cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1995-10-24 - Re: [reformatted] how secure can privasoft be?

Header Data

From: Jiri Baum <jirib@cs.monash.edu.au>
To: patrick@Verity.COM (Patrick Horgan)
Message Hash: e87e2a8e277c1381b18fdeb0d82a2e80164c1cf2b9fe55e134e539b84b7ec1fa
Message ID: <199510240608.QAA27721@molly.cs.monash.edu.au>
Reply To: <9510240512.AA07092@cantina.verity.com>
UTC Datetime: 1995-10-24 06:15:27 UTC
Raw Date: Mon, 23 Oct 95 23:15:27 PDT

Raw message

From: Jiri Baum <jirib@cs.monash.edu.au>
Date: Mon, 23 Oct 95 23:15:27 PDT
To: patrick@Verity.COM (Patrick Horgan)
Subject: Re: [reformatted] how secure can privasoft be?
In-Reply-To: <9510240512.AA07092@cantina.verity.com>
Message-ID: <199510240608.QAA27721@molly.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello patrick@Verity.COM (Patrick Horgan)
  and cypherpunks@toad.com, jirib@cs.monash.edu.au
  and futplex@pseudonym.com, privsoft@ix.netcom.com

...
> > > (0) PrivaSoft actually uses a key longer than 9 digits, and someone just made

JB (that's me!) wrote:
> > Could it be 9 hex digits = 36 bits?

PH wrote:
> A nine digit number, 999,999,999 can be stored as 0x3b9ac9ff. Note that this is
...

I meant "what if it's mis-reported and actuall goes up to FFF,FFF,FFF?".

> > > The information contents a clear message
> > 
> > This is a strange title (I suspect "of" dropped out), but it might
> > well sum it all up :-)
> 
> Nah, I suggested they reformat into 80 columns and suggested a different title
> for this section, but they went with it.  They wanted it fer sure.  I just don't
> know what it means.

Well, if this is actually what they wanted to say, then the 
interpretation I was alluding to was that the contents of the message
is [sent in the] clear.

...
> > This can at most buy you a constant factor - useful, but not very.
...
> Someone else on this list mentioned that an edge detection algorithm 
...
> It could give you a quick go/no go.

Don't forget that in most cases it'll be obvious that it's the wrong
key - only when it isn't would you submit the thing to a second-level
analyzer to check for edges/characters etc.

...
> > > The cryptographic engine can be customer-furnished and customer integrated, 
...
> > What do they mean by this bit?
...

> They mean that if you don't feel secure with theirs, you could use yours in
> their framework...

What, at the end of a release praising the security of their own thing?

> it's the pluggable encryption that NSA has had such a hard
> time with but seems to be in favor of now.

Alternatively their whole *framework* is bogus so NSA isn't concerned
about what encryption you use in the middle. Just another possibility.


Ah well...

Jiri
- --
<jirib@cs.monash.edu.au>     <jiri@melb.dialix.oz.au>     PGP 463A14D5

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMIyCvSxV6mvvBgf5AQFjkwQA1tr1wqgXDCwf3MWhCVJCmmNWQvyA1fHl
4LR7KXxZyPwcBnPFtD9/+sdgL7opnK8E79AXMzgxNJJhvvggHz5dzFmrM6AjKLoK
CiQcIVuZSZ66pxaS+S5bH5R3ZSO/IrbOkt5l1RYuSlow6UCyEcsjbiWSnfaIzdnY
nhvFhDsgfyM=
=ZXzd
-----END PGP SIGNATURE-----

Thread