Searching \ for '[OT] Cryptography etc. (was Re: Download Crack now' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: piclist.com/techref/index.htm?key=download+crack
Search entire site for: 'Cryptography etc. (was Re: Download Crack now'.

Exact match. Not showing close matches.
PICList Thread
'[OT] Cryptography etc. (was Re: Download Crack now'
1999\03\11@045309 by mlsirton

flavicon
face
Hi,

On 11 Mar 99 at 10:06, Russell McMahon wrote:
<snip>
> It is, of course, the "one time pad" - both agree on a common text
<snip>
> Cryptographic flame shields up
>         Essentially uncrackable
> Cryptographic flame shields still up :-).

It's good thing you have your shields on... :-)
If you use english text for your "one time pad" your encryption has
potential weakness since not all symbols occur with equal
probability. ('i' XOR 'i' would occur a lot more than 'q' XOR 'j' for
example). Given enough data some good guesses can be made regarding
your (public domain) pad.

One time pads should be random for them to be totally uncrackable.

RSA with a long key is very probably uncrackable even by the NSA...

Guy - spam_OUTmlsirtonTakeThisOuTspaminter.net.il

1999\03\11@123314 by Bob Drzyzgula

flavicon
face
a few thoughts:

1. Depending on where you travel, you might want to
be relatively careful with one-time pads. If you have
something that is clearly only useful as a one-time pad,
it may be considered cryptographic technology of the most
secure kind, and thus illegal. This is one reason why a
published, generally available book can be safer to use,
even if it is less secure.

2. One-time really *does* mean one-time. Reuse of
one-time pads is a very bad idea. I recall hearing of
cases, (perhaps it was?) involving the Soviets, where
a single set of one-time pads had been used repeatedly
in the preparation of "secure" radio transmissions;
supposedly this was because of difficulties distributing
new pads. Needless to say, after a few uses they needn't
have bothered "encrypting" the data, it might as well
have all been cleartext.  In the same way, choosing, say,
large number of magazines from disparate subject areas
and short books by a wide variety of authors would probably
be somewhat safer than using, for example, War and Peace.

3. In a situation where one-time pads are clearly legal
(U.S. Domestic, for example), a good way to prepare the pad
might be to use a recent Linux system and the /dev/random
or /dev/urandom device; something like (in the bash shell)

% for i in 1 2 3 4 5 6
% do
%   for j in 1 2 3 4 5 6
%   do
%     dd if=/dev/urandom of=otp_$i_$j.dat bs=1k count=16384
%   done
% done

Which will create 36 16MB "random" files that may then
be burned onto a pair of CD-ROMs and deleted. Note that
/dev/urandom might not be as random you might prefer;
/dev/random would be better but is limited in how much
output it will give you; Linux keeps an "entropy pool"
and /dev/random won't give you more output then the
current entropy pool provides for. Interfaces are provided,
however, to extend the entropy pool. /dev/urandom will keep
giving you data regardless of the assurable randomness of
the data.  See the source code for the random device driver
(/usr/src/linux/drivers/char/random.c) on most any Linux
system for more information.

--Bob

On Thu, Mar 11, 1999 at 11:46:37AM +0000, Guy Sirton wrote:
{Quote hidden}

--
============================================================
Bob Drzyzgula                             It's not a problem
bobspamKILLspamdrzyzgula.org                until something bad happens
============================================================

1999\03\11@124901 by Mark Willis

flavicon
face
I remember a rumor that someone's program on a CDC mainframe (college
days) used a straight XOR of some short text phrase with their
executable (self-modifying code was a common toy in those days.)  The
person doing this was trying to hack the (Was it NOS or NOS/BE?) OS they
were running;  They were dumb enough to forget that CDC binaries (as
most) have huge bunches of 0's in them, so a quick glance at their
executable file made their key obvious...

 Intelligent, experienced people do something like a (non-obvious,
changing) circular shift with another XOR with some changing other key
or something, so the key phrase is either not obvious or better yet is
used to create a HASH that's used to encrypt your info - even if your
entire file being encoded is all zero's - and to make things tougher on
any "unwanted" decoder.  Think like a software tester, folks - deviously
<G>

 Mark

Guy Sirton wrote:
{Quote hidden}

1999\03\11@154200 by Gerhard Fiedler

picon face
At 12:32 03/11/99 -0500, Bob Drzyzgula wrote:
>it may be considered cryptographic technology of the most
>secure kind, and thus illegal. This is one reason why a

even if you use an imported algorithm? maybe pgp? (AFAIK, pgp has been
legally exported, as source code, so you might use the "international"
version just as well. it's the same :)

and it's common for eg. european banks to use the -- in the usa
export-restricted -- 128bit technology in their internet interfaces. their
customers just have to get it from the bank (or elsewhere) instead of
downloading it from netscape... :)

ge

1999\03\11@155905 by Bob Drzyzgula

flavicon
face
On Thu, Mar 11, 1999 at 12:38:59PM -0800, Gerhard Fiedler wrote:
> At 12:32 03/11/99 -0500, Bob Drzyzgula wrote:
> >it may be considered cryptographic technology of the most
> >secure kind, and thus illegal. This is one reason why a
>
> even if you use an imported algorithm? maybe pgp? (AFAIK, pgp has been
> legally exported, as source code, so you might use the "international"
> version just as well. it's the same :)

I was thinking more along the lines of a war zone, or
an otherwise oppressive territory.  One should probably
take a holistic view when evaluating risks...

> and it's common for eg. european banks to use the -- in the usa
> export-restricted -- 128bit technology in their internet interfaces. their
> customers just have to get it from the bank (or elsewhere) instead of
> downloading it from netscape... :)

Yes, I believe that there was an exception made for
128-bit technology that was server-limited; the client
code will only talk 128-bit when attached to a special
version of the server code, and the distribution of that
server-side code is supposed to be very tightly controlled.

--Bob

--
============================================================
Bob Drzyzgula                             It's not a problem
EraseMEbobspam_OUTspamTakeThisOuTdrzyzgula.org                until something bad happens
============================================================

1999\03\12@021127 by Dr. Imre Bartfai

flavicon
face
Hi,

I do not think it would be a weakness you wrote, because of 'i' XOR 'i'
is resulting zero exactly the same way as 'anyletter' XOR 'anyletter'.
Furthermore, XOR is symmetric so 'a' XOR 'b' produces the same as 'b' XOR
'a'. I understand your worry causing the same or similar distribution of
the plain text AND the pad. However, it is sufficient I think to ROT13
either plaintext OR the pad (but not both).

Imre



On Thu, 11 Mar 1999, Guy Sirton wrote:

{Quote hidden}

More... (looser matching)
- Last day of these posts
- In 1999 , 2000 only
- Today
- New search...