From: Jiri Baum <jirib@cs.monash.edu.au>
To: patrick@Verity.COM (Patrick Horgan)
Message Hash: e87e2a8e277c1381b18fdeb0d82a2e80164c1cf2b9fe55e134e539b84b7ec1fa
Message ID: <199510240608.QAA27721@molly.cs.monash.edu.au>
Reply To: <9510240512.AA07092@cantina.verity.com>
UTC Datetime: 1995-10-24 06:15:27 UTC
Raw Date: Mon, 23 Oct 95 23:15:27 PDT
From: Jiri Baum <jirib@cs.monash.edu.au>
Date: Mon, 23 Oct 95 23:15:27 PDT
To: patrick@Verity.COM (Patrick Horgan)
Subject: Re: [reformatted] how secure can privasoft be?
In-Reply-To: <9510240512.AA07092@cantina.verity.com>
Message-ID: <199510240608.QAA27721@molly.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
Hello patrick@Verity.COM (Patrick Horgan)
and cypherpunks@toad.com, jirib@cs.monash.edu.au
and futplex@pseudonym.com, privsoft@ix.netcom.com
...
> > > (0) PrivaSoft actually uses a key longer than 9 digits, and someone just made
JB (that's me!) wrote:
> > Could it be 9 hex digits = 36 bits?
PH wrote:
> A nine digit number, 999,999,999 can be stored as 0x3b9ac9ff. Note that this is
...
I meant "what if it's mis-reported and actuall goes up to FFF,FFF,FFF?".
> > > The information contents a clear message
> >
> > This is a strange title (I suspect "of" dropped out), but it might
> > well sum it all up :-)
>
> Nah, I suggested they reformat into 80 columns and suggested a different title
> for this section, but they went with it. They wanted it fer sure. I just don't
> know what it means.
Well, if this is actually what they wanted to say, then the
interpretation I was alluding to was that the contents of the message
is [sent in the] clear.
...
> > This can at most buy you a constant factor - useful, but not very.
...
> Someone else on this list mentioned that an edge detection algorithm
...
> It could give you a quick go/no go.
Don't forget that in most cases it'll be obvious that it's the wrong
key - only when it isn't would you submit the thing to a second-level
analyzer to check for edges/characters etc.
...
> > > The cryptographic engine can be customer-furnished and customer integrated,
...
> > What do they mean by this bit?
...
> They mean that if you don't feel secure with theirs, you could use yours in
> their framework...
What, at the end of a release praising the security of their own thing?
> it's the pluggable encryption that NSA has had such a hard
> time with but seems to be in favor of now.
Alternatively their whole *framework* is bogus so NSA isn't concerned
about what encryption you use in the middle. Just another possibility.
Ah well...
Jiri
- --
<jirib@cs.monash.edu.au> <jiri@melb.dialix.oz.au> PGP 463A14D5
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
iQCVAwUBMIyCvSxV6mvvBgf5AQFjkwQA1tr1wqgXDCwf3MWhCVJCmmNWQvyA1fHl
4LR7KXxZyPwcBnPFtD9/+sdgL7opnK8E79AXMzgxNJJhvvggHz5dzFmrM6AjKLoK
CiQcIVuZSZ66pxaS+S5bH5R3ZSO/IrbOkt5l1RYuSlow6UCyEcsjbiWSnfaIzdnY
nhvFhDsgfyM=
=ZXzd
-----END PGP SIGNATURE-----
Return to October 1995
Return to “patrick@Verity.COM (Patrick Horgan)”