CDR: about this list, and a poor man's crypto
I'm telling you I'm leaving, and why. 1. The list appears to be USA-centric, and Internet covers the whole world. 2. I'm not bragging around about what illegal I did (if I ever did) and why I think I'm right (of course I am! ;->) and why the other guys are wrong (of course they are, indeed! ;->) 3. I expected a lot of tech issues and found instead a bunch of: -discussions on racism, religion, gov't behavior worldwide -"we hate pigs" -US local laws discussions (see 1) -simple fluff and/or flaming. 4. Some smeghead is boycotting the list by subscribing it to other lists, or the list address went into some spammer's archive spreaded worldwide. Sorry, but I don't like all that and can't stand the flow of a list that massively talks about anything else than crypto: that's why I'm leaving (now). For the nuisance of having read this apparently off-topic e-mail message, you should be at least rewarded with a poor man's crypto solution. :-) In Italy we don't seem having a corpus of laws about/against crypto, so it's possible to develop almost anything. Not being linked to general concepts and standards about what crypto is or should be, that's how I figured out the concept of "brute-force key". It's the trivial usage of large keys in non-public key environments, at the expenses of weakening the encryption algorythm. It may seem stupid, but current technology makes it possible and very effective, depending only on the ability of generating good random byte sequences. Let's say you store your key on a diskette that carries at least 170Kbytes (I can, so you should, too ;->). Well, a 170Kbytes key _is_ strong, and performance can be achieved by using a trivial XOR algorythm, in circular or bustrophedic (back-and-forth) sequence if the message to be sent is larger. XOR implies that the key MUST be a long random string, because you might want to transmit a file with long 0x00 sequences, too. XORing 0x00 exposes parts of your key, so they should look undistinguishable from non-null encrypted data, that will appear as random rubbish (that's the purpose of crypto, right? :->). Let's say someone sent you an encrypted file via e-mail. After the file is decrypted (you met in person one night, let's say eating some pizza, and passed the key; it's safer than passing it via modem), you can simply pass it through a Unix-like 'file(1)' utility and establish which program should read it (the message can be a text file, an archive or an executable; cryptanalysis is almost impossible when the spy doesn't know what the output looks like). A neat trick could be using a random sequence that is larger than any message you'll ever transmit (let's say you're using a Zip cartridge, a tape or a CD-Rom instead of a diskette). Another one would be interleaving random "disturbing" data while producing the encrypted file, by all means inflating it, in order to make cryptanalysis much harder. Fantasy is the only limit. Pass the encrypted stuff under stego, and you're 99% save because few people can detect stego and the transmission itself will be hidden for most Bad Guys. If you don't care about ITAR laws (and it seems that you, being the Cypherpunks, actually don't), then you can start developing your own "final" encryption system at any time, being sure it has no backdoors. 1M44, a nowadays' diskette size, is a very good key size that is REALLY impossible to brute-force attack by Your Enemy (that can be, i.e., your Big And Bad rival corporation on the market). For any developer not at a beginner level, the key doesn't need to physically fit in RAM memory and can be directly read from its physical support at need. For smart and very distant geeks, it's possible to use as a key some compressed (pseudo-random) files widely available (a game, an MP3 or such; even operating system portions) and use that "safer-than-nothing" channel to exchange the big key. bye, and have fun with crypto stuff! RDO P.S.- Legal disclaimer: this message and its contents were not developed in the United States. In no way the author is responsible for the use or misuse of this message or contents, nor for the message itself.
"Marcello 'R.D.O.' Magnifico" wrote:
I'm telling you I'm leaving, and why.
Don't let the doorknob hit you in the ass on the way out. That being said, you make some points worth addressing.
1. The list appears to be USA-centric, and Internet covers the whole world.
True, both parts. However, it seems that the majority of the regular posters are American, and naturally are concerned about American issues. Also, like it or not, the US is the behemoth of today's world, and American regulations on crypto or the Internet will have an impact on the rest of the world.
2. I'm not bragging around about what illegal I did (if I ever did) and why I think I'm right (of course I am! ;->) and why the other guys are wrong (of course they are, indeed! ;->)
Uh, ok, thanks for sharing.
3. I expected a lot of tech issues and found instead a bunch of: -discussions on racism, religion, gov't behavior worldwide -"we hate pigs" -US local laws discussions (see 1) -simple fluff and/or flaming.
Most unmoderated Usenet groups and mailing lists have a sizeable share of "chatting" between participants. It's a fact of life. You can put up with it, address it intelligently with filters or other means, whine about it, or leave. Coderpunks is a mailing list devoted to programming issues around crypto. It has much less chatting and other cruft. See the archive at http://www.mail-archive.com/coderpunks%40toad.com/ Subscribe to the list via a "subscribe coderpunks" message to majordomo@toad.com By the way, I don't recall having seen any on-topic posts from you. Did you do anything to improve the signal-to-noise ratio on c-punks, or did you just complain about it?
4. Some smeghead is boycotting the list by subscribing it to other lists, or the list address went into some spammer's archive spreaded worldwide.
That annoys many of the regular participants, too, as you might note from reading the traffic regularly. You might try reading c-punks on http://www.inet-one.com/cypherpunks That'll let you read the traffic on threads that interest you without being bothered by threads that don't. -- Steve Furlong, Computer Condottiere Have GNU, will travel 518-374-4720 sfurlong@acmenet.net
At 4:06 PM -0700 9/3/00, Marcello 'R.D.O.' Magnifico wrote:
I'm telling you I'm leaving, and why.
1. The list appears to be USA-centric, and Internet covers the whole world.
Anyon is free to post, even people from Italy. That there are very few subscribers from Italy, or Botswana, or Gondwanaland, is just the way it is.
2. I'm not bragging around about what illegal I did (if I ever did) and why I think I'm right (of course I am! ;->) and why the other guys are wrong (of course they are, indeed! ;->)
"Bragging about what illegal I did" is in the context of civil liberties and the ground truth of cypherspace. If you don't "get it," it's probably best that you follow through on your promise to leave. Auf wiedersehen! Ciao!
3. I expected a lot of tech issues and found instead a bunch of: -discussions on racism, religion, gov't behavior worldwide -"we hate pigs" -US local laws discussions (see 1) -simple fluff and/or flaming.
And just which articles have _you_ contributed?
In Italy we don't seem having a corpus of laws about/against crypto, so it's possible to develop almost anything. Not being linked to general concepts and standards about what crypto is or should be, that's how I figured out the concept of "brute-force key". It's the trivial usage of large keys in non-public key environments, at the expenses of weakening the encryption algorythm. It may seem stupid, but current technology makes it possible and very effective, depending only on the ability of generating good random byte sequences.
First, Italy has no corpus of laws about/against crypto for the simple reason that Italy has a weak Internet culture. Weaker than France, which is saying a lot. When you wake up some day and find that the Protection of the Constitution Law has been passed by your parliament, don't come to us and say "But I had no idea this was coming." Second, beware variants of the bogus "virtual one-time pad." Using keying material to encipher plaintext is an idea as old as the hills, even the hills of Rome.
Let's say you store your key on a diskette that carries at least 170Kbytes (I can, so you should, too ;->). Well, a 170Kbytes key _is_ strong, and performance can be achieved by using a trivial XOR algorythm, in circular or bustrophedic (back-and-forth) sequence if the message to be sent is larger. XOR implies that the key MUST be a long random string, because you might want to transmit a file with long 0x00 sequences, too. XORing 0x00 exposes parts of your key, so they should look undistinguishable from non-null encrypted data, that will appear as random rubbish (that's the purpose of crypto, right? :->).
Cf. basic textbooks on crypto for why this is not a good solution. Read especially the parts on key distribution, on flaws arising from re-use of key material (cf. the Walker case), etc. Read also the mid-70s papers on why public key systems have such compelling advantages. I know this 25-year-old material must be boring to an enlightened Italian such as yourself, but you may find it useful to see why we backward Americans adopted public key systems over ""trivial XOR algorithms."
If you don't care about ITAR laws (and it seems that you, being the Cypherpunks, actually don't),
For a very good reason: no state may compel a person to communicate only in certain forms acceptable to the state. If you don't get this point either, it's probably hopeless. Maybe you can find a copy of "1984" for starters. Meanwhile, claiming that the list is not what you would like it to be is, especially when you have not contributed anything, is...typical. --Tim May -- ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
On Mon, 4 Sep 2000, Tim May wrote:
At 4:06 PM -0700 9/3/00, Marcello 'R.D.O.' Magnifico wrote:
I'm telling you I'm leaving, and why.
1. The list appears to be USA-centric, and Internet covers the whole world.
Anyon is free to post, even people from Italy. That there are very few subscribers from Italy, or Botswana, or Gondwanaland, is just the way it is.
That and none of them are willing to set up nodes, and advertise same localy, to help widen the reach of the list. A pity that the people doing the bitching are the ones empowered to fix it... ____________________________________________________________________ He is able who thinks he is able. Buddha The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
On Sun, 3 Sep 2000, Marcello 'R.D.O.' Magnifico wrote:
3. I expected a lot of tech issues and found instead a bunch of: -discussions on racism, religion, gov't behavior worldwide -"we hate pigs" -US local laws discussions (see 1) -simple fluff and/or flaming.
I'm with him, actually, about list content. I had hoped to find tech discussions going on. In the interest of making some news if you don't like the news you're getting, I present -- the Country Mile Cipher. Algorithm details available (for now) on http://www.sonic.net/~bear/crypto/countrymile.html This is a stream cipher based on the Blum-Blum-Shub pseuodo- random number generator -- and on work done more recently by Ronald Rivest, who "digitally sealed" a message that he expects to take 30 years of continuous computing to unscramble. The Country Mile Cipher has one interesting property; You can choose when you encrypt a message how much computing power it will require to decrypt it. This interesting property has two useful applications: First, you can make it that much more difficult to "brute-force" a key, so even if you are restricted in key length, you can still achieve reasonable security. Second, you can use it to "digitally seal" messages to people that will not unseal without a specified amount of computing time. I can foresee protocols where someone not having information for a specified length of time after it's delivered would be useful - It could be treated as a "bit commitment scheme" where the person making the commitment does not need to do anything else. Anyway - there's very little here that's my own invention. The Blum-Blum-Shub Random Number Generator is well-tested, and the mathematics for predicting its state into the future are explained in Schnier's book. I haven't really done anything except put some well-known and well-tested pieces together, so I'm pretty confident of the security of the Country Mile Cipher. So confident, in fact, that if anyone can come up with a viable attack on it, I will cheerfully pay the *first* person to do so fifty US dollars. :-) Ray Dillinger
At 05:34 PM 9/4/00 -0400, Ray Dillinger wrote:
I'm with him, actually, about list content. I had hoped to find tech discussions going on.
There are tech discussions on this list regularly, mixed with the sociopolitical rants and spam. You are not paying attention.
On Mon, 4 Sep 2000, David Honig wrote:
At 05:34 PM 9/4/00 -0400, Ray Dillinger wrote:
I'm with him, actually, about list content. I had hoped to find tech discussions going on.
There are tech discussions on this list regularly, mixed with the sociopolitical rants and spam. You are not paying attention.
Actually the spam is an experiment is stegonography. (But only some of them.) How to tell the difference is left as an exercise for the reader. alan@ctrl-alt-del.com | Note to AOL users: for a quick shortcut to reply Alan Olsen | to my mail, just hit the ctrl, alt and del keys. "In the future, everything will have its 15 minutes of blame."
On Tue, 5 Sep 2000, Alan Olsen wrote:
Actually the spam is an experiment is stegonography. (But only some of them.) How to tell the difference is left as an exercise for the reader.
ah, and let me guess -- we can tell which of us have extra computing power in our basement by seeing who can tell the difference and who can't?
At 04:06 PM 9/3/00, Marcello 'R.D.O.' Magnifico wrote:
I'm telling you I'm leaving, and why. 1. The list appears to be USA-centric, and Internet covers the whole world.
The standard way to fix problems like that is to post non-USA-centric content :-)
3. I expected a lot of tech issues and found instead a bunch of: -discussions on racism, religion, gov't behavior worldwide -"we hate pigs" -US local laws discussions (see 1) -simple fluff and/or flaming.
You're not the only one to complain about this. (See answer 1.) cryptography-request@c2.net will get you a moderated list that's broader than coderpunks, but narrower than cypherpunks, no spam, low flaming. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
participants (9)
-
Alan Olsen -
Bill Stewart -
David Honig -
dmolnar -
Jim Choate -
Marcello 'R.D.O.' Magnifico -
Ray Dillinger -
Steven Furlong -
Tim May