-138-88-125-69.res.east.verizon.net adsl-67-37-28-9.dsl.mdsnwi.ameritech.net 200-147-88-242.tlm.dialuol.com.br d-ip-129-15-111-167.lab.ou.edu 216-39-176-101.ip.theriver.com ip68-98-187-120.nv.nv.cox.net 170.135.241.45 ip68-98-15-128.ph.ph.cox.net unwg01a008.customs.gov stargazer-o.stars-smi.com stargazer-o.stars-smi.com rrcs-west-24-106-45-5.biz.rr.com rrcs-west-24-106-45-5.biz.rr.com 200-147-88-242.tlm.dialuol.com.br sycamore-226-190.tbcnet.com 218.145.25.13 mankey-76.dynamic.rpi.edu multilink.deva.rdsnet.ro wsp000466wss.nebraska.edu 65.213.245.17 cs6669249-49.austin.rr.com 156.80.89.71 212.42.228.2 cache219.156ce.scvmaxonline.com.sg p0033-121.customer.soneraliving.fi sycamore-226-190.tbcnet.com 208.247.107.169 ool-18ba0937.dyn.optonline.net pd958f774.dip.t-dialin.net ns1.amgen.com lns-p19-18-81-57-233-23.adsl.proxad.net host.145.83.23.62.rev.coltfrance.com ca-westla-cuda5-c7a-48.stmnca.adelphia.net fwmoc06.fw.gannett.com adsl441.estpak.ee gw.forbes.net ppp-216-7.25-151.libero.it forced.attrition.
Re: Say Bush is Nuts, Go to Jail
On Wednesday, February 26, 2003, at 11:53 AM, Eric Cordian wrote: http://santafenewmexican.com/site/ news.cfm?BRD=2144&dept_id=415763&newsid=7071930&PAG=461&rfi=9 - ... According to Andrew J. O'Connor, 40, a former Santa Fe public defender, two city police officers removed him from the school's library about 9 p.m. Thursday while he was using a computer. "They Mirandized me, handcuffed me and took me to the police station where two Secret Service agents from Albuquerque interrogated me for hours," O'Connor said. ... While he was at the library, O'Connor said he had a conversation with a woman wearing a button that read, "No war with Iraq." "We talked with each other about that, and I said I think Bush is ... out of control," O'Connor said. The woman with the "No war with Iraq" button was probably a provocateur. SOP for a police state. And SOP since the PATRIOT Act, the Homeland Security Act, and the Protektion of the Reich Act. --Tim May
Re: Say Bush is Nuts, Go to Jail
Damn. Some odd details there. Crap I'm getting paranoid. Wait, I may be paranoid but that doesn't mean I'm wrong. So the guy was known to belong to an Anti-Pallestinian group, and this was known to the SS folks prior to him being arrested. So apparently, they were watching this guy. Gulp. But then again, are they going to arrest all 250 million of us? Declaring anyone who's anti-war (or anti-Bush) an automatic terrorist doesn't look like its going to fly after all, but I could be wrong. -TD From: Eric Cordian <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Say Bush is Nuts, Go to Jail Date: Wed, 26 Feb 2003 11:53:44 -0800 (PST) http://santafenewmexican.com/site/news.cfm?BRD=2144&dept_id=415763&newsid=7071930&PAG=461&rfi=9 - ... According to Andrew J. O'Connor, 40, a former Santa Fe public defender, two city police officers removed him from the school's library about 9 p.m. Thursday while he was using a computer. "They Mirandized me, handcuffed me and took me to the police station where two Secret Service agents from Albuquerque interrogated me for hours," O'Connor said. ... While he was at the library, O'Connor said he had a conversation with a woman wearing a button that read, "No war with Iraq." "We talked with each other about that, and I said I think Bush is ... out of control," O'Connor said. ... -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" _ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
Re: Trivial OPT generation method?
At 10:55 AM 2/26/03 -0500, you wrote: He only needs a pseudo-random seed, though. The real random comes from the radio white-noise. [...] After that, you actually want to feed the entropy you're getting from the radio tuner *into* /dev/[u]random. He may wish to pre-process the raw bits to remove any potential bias they may have. Here's what I do for random bits: http://www.etoan.com/random-number-generation/index.html Cheers, Dan
Say Bush is Nuts, Go to Jail
http://santafenewmexican.com/site/news.cfm?BRD=2144&dept_id=415763&newsid=7071930&PAG=461&rfi=9 - ... According to Andrew J. O'Connor, 40, a former Santa Fe public defender, two city police officers removed him from the school's library about 9 p.m. Thursday while he was using a computer. "They Mirandized me, handcuffed me and took me to the police station where two Secret Service agents from Albuquerque interrogated me for hours," O'Connor said. ... While he was at the library, O'Connor said he had a conversation with a woman wearing a button that read, "No war with Iraq." "We talked with each other about that, and I said I think Bush is ... out of control," O'Connor said. ... -- Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law"
Re: Ethnomathematics
On Wed, Feb 26, 2003 at 10:02:05PM +1300, Peter Gutmann wrote: > > Well, I made a start a few years ago with "Network Security: A Feminist > Perspective" (done when "people ask me to do security talks for them without > bothering to specify which aspect of security they want me to talk about") > about halfway down my home page. The direct link to the slides is > http://www.cs.auckland.ac.nz/~pgut001/pubs/fhealth.pdf. > > Peter. Hilarious! I loved it, but it was so short. You should do an extended, in depth treatment of this subject in the spirit of Sokal. John Bethencourt
Re: Trivial OPT generation method?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Feb 26, 2003 at 03:37:10PM -, Vincent Penquerc'h wrote: > > 1) Get 8 bytes from /dev/urandom. (Just for sure.) Put them into the > You probably know this if you use it, but /dev/random is the most > "random" one, as it always uses system entropy, rather than falling > back on an algorithm to generate more bits than are available in > the pool. He only needs a pseudo-random seed, though. The real random comes from the radio white-noise. I'd say it'd be better to not waste the system's random bytes on this at all, but just to gen your own pseudo-random bytes using /dev/urandom's out-of-entropy function from your OS of choice (audit, I guess, but it's mostly just to blank the memory of anything useful). After that, you actually want to feed the entropy you're getting from the radio tuner *into* /dev/[u]random. - -- gabriel rosenkoetter [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (NetBSD) iD8DBQE+XONt9ehacAz5CRoRAl9yAJ40RRX2GqexHdYa76owwab8sjd+bQCfRn6s pv5PaYjQB4fkCE8QefC+u8g= =3OKq -END PGP SIGNATURE-
Re: Be careful about technological "self help" methods
At 10:46 AM 2/26/2003 -0500, you wrote: http://www.suntimes.com/output/news/cst-nws-booby25.html Family of electrocuted thief gets $75,000 February 25, 2003 BY DAN ROZEK STAFF REPORTER The family of a convicted burglar who was electrocuted in 1997 when he tried to break in to a bar in Aurora after-hours and triggered a homemade booby trap has been awarded a $75,000 jury verdict to be paid by the owners of the bar and the property. Its important to make sure you are judgement proof before taking similar actions. steve
Mischief afoot in Bolivia from IMF et al U.S. proxies?
[Translation via Craig Spencer] http://www.buscabo.net/20030223/economia_8.html >The Hidden Agenda of the IMF >The IMF has been urging an income tax (on Bolivia) for 4 years. > ...which included provisions for progressive rates between 13% > and 25%... > ... according to this document Bolivia has a tax structure that > is too simple. The number of national and local taxes is only > about a dozen. Doubtless, "this simplicity", according to the > IMF "has a cost in structural terms which results in an inability > to mitigate inequality of income and difficulty in directing > national resources. ... > The IMF's proposal aimed at increasing tax revenues. For this > purpose ... an income tax, especially on all the income of natural > persons is required http://www.laprensa-bolivia.net//20030224/politica/politica06.htm >La Prensa : The Police Anti-Terrorist Squad fired at the Palace >of Government >... the Institute of Forensic Investigation ... established that >the anti-terrorist police of the Rapid Reaction Force (GAI) fired >at the Palace of Government during the armed confrontation with the >military in Murillo Square, Wednesday the 12th of February. >The GAI, whose unit is entirely financed by the US Embassy in >La Paz, apparently in aid of the rebellious police that resisted the >soldiers fired their sniper rifles ... at the windows of the >offices in the Palace of government. [where the President was at the time]
Be careful about technological "self help" methods
http://www.suntimes.com/output/news/cst-nws-booby25.html Family of electrocuted thief gets $75,000 February 25, 2003 BY DAN ROZEK STAFF REPORTER The family of a convicted burglar who was electrocuted in 1997 when he tried to break in to a bar in Aurora after-hours and triggered a homemade booby trap has been awarded a $75,000 jury verdict to be paid by the owners of the bar and the property. ...
RE: Trivial OPT generation method?
> 1) Get 8 bytes from /dev/urandom. (Just for sure.) Put them into the You probably know this if you use it, but /dev/random is the most "random" one, as it always uses system entropy, rather than falling back on an algorithm to generate more bits than are available in the pool. Since you only need 8 bytes of random seed (and if you don't need to generate many OTPs at a time...) it might be worth using it instead. Can't help you on the entropy quality though. -- Vincent Penquerc'h
Re: Trivial OPT generation method?
> There is no weakness in it that I could come up with (presuming the audio > input is sufficiently random, which in case of badly tuned station it > seems to be; white noise generator would be better, though). Sounds good to me. you should certainly get 16 good bytes from 128, and while assuming a higher entropy would be faster, it is better to be conservative if you can afford it.
Trivial OPT generation method?
I am playing with an one-time pad generator. I have a FM radio receiver card in the computer, as /dev/dsp3. I wrote a small simple program that takes the filename and file size as arguments, then produces the desired file as full of random numbers. The algorithm of generating the numbers is this: 1) Get 8 bytes from /dev/urandom. (Just for sure.) Put them into the variable "output". 2) Initialize the MD5 function. 3) Update MD5 with the value of the variable "output". 4) Update MD5 with 128 bytes from /dev/dsp3. 5) Finish the MD5 calculation, retrieve 16 bytes of result into the variable "output". 6) Append the content of "output" to the output file. 7) Repeat 2-6 until I get the desired number of bytes. There is no weakness in it that I could come up with (presuming the audio input is sufficiently random, which in case of badly tuned station it seems to be; white noise generator would be better, though). However, with my lack of experiences I am not sure the output has enough of entropy, or if it on the other hand isn't a drastic overkill. Are there any hints/caveats for this approach? It's admittedly a quick hack glued together in couple minutes of spare time on the basis of an immediate idea. Thanks for any comments. :)
Re: Ethnomathematics
Bill Stewart <[EMAIL PROTECTED]> writes: >Actually doing a female-oriented physics or teaching curriculum is fine, if >somebody can do a good job of it. Well, I made a start a few years ago with "Network Security: A Feminist Perspective" (done when "people ask me to do security talks for them without bothering to specify which aspect of security they want me to talk about") about halfway down my home page. The direct link to the slides is http://www.cs.auckland.ac.nz/~pgut001/pubs/fhealth.pdf. Peter.
RSA Conference Awards Nominations now open.
I'm sure the folks on this list can come up with some interesting nominations :-) Peter Trei Deadline March 3rd Nominations opened today for the sixth annual RSA. Conference Awards. The Awards recognize individuals and organizations that make significant and ongoing contributions to the advancement of electronic security. Organizers of RSA Conference 2003, the world's leading e-security event, will honor one winner in each of three categories: Mathematics, Public Policy and Security Practices, at the 12th annual RSA Conference in April 2003. The Security Practices category is new this year, and is intended to recognize remarkable contributions in commercial applications of cryptography or the practice of or unique implementation of data security within an organization. Nomination forms are available at http://www.rsasecurity.com/conference/awards/ and must be submitted by March 3, 2003. Award winners will be announced at RSA Conference 2003 to be held April 13-17, 2003 at Moscone Center in San Francisco, Calif. The selection committee comprises members of the industry, academic community and public sector. Regards, Sandra Toms LaPedis Vice President & General Manager RSA Conference
Re: The next time you see someone on TV in a "newsroom"
At 04:40 PM 02/24/2003 -0800, Tim May wrote: Putting up fake newsrooms is quite another matter, though. I don't recall seeing this static shot of the "New York Times-Washington Bureau" newsroom. It seems like a silly thing to do, to have a photo of a newsroom with nobody in it. On the backdrops themselves, I'm surprised they're not using blue screen technology. The weather reporters have it, though with a sometimes visible "edge" (which is distracting). Comedy Central's "The Daily Show" does this all the time, in a broad mixture of serious news coverage, comedic spoofs, and various ranges of irony and sarcasm in between. Usually it's when their "Senior War Correspondent" is off somewhere. Since the War on (Some) Terrorists is the Wag the Dog War, we may soon be seeing actual faked war footage. You haven't been seeing it? It's right their next to the fnords, er, um, it must be your Broadcast Flag settings keeping you from receiving that part.
