1996-01-19 - Re: Ozzie Apes Jim Clark, Fix Is In to Cave and Cry

Header Data

From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
To: zoo@armadillo.com (david d `zoo’ zuhn)
Message Hash: e5fbc1b464547bca1de7f29cd3288c53f193c179b76ace497a14f929d02fe06a
Message ID: <199601190944.UAA17814@sweeney.cs.monash.edu.au>
Reply To: <199601182115.PAA10170@monad.armadillo.com>
UTC Datetime: 1996-01-19 11:11:02 UTC
Raw Date: Fri, 19 Jan 1996 19:11:02 +0800

Raw message

From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Fri, 19 Jan 1996 19:11:02 +0800
To: zoo@armadillo.com (david d `zoo' zuhn)
Subject: Re: Ozzie Apes Jim Clark, Fix Is In to Cave and Cry
In-Reply-To: <199601182115.PAA10170@monad.armadillo.com>
Message-ID: <199601190944.UAA17814@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


Hello "david d `zoo' zuhn" <zoo@armadillo.com>
  and wendigo@pobox.com (Mark Rogaski), cypherpunks@toad.com
> // : >of those bits by using a special 24-bit key supplied by the
> // That was the question that came to mind when I read the article, too.
> // How exactly are they planning on implementing this?  
> Looks straightforward to me.  Any time a bulk key is generated (aka session
> key), take a known number of bits in a known location (top n or bottom n)
> and encrypt those with the public key of the agent you want to give the n
> key bits to. 

Not so easy - as somebody pointed out in another thread, this will be 
very easy to brute - only 2^24 cleartexts to try...

You have to put in some salt to prevent this.

If you want the recipient to be able to check that the key is correctly
there, you need to make the salt known to both (eg a 1-way hash of the 
whole key). You might want to do this to make the program refuse
to interoperate with hacked versions.

> Neither give away the entire key directly, so it's not a trivial decoding
> operation.  But 40 bits isn't terribly difficult to decode either.
> The advantage, as seen by many people, is that the full key is much larger
> in the Notes implementation style so non-governmental attackers have a much
> harder problem to solve in order to crack the message.  

I suppose it'll be safe for a while yet (esp. for session keys), but
has anyone multiplied that graphics-workstation-40bit price by 2^24?
It's only 10 billion! (billion=10^9) A lot of money, sure, but given
that it's not very expensive to go to 128 bits or more, why ???

(Please, do NOT post c*nspiracy theories --- they are obvious to everyone
and therefore unpatentable.)

> GAK is reasonable, to those who trust the government.  Now the subset of
> this list who do so may be a much smaller percentage than the subset of the
> VPs of IS that do.  But that's a different message.  

Now how about the percentage of *foreign* people who trust the US govt.?
Given that it has said that it'll spy commercially... (if memory serves).

Hope I'm making sense... (well, they say "hope dies last"...)

- --
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

Version: 2.6.2i