patent-free royalty-free strong encryption
Soaring Golden Eagle
Adam wrote:
> I'm looking for source code to patent-free royalty-free strong encryption.
> Can anyone help?
Sure. Look for Diamond2, Sapphire II, Blowfish, 3DES, and others...
http://www.cryptography.org/freecryp.htm
--... ...-- -.. . -. --- ----- ....
Jesus Christ is Lord, and He is coming back soon! Are you READY?
|>
/////||\\\\\ Soaring Golden Eagle, Servant of the LORD
////////||\\\\\\\\
||
MM Isaiah 40:31
Send email to majo...@csn.net with the single line
subscribe bible
in the body of the message to get daily Bible readings.
Michael Paul Johnson PO Box 1151, Longmont CO 80502-1151, USA
Senior Commander, Rocky Mountain Outpost 207, New Creation Church
mailto:m...@ebible.org http://www.ebible.org/bible
George Barwood
Check out pegwit
http://ds.dial.pipex.com/george.barwood/v8/pegwit.htm
- it is a complete program, totally free (public domain) and contains
source for its crypto components
(1) A symmetric cipher (Square)
(2) A hash function (SHA1)
(3) A public key system (Elliptic curve over GF(2^255))
This is in 'C' - a Java version is also available.
George
On Fri, 02 Jan 1998 03:17:43 +1000, hi...@netspace.net.au (Adam)
wrote:
>Hi
>
>I'm looking for source code to patent-free royalty-free strong encryption.
>Can anyone help?
>
>Please reply via email as my newsfeed is slow.
>
>Thanks.
Colin Dooley
Adam wrote:
>
> Hi
>
> I'm looking for source code to patent-free royalty-free strong
> encryption. Can anyone help?
>
Probably the only algorithms which fit this category are Triple
DES and Blowfish.
I'll mail you a copy of cryptolib which has both of these...
Remember to double check your key generation algorithms...
--
<\___/>
/ O O \
\_____/ FTB.
Adam
Hi
I'm looking for source code to patent-free royalty-free strong encryption.
Can anyone help?
Please reply via email as my newsfeed is slow.
Thanks.
David Hopwood
-----BEGIN PGP SIGNED MESSAGE-----
In message <hinks-ya02408000...@news.netspace.net.au>
hi...@netspace.net.au (Adam) wrote:
> Hi
> I'm looking for source code to patent-free royalty-free strong encryption.
Blowfish, CAST5, Triple DES, LOKI91, RC2, (possibly) RC4, SAFER SK-128,
SPEED, and Square probably meet your criteria - the most conservative
choices being Blowfish and Triple DES.
If you're programming in Java, try http://www.systemics.com/docs/cryptix/
- --
David Hopwood <hop...@zetnet.co.uk>
PGP public key: http://www.users.zetnet.co.uk/hopwood/public.asc
Key fingerprint = 71 8E A6 23 0E D3 4C E5 0F 69 8C D4 FA 66 15 01
Key type/length = RSA 2048-bit (always check this as well as the fingerprint)
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBNKxDQTkCAxeYt5gVAQFt6wf/YNi9NK6dgNYhcsZnvaL7Lh/CPATxlU3b
sPEmPcZ9+8vOUZOEuBEIrAE/hnvxpOgrozZ10eAkFz8XsEinPqdUriKwbMdo7cKt
XJ7Bswof1RX/3//cW+mZjj7kjdofNy7VWbJZRJBUSrlR17gqwEdbhN2zbvrq1K+V
L7BYTDKAOOJJRYRRWwDQm2BdoZyvI6dVCrgx5HPmX8Y7eC+bSV+RhlRPFi5Gl1VC
lLP4ktF8qZUhCWKH6ptjCpDs70FI30MCjZc8vGqsSqXBwrp+iTQIxIbixWnIeB37
9MBD+QdfR1QE9o9SH3lAHEQpUqT2l6ioytL5VnFkmWCEl36jGT8/Aw==
=7dnR
-----END PGP SIGNATURE-----
David A. Scott
In a previous article, co...@medit3d.com (Colin Dooley) says:
>Adam wrote:
>>
>> Hi
>>
>> I'm looking for source code to patent-free royalty-free strong
>> encryption. Can anyone help?
>>
>
>Probably the only algorithms which fit this category are Triple
>DES and Blowfish.
>
Try to get scott16u.zip it is the strongest patent free software
out there and comes with the source code.
--
TM (remove Xs to reply)
<sarcasm>
So strong it lasted 2 weeks among amateur cryptanalysts. Ooo! Ahhh!
And it comes with source code, just like algorithms 5,000 times as
strong. Sure sounds good.
</sarcasm>
David, I have one thing to ask you: how can you claim the title of
"strongest patent free software" when your algorithm has had little
peer review, and the review that it had uncovered glaring flaws?
"I never set out to be weird. It was always the other people
who called me weird."
-- Frank Zappa --
http://www.sinnerz.com/tmessiah/
KeyID: 4096/1024/0x14C4FDE6
Fingerprint: 1263 DBFD F2C4 77C6 87F2 A94A 0759 7C7E 14C4 FDE6
-export-a-crypto-system-sig -RSA-3-lines-PERL
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
David A. Scott
In a previous article, xmxexsx...@xjxpxsx.xnxextx (TM remove Xs to reply)) says:
>On 4 Jan 1998 23:53:15 GMT, an...@yfn.ysu.edu (David A. Scott) wrote:
>
>>
>>In a previous article, co...@medit3d.com (Colin Dooley) says:
>>
>>>Adam wrote:
>>>>
>>>> Hi
>>>>
>>>> I'm looking for source code to patent-free royalty-free strong
>>>> encryption. Can anyone help?
>>>>
>>>
>>>Probably the only algorithms which fit this category are Triple
>>>DES and Blowfish.
>>>
>> Try to get scott16u.zip it is the strongest patent free software
>>out there and comes with the source code.
>
><sarcasm>
>So strong it lasted 2 weeks among amateur cryptanalysts. Ooo! Ahhh!
>And it comes with source code, just like algorithms 5,000 times as
>strong. Sure sounds good.
></sarcasm>
I think if you follow the thread the original method was never
broken in the sense that no one solved either of the encrypted
messages. What happened at the time was that Paul Onions showed
that it suffuered from a plain text attack. And yes at first I did
not consider that a weakness because one has to be tricked into
encrypting a particular message. However I did decide to make it
immune to plain text attacks and that is when I made the scottP
versions named after Paul Onions who first noticed the plain text
attack. That version and above imune to such attacks. Macck at
that time made his X8.ZIP which he thought was immune to plain
text attacks and critized my method as over kill to prevent the
plaintext attacks. However later someone showed how most of his
methods to prevent the attack failed. I know use the scott16u
version which is even better than the old scottp versions of
which have never been broken in any form but showed weakness
in that the encrypted text from very simple keys did not totally
pass the randomness tests in some of the DIEHARD tests. I felt
this might be a potential weakness for some even lenght files.
So made cahnges so that it passes every form of DIEHARD tests
I could run.
>
>David, I have one thing to ask you: how can you claim the title of
>"strongest patent free software" when your algorithm has had little
>peer review, and the review that it had uncovered glaring flaws?
>
What you call a glaring flaw was something that did not help
in the solving of the money contest. I still think the orginal
method sound based on the design principles used. Many of the
princibles used are of the kind that should be used on any
modern encryption system but are not used.
EXAMPLE
if one has two plain text files that differ at most by
one change in the text. Then if you encrypt each with
same key such that file lengths are not changed you should
get totally different encrytped files out. Such that simple
chaining games and DIEHARD tests can not detect simalar
encrypted files. Now you tell what freely available
method does this. Better yet tell me why people are not
concerned since this feature is easy to add with computers
but is not. I think it is not used in todays designs so
that the NSA can have an easyer time decrypint messages.
EXAMPLE TWO
One should never have a short fragment of encrypted
message contain any information to help enemy break the
code. This is what made Engima and several others fall.
PGP needs to only look at small amount of code in order
to tell that it is on the correct track. Even in the
conventional only mode. This is totally rediculus if
one wants true security. My codes have none of these
glaring weaknesses.
Soon 1000 dollar contest for scott16u.zip
--
David A. Scott
In a previous article, xmxexsx...@xjxpxsx.xnxextx (TM remove Xs to reply)) says:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On 5 Jan 1998 10:00:26 GMT, an...@yfn.ysu.edu (David A. Scott) wrote:
>
>
>> I think if you follow the thread the original method was never
>>broken in the sense that no one solved either of the encrypted
>>messages. What happened at the time was that Paul Onions showed
>>that it suffuered from a plain text attack. And yes at first I did
>>not consider that a weakness because one has to be tricked into
>>encrypting a particular message. However I did decide to make it
>>immune to plain text attacks and that is when I made the scottP
>>versions named after Paul Onions who first noticed the plain text
>>attack. That version and above imune to such attacks. Macck at
>>that time made his X8.ZIP which he thought was immune to plain
>>text attacks and critized my method as over kill to prevent the
>>plaintext attacks. However later someone showed how most of his
>>methods to prevent the attack failed. I know use the scott16u
>>version which is even better than the old scottp versions of
>>which have never been broken in any form but showed weakness
>>in that the encrypted text from very simple keys did not totally
>>pass the randomness tests in some of the DIEHARD tests. I felt
>>this might be a potential weakness for some even lenght files.
>>So made cahnges so that it passes every form of DIEHARD tests
>>I could run.
>
>The fact that the first version, which you proclaimed unbreakable,
>had a flaw (whether practical or not), which other algorithms you
>claimed were weak did not makes me nervous. The fact that you did not
If your nervous take a pill. Yes I did not come up through the
crypto ranks so assummed the game was to design code that can not
be broken. I assumed the message and key was the secret part. However
in the current rules of the game chosen plaintext attack is allowed.
I think part of the game like related key attack is pure bullshit
and I at this time will not play the game by there phony rules.
A key should be on the order of the key sizes I use. Fock the others
if they so stupid to only want short keys. It is like learning chess
I doubt if I could beat Kolanoskey (bad spelling) in my first game
but I did a few years later. Yes I can learn and am superior to
most of you in that I when I learn I get better than most in math
related things. It is fairly obvious that most of the so called
crypto that people get exposed to are based on weak princlipals
that in the computer age should change. The only reason it has not
must be due to the control and distortion from groups like the NSA
whose job it is. Is to help with the dumbing down of Americans. I
guess so we can blindly enter the next millenia as ignorant brain
dead slaves.
>forsee and plan for such a basic attack makes me nervous. It doesn't
>matter whether Scott16U has been broken or not. What matters is that
>when you line it up next to its competition, it slinks away with its
>tail between its legs.
>
>> What you call a glaring flaw was something that did not help
>>in the solving of the money contest. I still think the orginal
>>method sound based on the design principles used. Many of the
>>princibles used are of the kind that should be used on any
>>modern encryption system but are not used.
>
>The original method had flaws. I wouldn't doubt if the algorithms
>based on the original Scott16 have flaws. But you're right - I doubt
>Scott16u will ever be broken. Not for lack of flaws, mind you, but
>for lack of attention. Most people (myself included) can't be
>bothered to disprove a crank's claims. You'll always believe you hold
>the key no matter what.
>
I think your full of ..it and can't analize anything anyway.
>>EXAMPLE
>> if one has two plain text files that differ at most by
>>one change in the text. Then if you encrypt each with
>>same key such that file lengths are not changed you should
>>get totally different encrytped files out. Such that simple
>>chaining games and DIEHARD tests can not detect simalar
>>encrypted files. Now you tell what freely available
>>method does this. Better yet tell me why people are not
>>concerned since this feature is easy to add with computers
>>but is not. I think it is not used in todays designs so
>>that the NSA can have an easyer time decrypint messages.
>
>If I randomly generate a 128-bit salt, append it to the user-entered
>password, and hash the result, the chances of a two files being
>encrypted with the same user-entered password encrypting to the same
>file are the same of generating the same salt twice.
Do you really think you countered my example. well FOCK NO
you still don't have the brains to understand what I said so
give up. Or get a little smarter.
>
>>EXAMPLE TWO
>> One should never have a short fragment of encrypted
>>message contain any information to help enemy break the
>>code. This is what made Engima and several others fall.
>>PGP needs to only look at small amount of code in order
>>to tell that it is on the correct track. Even in the
>>conventional only mode. This is totally rediculus if
>>one wants true security. My codes have none of these
>>glaring weaknesses.
>
>Sanity checks are a balance between making the program so frustrating
>to use but secure, and totally insecure but fun to use. I personally
>append a CRC or hash of the plaintext file to the plaintext file, and
>encrypt it all. Yes, it does make a ciphertext-only brute force
>attack more feasible, but it also insures data integrity. Besides, if
>the algorithm is secure, one should be able to encrypt the whole key
>along with the plaintext and have no problems.
>
Again you seem to lack the mental ability to understand the
example. If one is encrytping and decrypting wiht out error.
Than the so called sanity checks are not there in the sense
that no errors no messages. I Personally think that it is
STUPID to have checks in the code like PGP to make it easier
for the NSA types to break it. IT would be no more frustrating
to use for the average programer if it was not there. Its main
purpose is to make it easyier to break. Or at least in something
like PGP which is option rich there should be a way to encrypt
with out putting any helpful clues to the breaking of it.
>> Soon 1000 dollar contest for scott16u.zip
>
>I'll hold my breath.
>
>
Well if your still holding your dead now
--
"http://www.sni.net/~mpj/crypto.htm" MPJ's North American Strong Cry
ptographic Software Archive Look under the FTP file archive in
the \new Directory to get scott16u.zip
tbb...@mail.lrz-muenchen.de
I think, the important part of the whole story is: You didn't think about
this kind of attack, and your cipher was weak against it.
You are telling us, the blockciphers we are using at the moment, were
weak against unknown attacks that could be used by NSA.
Why do you think, your cipher would be stronger?
It didn't need too much time to find a known-plaintext-attack, so why do
you think, the NSA hasn't developed an attack against SCOTT-type ciphers?
o They need strong ciphers for their own purpose.
o They are collecting lots of data.
o ERGO: They know scott16.
o They could have tested scott16 for possible weaknesses.
(it could be a useful cipher for their own purpose or a danger
for their key-breaking-system)
o They do have the money, man- and computer-power to test any
cipher they see much better than anybody else did during your contest.
o ERGO: If there is any possible attack, THEY KNEW since the beginning of
the contest.
> I think part of the game like related key attack is pure bullshit
> and I at this time will not play the game by there phony rules.
> A key should be on the order of the key sizes I use.
Why?
Even the 128 bit used in IDEA should be enough to keep people from
brute-forcing a cipher.
The really interesting attacks don't depend on keysize.
What's the use of such a large key if a cipher is weak against the
unknown attack?
> Fock the others
> if they so stupid to only want short keys. It is like learning chess
> I doubt if I could beat Kolanoskey (bad spelling) in my first game
> but I did a few years later. Yes I can learn and am superior to
> most of you in that I when I learn I get better than most in math
> related things.
Just break IDEA and we will beliefe.
It's not such a good sign to think, all other people would be fools.
Of course PGP is mainly used for communication.
I don't think, SCOTT16 is useful for communication at all:
o The key you would use is too large.
o Key-generation is far too slow to use the cipher within a network.
o The amount of data needed by SCOTT16 is too large for many kinds
of hardware.
It's not only impossible to use SCOTT16 on a smartcard, you will in
truble when coding many channels at the same time with different
keys on ANY hardware.
o A single biterror will destroy the whole message.
o It's impossible to read parts of a message before having received the
whole message.
Above all, PGP is a complete system, while SCOTT16 is only one component:
The symmetric cipher.
> >> Soon 1000 dollar contest for scott16u.zip
> >
> >I'll hold my breath.
> >
> >
> Well if your still holding your dead now
> --
> "http://www.sni.net/~mpj/crypto.htm" MPJ's North American Strong Cry
> ptographic Software Archive Look under the FTP file archive in
> the \new Directory to get scott16u.zip
>
>
Enterrottacher Andreas
enterro...@lrz.tu-muenchen.de
enterro...@t-online.de
TM (remove Xs to reply)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 22 Jan 1998, David A. Scott wrote:
> If your nervous take a pill. Yes I did not come up through the
> crypto ranks so assummed the game was to design code that can not
> be broken. I assumed the message and key was the secret part.
However
> in the current rules of the game chosen plaintext attack is allowed.
Yes, you did not come up through the crypto ranks, and that is
probably why you didn't think of a chosen-plaintext attack. Whether or
not it could be used in actuality, it is a flaw which strong
algorithms should not have. If you think that's bullshit, fine, but
any weakness, however theoretical, is a problem.
> I think part of the game like related key attack is pure bullshit
> and I at this time will not play the game by there phony rules.
> A key should be on the order of the key sizes I use.
The NSA isn't limited to the attacks you want them to use. Why should
they abide by *your* rules, and not by *theirs*? If you want to set up
a theoretical situation in which your algorithm can't be broken,
dandy. But remember, in the REAL WORLD any attack is possible.
> Fock the others
> if they so stupid to only want short keys. It is like learning chess
> I doubt if I could beat Kolanoskey (bad spelling) in my first game
> but I did a few years later. Yes I can learn and am superior to
> most of you in that I when I learn I get better than most in math
> related things.
So we should all bow down, eh? I could care less about your
superiority. You *persist* in believing your algorithm is secure with
little to no peer review, weaknesses in an early version, and no
benefits over any existing algorithms. You claim to be flexible, but
that (I think) proves your pigheadedness.
> It is fairly obvious that most of the so called
> crypto that people get exposed to are based on weak princlipals
> that in the computer age should change. The only reason it has not
> must be due to the control and distortion from groups like the NSA
> whose job it is. Is to help with the dumbing down of Americans. I
> guess so we can blindly enter the next millenia as ignorant brain
> dead slaves.
True, most of the crypto out there is weak. It's based on simple
algorithms, and can be found in a wide variety of commercial programs.
But algorithms like IDEA and Blowfish are not in the "bad crypto"
category. I would venture to say that Scott16u does, however. But
since you proved IDEA was weak with no evidence, I can prove Scott16u
is weak by the same method - "The NSA probably has already cracked
Scott16u."
> I think your full of ..it and can't analize anything anyway.
Well thanks for your opinion, I'll forward that to the PR Department
right away.
> Do you really think you countered my example. well FOCK NO
> you still don't have the brains to understand what I said so
> give up. Or get a little smarter.
So, when rhetoric fails you, you turn to insults?
> Again you seem to lack the mental ability to understand the
> example. If one is encrytping and decrypting wiht out error.
> Than the so called sanity checks are not there in the sense
> that no errors no messages. I Personally think that it is
> STUPID to have checks in the code like PGP to make it easier
> for the NSA types to break it. IT would be no more frustrating
> to use for the average programer if it was not there. Its main
> purpose is to make it easyier to break. Or at least in something
> like PGP which is option rich there should be a way to encrypt
> with out putting any helpful clues to the breaking of it.
Ah, more insults. Tell me, Dave, how does Scott16u insure data
integrity? By totally failing when one bit of the ciphertext is
changed? You seem to think that one algorithm (yours) should be used
for all applications? As someone pointed out, Scott16u has all of the
characteristics which are least desirable in a communications cipher.
Sanity checks *might* reduce security, but the attacker would have to
break the overlying cipher first. And if the overlying cipher is any
good, that won't happen.
>>I'll hold my breath.
> Well if your still holding your dead now
Witty.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQA/AwUBNMkB6QdZfH4UxP3mEQI86QCfd1SEGcjWsl5AckoyWFh6XAXm5kEAoMKM
HpxAjkNF8yBMcW7drOfwTLPY
=fca1
-----END PGP SIGNATURE-----
Mike McCarty
In article <6a6ch3$1ar$1...@news.ysu.edu>,
David A. Scott <an...@yfn.ysu.edu> wrote:
[snip]
) If your nervous take a pill. Yes I did not come up through the
)crypto ranks so assummed the game was to design code that can not
)be broken. I assumed the message and key was the secret part. However
)in the current rules of the game chosen plaintext attack is allowed.
)I think part of the game like related key attack is pure bullshit
)and I at this time will not play the game by there phony rules.
I don't make any rules around here, and have no influence. I'm not
anyone for you to get angry at, and I haven't posted to anyone saying he
should or should not post here. That said, I'd like to give you some
help in understanding why someone might choose "rules of the game" like
this. Saying that a cryptographic technique is "weak" in that "it is
subject to known plaintext attack" is emphatically _not_ the same as
saying that it is worthless. It just means that it is weak in that way,
and not totally unbreakable. AFAIK, only the OTP is totally unbreakable,
and it is weak in the key distribution. In short, ALL KNOWN ENCRYPTION
TECHNIQUES ARE WEAK IN SOME WAY.
Hopefully, this will help you take the criticisms which have been
levelled at your technique a little softer. I don't know what your
technique is, and am not a cryptographic expert. But I know that all
techniques are weak in some way. There is no perfect technique. So every
technique is a trade off between various strengths and weaknesses.
Now why would the "known plaintext attack" be a reasonable thing to use
in assessing the strength of a cryptographic technique? The reason is
that in real-life it has been found to be a _useful_ technique. Just
after a battle in wartime, one can have a pretty good guess at the
kinds of transmissions which will take place, place names, grid
locations, unit designations (4th army etc.). It is not too difficult
to "plant" fake information which will be encrypted by the enemy and
retransmitted. One way is by using a cipher which we know the enemy has
broken, and which we no longer use for transmissions which must be kept
secure. Transmit the fake, and wait for a spate of transmissions.
Another is to receive a message in a cipher you can decrypt, and hope
that the enemy also transmitted it in a more secure cipher (this is
pretty common). Another is (hold on to your hat) many times messages
which _should_ be encrypted are _not_ and are transmitted as plaintext.
This happened _repeatedly_ in Germany.
This does _not_ mean that a cipher which is subject to plain text attack
is not a good one. It just means that it is not a good one when plain
text attack might be available. Which is pretty often, but not always.
[snip]
) Do you really think you countered my example. well FOCK NO
)you still don't have the brains to understand what I said so
)give up. Or get a little smarter.
It seems to me that you are taking everything much too personally. ALL
ciphers have relative strengths and weaknesses. If yours has some
weakness, then it just means that one shouldn't use it in a circumstance
where that weakness can be used against it. In other circumstances, it
might be perfectly fine.
Attacking the mental capacity of an antagonist is really a very weak
argument. I think you would better expend your efforts in trying to
determine under what circumstances your technique is relatively strong,
and when it is relatively weak.
Certainly, neither you nor anyone else has a perfect system.
[sanity checks]
) Again you seem to lack the mental ability to understand the
)example. If one is encrytping and decrypting wiht out error.
)Than the so called sanity checks are not there in the sense
)that no errors no messages. I Personally think that it is
)STUPID to have checks in the code like PGP to make it easier
)for the NSA types to break it. IT would be no more frustrating
)to use for the average programer if it was not there. Its main
)purpose is to make it easyier to break. Or at least in something
)like PGP which is option rich there should be a way to encrypt
)with out putting any helpful clues to the breaking of it.
Ok, you don't like sanity checks. Other people do. A CRC is only a few
bits. What difference does it make? In transmission time, nothing. In
computation time, perhaps a few percent. I routinely use them at work.
But they aren't warranted in every case. Why is the use of a sanity
check a real problem for you? If you don't need it, but get it anyway,
then just how much have you lost? 32 bits and a few milliseconds
computation time. Transmission time at 1200 baud is only about 8
milliseconds.
I started using the newsfeeds because I found that I shared interests
with other people. One of them is an interest in encryption. On occasion
I have needed to _do_ some encryption at work. But mostly, I just want
to find a community of people who are interested in the same things I
am, and who are willing to share information with me.
I did _not_ start reading the newsfeeds to watch people argue
It _is_ a good technique!
It is _not_ a good technique!
Is So!
Is NOT!
IS TOO!
IS NOT!
YOURS IS SHORTER THAN MINE!
IS NOT!
IS SO!
etc. ad nauseum
I dunno whether your ciphering technique is a truly wonderful thing. And
I am not expert enough to be able to determine it for myself. But I know
that it is _unlikely_ to be something wonderful, just because so many
really smart people have been working on these techniques for so long.
It _might_ be, though. But even if it isn't, that does not detract from
the fact that you were smart enough to think of it. And if it has
weaknesses (as I suppose it does), then I'd say: learn how to do better
next time. Improve it if you can. If you can't, then make another one
which is stronger.
But don't take things personally.
Just my 2 cents.
Mike
--
----
char *p="char *p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
I don't speak for DSC. <- They make me say that.
David A. Scott
In a previous article, tbb...@mail.lrz-muenchen.de () says:
>On 22 Jan 1998, David A. Scott wrote:
>
>>
>I think, the important part of the whole story is: You didn't think about
>this kind of attack, and your cipher was weak against it.
I did not think it was fair to assume an enemy can get me to
encrypt a whole file of its chossing. Note if he gets to pick
only a portion of the file the attack fails.
>
>You are telling us, the blockciphers we are using at the moment, were
>weak against unknown attacks that could be used by NSA.
YES
>
>Why do you think, your cipher would be stronger?
I think scott16u would be better because most of the ciphers
in used require the attackers to use only a small portion
of the encrypted text to check for a solution. All the information
to crack them is in very short segments. No decent cipher for
files should be that way today. To break mine requires the whole
file to be analysised since a fragment does not contain enough
information to decrypt it. Take a one megabyte message encrytpt
it. now delete the first one and last 1k bytes of file. Give
the NSA the rest of file. My program and the key that was used.
They still would not be able to recover the information due to
the "wrapped PCBC" type of chainning. And yes one could use
DES or IDEA or BlOWFISH to do this kind of chainning if one
wished but I have not seen it done elsewhere.
>
>It didn't need too much time to find a known-plaintext-attack, so why do
>you think, the NSA hasn't developed an attack against SCOTT-type ciphers?
I think they have against many forms of wrapped smooth chaining.
but I don't see how that is possible against the begining and ending
layer of the type I laid out. Yes wiht several thousan messages with
the shortest files I allow one could build a table but this not reasonable
since method is realy for files I could just say make them 8 bytes or more.
To attack the U version by plaitext attack is the same as guessing
the soultion so it is not resonable. If one can show a resonable attack
against scott16u using fewere than a 100 choosen plain text files I
will quit posting and bragging about it forever.
>
>o They need strong ciphers for their own purpose.
>o They are collecting lots of data.
>o ERGO: They know scott16.
>o They could have tested scott16 for possible weaknesses.
I am sure they tested it. I am sure they noticed the weakness
first. But I think the chainning method has them scared because
it has the ability to effectively change the block size of
any block cipher to the actual size of the file and it does it
in a way that no padded bytes needed for a files that ends on
a partial block.
> (it could be a useful cipher for their own purpose or a danger
> for their key-breaking-system)
It is a major danger to their key breaking system because
the time to test a single key is the time to do a complete
decryption of the file. And it is a pain in the ass since the
whole file must be looked it to analysis a solution. These
are basically do to the chainning method. Which most people
have yet to grasp.
>o They do have the money, man- and computer-power to test any
> cipher they see much better than anybody else did during your contest.
>o ERGO: If there is any possible attack, THEY KNEW since the beginning of
> the contest.
I gave so many hints to the 8 bit contest that it should have been
broken by them. If is was not. Then they are a bunch of overpaid
blood sucking pigs wasting tax money. However I would really be
surprsied if they broke the 16 bit contests. In which case I thank
they are gods and if Clinton can't handle all the hot 19 year old
breeding stock maybe the NSA men could helpout.
>
>> I think part of the game like related key attack is pure bullshit
>> and I at this time will not play the game by there phony rules.
>> A key should be on the order of the key sizes I use.
>
>Why?
Because I am going to use a totally different key each time.
I can swallow that I can be tricked to but out a chossen plain
text message but I will be damed if I am going to but out same
message with just a slightly different key.
My keysize is the size needed to cover all mappings of a single
cycle. that is why it is the size it is.
>
>Even the 128 bit used in IDEA should be enough to keep people from
>brute-forcing a cipher.
I might belive this if one used wrapped PCBC wihtit.
>
>The really interesting attacks don't depend on keysize.
>
>What's the use of such a large key if a cipher is weak against the
>unknown attack?
The key is the size it is for convenice, But your right
if it is weak us different method.
>
>> Fock the others
>> if they so stupid to only want short keys. It is like learning chess
>> I doubt if I could beat Kolanoskey (bad spelling) in my first game
>> but I did a few years later. Yes I can learn and am superior to
>> most of you in that I when I learn I get better than most in math
>> related things.
>
>Just break IDEA and we will beliefe.
No u would not belive If i was Jeus hime self
no just the right size
>o Key-generation is far too slow to use the cipher within a network.
no
>o The amount of data needed by SCOTT16 is too large for many kinds
> of hardware.
memory prices dropping
> It's not only impossible to use SCOTT16 on a smartcard, you will in
> truble when coding many channels at the same time with different
> keys on ANY hardware.
maybe
>o A single biterror will destroy the whole message.
that is fucking right. use crc for block transfers if a
block has an error resend it.
>o It's impossible to read parts of a message before having received the
> whole message.
Know you are starting to understand
>
>Above all, PGP is a complete system, while SCOTT16 is only one component:
>The symmetric cipher.
for know but like MPJ said earlier it has a very unique chainning method
David A. Scott
In a previous article, xmxexsx...@xjxpxsx.xnxextx (TM remove Xs to reply)) says:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On 22 Jan 1998, David A. Scott wrote:
>..
>Yes, you did not come up through the crypto ranks, and that is
>probably why you didn't think of a chosen-plaintext attack. Whether or
>not it could be used in actuality, it is a flaw which strong
>algorithms should not have. If you think that's bullshit, fine, but
>any weakness, however theoretical, is a problem.
ARe you that 13 year old kid witht the mom in the NSA?
I fixed it for plaintext attack anyway.
>
>
>> I think part of the game like related key attack is pure bullshit
>> and I at this time will not play the game by there phony rules.
>> A key should be on the order of the key sizes I use.
>
>The NSA isn't limited to the attacks you want them to use. Why should
>they abide by *your* rules, and not by *theirs*? If you want to set up
>a theoretical situation in which your algorithm can't be broken,
>dandy. But remember, in the REAL WORLD any attack is possible.
My constest was real world thye had mesages where plain texts
known and encrypted version. The contest was to find the palin
text of anther file. Hell in the real world the enemy may
cahnge the key in a random nature with every message. I could
have done that. Is that more real world.
Not ture. THere only the attacks that both parties allow
can occur. The realted key attack is something to take peoples
minds off. Of how bad encryption is done so it is more if
an Acidemic exercise than anything to do with reality.
How every it could come up and I am sure if the NSA is any
goods they have thousands of various tests to see weaknesses.
IF you want to talk about real weaknesses how but the checks
PGP puts in to see if you have right key. I see no one bitching
about that. That is more relivant than the rare related ket stuff.
>
>> Fock the others
>> if they so stupid to only want short keys. It is like learning chess
>> I doubt if I could beat Kolanoskey (bad spelling) in my first game
>> but I did a few years later. Yes I can learn and am superior to
>> most of you in that I when I learn I get better than most in math
>> related things.
>
>So we should all bow down, eh? I could care less about your
>superiority. You *persist* in believing your algorithm is secure with
>little to no peer review, weaknesses in an early version, and no
>benefits over any existing algorithms. You claim to be flexible, but
>that (I think) proves your pigheadedness.
WELL i was right you are that little kid who claimed his mom
worked for the NSA.
>
>> It is fairly obvious that most of the so called
>> crypto that people get exposed to are based on weak princlipals
>> that in the computer age should change. The only reason it has not
>> must be due to the control and distortion from groups like the NSA
>> whose job it is. Is to help with the dumbing down of Americans. I
>> guess so we can blindly enter the next millenia as ignorant brain
>> dead slaves.
>
>True, most of the crypto out there is weak. It's based on simple
>algorithms, and can be found in a wide variety of commercial programs.
>But algorithms like IDEA and Blowfish are not in the "bad crypto"
>category. I would venture to say that Scott16u does, however. But
>since you proved IDEA was weak with no evidence, I can prove Scott16u
>is weak by the same method - "The NSA probably has already cracked
>Scott16u."
I have pointed out several times the weaknesses of IDEA and
why they should not be used. Go ahead what is weakabout mine.
IF you have any conections to honest people in the NSA or
is that an oxymoron. See what they say about it.
>
>So, when rhetoric fails you, you turn to insults?
KId you got I thought rhetoric and insluts the same.
>
>
>Ah, more insults. Tell me, Dave, how does Scott16u insure data
>integrity? By totally failing when one bit of the ciphertext is
>changed? You seem to think that one algorithm (yours) should be used
>for all applications? As someone pointed out, Scott16u has all of the
>characteristics which are least desirable in a communications cipher.
>Sanity checks *might* reduce security, but the attacker would have to
>break the overlying cipher first. And if the overlying cipher is any
>good, that won't happen.
IF a block is wrong the overlaying COMMUNICATION PROTICAL
SHOULD THROUGH CRC STUFF SEND THE RIGHT DAM BLOCK.
SANITY CHECKS ARE FOR FUCKING IDIOTS YOU DO YOUR BEST TO
HID INFOMATION KID. GET FUCKING REAL YOU ADD NO SHIT TO
WEAKEN IT. THE SO CALLED SANITY CHECK IS ONLY A DRUG LIKE
WEAKNESS FOR IDIOTS. WAKE UP THEY MAKE IT EASIER TO
BREAK OR ARE YOU TO STUPID TO SEE THIS MINOR POINT???
David A. Scott
In a previous article, jmcc...@sun1307.spd.dsccc.com (Mike McCarty) says:
>
>Hopefully, this will help you take the criticisms which have been
>levelled at your technique a little softer. I don't know what your
>technique is, and am not a cryptographic expert. But I know that all
>techniques are weak in some way. There is no perfect technique. So every
>technique is a trade off between various strengths and weaknesses.
I guess what pisses me off is the assholes that critize it without
trying it.
>
>Now why would the "known plaintext attack" be a reasonable thing to use
>in assessing the strength of a cryptographic technique? The reason is
>that in real-life it has been found to be a _useful_ technique. Just
>after a battle in wartime, one can have a pretty good guess at the
>kinds of transmissions which will take place, place names, grid
>locations, unit designations (4th army etc.). It is not too difficult
>to "plant" fake information which will be encrypted by the enemy and
>retransmitted. One way is by using a cipher which we know the enemy has
>broken, and which we no longer use for transmissions which must be kept
>secure. Transmit the fake, and wait for a spate of transmissions.
Yes this is true with most ciphers the message may contain planted
information. And since in most ciphers ( it least the one the NSA
wants you to use) only fragments of a message need to be looked out.
This planted information is of great help in breaking the cipher.
But what must fucking brain dead assholes out there don't seem
to be capable of absorbing in there small nonfuctioning brains is
that the total complete message would have to be encrypted wiht
my old message to even be weak to the plaintext attack. Due to
the fact every bit is a function to every bit on the final.
encrytped output. THERE IS NO CHOOSEN PLAIN TEXT AATTACK unless
100% of the meassage is choosen. This is not the same as you
describe above.
>Another is to receive a message in a cipher you can decrypt, and hope
>that the enemy also transmitted it in a more secure cipher (this is
>pretty common). Another is (hold on to your hat) many times messages
True you may be "but it israndom in this case not "CHOSSEN"
>which _should_ be encrypted are _not_ and are transmitted as plaintext.
>This happened _repeatedly_ in Germany.
Don't for get the pairs of 3 letters commonly sent on the
front of the messages.
>
>
>[snip]
>
>
>It seems to me that you are taking everything much too personally. ALL
>ciphers have relative strengths and weaknesses. If yours has some
>weakness, then it just means that one shouldn't use it in a circumstance
>where that weakness can be used against it. In other circumstances, it
>might be perfectly fine.
I didn't take it personally. Just trying to wake the brain dead
out there. I don't think I am doing a good job mostly idiots who
think they know something write back. Without every even testing
it. Nothing personall but I take forn your comments you never tried
it either.
>
>Attacking the mental capacity of an antagonist is really a very weak
>argument. I think you would better expend your efforts in trying to
>determine under what circumstances your technique is relatively strong,
>and when it is relatively weak.
I thought I tried both approaches.
>
>Certainly, neither you nor anyone else has a perfect system.
Of course thats what makes it fun as PC get faster
crytpo systems should continually improve. But i don't
see that because peopleare becoming dumber.
>
>[sanity checks]
>
>) Again you seem to lack the mental ability to understand the
>)example. If one is encrytping and decrypting wiht out error.
>)Than the so called sanity checks are not there in the sense
>)that no errors no messages. I Personally think that it is
>)STUPID to have checks in the code like PGP to make it easier
>)for the NSA types to break it. IT would be no more frustrating
>)to use for the average programer if it was not there. Its main
>)purpose is to make it easyier to break. Or at least in something
>)like PGP which is option rich there should be a way to encrypt
>)with out putting any helpful clues to the breaking of it.
>
>Ok, you don't like sanity checks. Other people do. A CRC is only a few
>bits. What difference does it make? In transmission time, nothing. In
>computation time, perhaps a few percent. I routinely use them at work.
I use them to in the communication envolope but not in the
encription.
>But they aren't warranted in every case. Why is the use of a sanity
>check a real problem for you? If you don't need it, but get it anyway,
>then just how much have you lost? 32 bits and a few milliseconds
>computation time. Transmission time at 1200 baud is only about 8
>milliseconds.
You sound like a fucking NAZI or an NSA plaint so called
sanity checks only work when you error. ANy fucking good program
like PGP could have easily but an option to drop this. SHit
the idea is to encrypt why FUCKING weaken it. IS THIS TO
HARD TO UNDERSTAND???
>I started using the newsfeeds because I found that I shared interests
>with other people. One of them is an interest in encryption. On occasion
>I have needed to _do_ some encryption at work. But mostly, I just want
>to find a community of people who are interested in the same things I
>am, and who are willing to share information with me.
>
>I did _not_ start reading the newsfeeds to watch people argue
how can you share woud out arguing.
>
> It _is_ a good technique!
> It is _not_ a good technique!
> Is So!
> Is NOT!
> IS TOO!
> IS NOT!
> YOURS IS SHORTER THAN MINE!
Shit I hope mine is longer than yours
> IS NOT!
> IS SO!
> etc. ad nauseum
>
>I dunno whether your ciphering technique is a truly wonderful thing. And
>I am not expert enough to be able to determine it for myself. But I know
>that it is _unlikely_ to be something wonderful, just because so many
>really smart people have been working on these techniques for so long.
>It _might_ be, though. But even if it isn't, that does not detract from
>the fact that you were smart enough to think of it. And if it has
>weaknesses (as I suppose it does), then I'd say: learn how to do better
>next time. Improve it if you can. If you can't, then make another one
>which is stronger.
WEll i did fuckin learn that is why it is scott16u now?
>
>But don't take things personally.
I only take cash personally
>
>Just my 2 cents.
>
>Mike
--
W T Shaw
In article <34c8fdef...@news.jps.net>,
xmxexsx...@xjxpxsx.xnxextx (TM (remove Xs to reply)) wrote:
>
> On 22 Jan 1998, David A. Scott wrote:
>
> > Fock the others
> > if they so stupid to only want short keys. It is like learning chess
> > I doubt if I could beat Kolanoskey (bad spelling) in my first game
> > but I did a few years later. Yes I can learn and am superior to
> > most of you in that I when I learn I get better than most in math
> > related things.
I'm sure that you have talents, perhaps some of them crypto related. But,
we all have flaws, and the greatest do as well. The problem is in
defining your own related weaknesses and doing something about them, just
like you tried to do in your program. Don't expect every thought you have
to be great, some might be...just useful.
>
> So we should all bow down, eh? I could care less about your
> superiority. You *persist* in believing your algorithm is secure with
> little to no peer review, weaknesses in an early version, and no
> benefits over any existing algorithms. You claim to be flexible, but
> that (I think) proves your pigheadedness.
There is nothing wrong about be stubborn, just inconveninent when it gets
in your own way. So, try to go around what appear to be inefficiencies in
design; keep trying different approaches and improvements.
>
> > It is fairly obvious that most of the so called
> > crypto that people get exposed to are based on weak princlipals
> > that in the computer age should change.
Any single crytological principle may appear weak; it is a combination of
several of them that can create strength, or not. The computer can makes
things faster, and inefficient processes functional. There is no other
logical benefit, other than that a computer tends to be lots more reliable
than a code clerk. Better design does not use the computer as a crutch,
but as a tool.
> > The only reason it has not
> > must be due to the control and distortion from groups like the NSA
> > whose job it is. Is to help with the dumbing down of Americans. I
> > guess so we can blindly enter the next millenia as ignorant brain
> > dead slaves.
They do have a job, an assigned task or few, but they will need to draw
their new employees from the same pool. But, it is not in society's best
interests to create intellectual classes by denying access to good ideas,
or even forbidding education to any class or race, the later which was
once commonly done.
>
> True, most of the crypto out there is weak. It's based on simple
> algorithms, and can be found in a wide variety of commercial programs.
> But algorithms like IDEA and Blowfish are not in the "bad crypto"
> category. I would venture to say that Scott16u does, however. But
> since you proved IDEA was weak with no evidence...
I've written lots of algorithms, some intended to be weak in a sense, to
illustrate some particular singular or group of techniques. There is
nothing wrong with this. Usually, this was intentional; sometimes,
however, I have been surprised by the results of a combination more than
once.
Doctors tell you that a routine aspirin will help you. If one helps
significantly, you may feel that taking lots will make you feel
*incredibly great*; bit, too much can prove fatal. Don't try to do
everything with too few or not well matched techniques to get good
security, you tend to shoot yourself in the foot that way.
I still have some reservations about DES, and I think they may be
well-founded, but I have failed to see how to exploit them. I do not
claim that it is weak, only that I am suspicious about parts of it. I may
never be able to find a means of entry into it myself, but others are
suggesting faster key searches based on related ideas. That in itself is
pleasing, that I may have not been entirely on the wrong track after all.
If you can do the same with IDEA, more power to you. I have reservations
about it too. Are they justified? I don't know, but possibly. Having
leaning feelings is different from stating a fact about weakness.
> I can prove Scott16u
> is weak by the same method - "The NSA probably has already cracked
> Scott16u."
Just casually walk in and wander around in the halls until you find the
"Scott 16u Decryption Section" painted on some door in gold letters.
>
> So, when rhetoric fails you, you turn to insults?
Forgive him, he has been watching too much C-SPAN.
>
> > ... I Personally think that it is
> > STUPID to have checks in the code like PGP to make it easier
> > for the NSA types to break it.
Consider that there may be another purpose without necessarily causing
that. Whether that is a result is another question, and one worth asking.
> > IT would be no more frustrating
> > to use for the average programer if it was not there. Its main
> > purpose is to make it easyier to break. Or at least in something
> > like PGP which is option rich there should be a way to encrypt
> > with out putting any helpful clues to the breaking of it.
PGP implementations have always suffered from poor overall design. The
package is getting better, but the internals are what is of most
important.
>
> ....Tell me, Dave, how does Scott16u insure data
> integrity? By totally failing when one bit of the ciphertext is
> changed? You seem to think that one algorithm (yours) should be used
> for all applications?
Avalanching makes a cipher system more vulnerable. If you pool less
quantity into some sort of local avalanching, you can at least further
some communications success in spite of noise getting into the link. "You
cannot eliminate all noise," Communications 101.
> As someone pointed out, Scott16u has all of the
> characteristics which are least desirable in a communications cipher.
Not all, he missed some.
--
wts...@itexas.net--crypto: maintaining the right to develop,
publish, and distribute works of my own creation.
A person is free if limited only my his own imagination.
If limited by anothers imagination, you are his slave.
W T Shaw
In article <6abl42$8ib$1...@news.ysu.edu>, an...@yfn.ysu.edu (David A. Scott)
wrote:
> In a previous article, tbb...@mail.lrz-muenchen.de () says:
>
> I think scott16u would be better because most of the ciphers
> in used require the attackers to use only a small portion
> of the encrypted text to check for a solution. All the information
> to crack them is in very short segments. No decent cipher for
> files should be that way today.
It is a problem of magnitude. I agree that is it really dumb to be able
to solve for a key with only one or two sort blocks of ciphertext. It
does not justify the other extreme however. Messages can be truncated, or
occasional data flaws do pass without detection. Requiring a significant
amout of data be processed to solve for a key is a good idea as it makes
brute force searches difficult. Better is to make it difficult to ever
reassemble the entire key.
> They still would not be able to recover the information due to
> the "wrapped PCBC" type of chainning. And yes one could use
> DES or IDEA or BlOWFISH to do this kind of chainning if one
> wished but I have not seen it done elsewhere.
I put out an application that includes an extensive wrapping; let me see
when....June 30, 1995, not in the highest quality algorithm either, just a
demonstation.
> >
> >It didn't need too much time to find a known-plaintext-attack, so why do
> >you think, the NSA hasn't developed an attack against SCOTT-type ciphers?
> I think they have against many forms of wrapped smooth chaining.
> but I don't see how that is possible against the begining and ending
> layer of the type I laid out. Yes wiht several thousan messages with
> the shortest files I allow one could build a table but this not reasonable
> since method is realy for files I could just say make them 8 bytes or more.
> To attack the U version by plaitext attack is the same as guessing
> the soultion so it is not resonable. If one can show a resonable attack
> against scott16u using fewere than a 100 choosen plain text files I
> will quit posting and bragging about it forever.
It is possible that you have piled on enough layers to effectively foil
decryption. It is not that difficult to make something rather strong.
However, needing only 100 chosen plain text files for hacking it is far
too few to qualify as really strong encryption. You hint at a need to
have much more diversity of output. With some effort, you should be able
to find it, but it might be involved with a simplification of your
algorithm to make it more efficient.
> >o They could have tested scott16 for possible weaknesses.
> I am sure they tested it. I am sure they noticed the weakness
> first. But I think the chainning method has them scared because
> it has the ability to effectively change the block size of
> any block cipher to the actual size of the file and it does it
> in a way that no padded bytes needed for a files that ends on
> a partial block.
I have always considered chaining as a false god. Its eyes are not even
real diamonds, perhaps only cubic zirconia's fresh from The Shopping
Channel.
> >o They do have the money, man- and computer-power to test any
> > cipher they see much better than anybody else did during your contest.
> >o ERGO: If there is any possible attack, THEY KNEW since the
beginning of
> > the contest.
And, they need to win the money so badly....
> I gave so many hints to the 8 bit contest that it should have been
> broken by them. If is was not. Then they are a bunch of overpaid
> blood sucking pigs wasting tax money.
It's hoop-time at the dog show.
> However I would really be
> surprsied if they broke the 16 bit contests. In which case I thank
> they are gods and if Clinton can't handle all the hot 19 year old
> breeding stock maybe the NSA men could helpout.
It would be hard to pass their routine purity-of-behavior tests, not that
some might not be jealous of what gets passed on the political side.
>
...
> >> A key should be on the order of the key sizes I use.
> >
> >Why?
> Because I am going to use a totally different key each time.
> I can swallow that I can be tricked to but out a chossen plain
> text message but I will be damed if I am going to but out same
> message with just a slightly different key.
A good algorithm would have some life to any key. Being a single-shot
system is proof enough that it is bad.
> My keysize is the size needed to cover all mappings of a single
> cycle. that is why it is the size it is.
Insufficient, too determinative.
> >
> >Even the 128 bit used in IDEA should be enough to keep people from
> >brute-forcing a cipher.
It was a good IDEA, just not the best.
>
> I might belive this if one used wrapped PCBC wihtit.
>
Chaining a good algorithm with a compatible 'nother layer does tend to
make things stronger.
> >The really interesting attacks don't depend on keysize.
> >
> >What's the use of such a large key if a cipher is weak against the
> >unknown attack?
> The key is the size it is for convenice, But your right
> if it is weak us different method.
It is never convenient to have a traumatically larger key than necessary.
David A. Scott
In a previous article, wts...@itexas.net (W T Shaw) says:
>In article <34c8fdef...@news.jps.net>,
>There is nothing wrong about be stubborn, just inconveninent when it gets
>in your own way. So, try to go around what appear to be inefficiencies in
>design; keep trying different approaches and improvements.
I have that is why it is version 16u
>>
>> > It is fairly obvious that most of the so called
>> > crypto that people get exposed to are based on weak princlipals
>> > that in the computer age should change.
>
>Any single crytological principle may appear weak; it is a combination of
>several of them that can create strength, or not. The computer can makes
>things faster, and inefficient processes functional. There is no other
>logical benefit, other than that a computer tends to be lots more reliable
>than a code clerk. Better design does not use the computer as a crutch,
>but as a tool.
In todays words of HOME PCs I would say a computer is more than a
crutch if good encryption is to be done. IT is almost a necessitdy
>
>> > The only reason it has not
>> > must be due to the control and distortion from groups like the NSA
>> > whose job it is. Is to help with the dumbing down of Americans. I
>> > guess so we can blindly enter the next millenia as ignorant brain
>> > dead slaves.
>
>They do have a job, an assigned task or few, but they will need to draw
>their new employees from the same pool. But, it is not in society's best
>interests to create intellectual classes by denying access to good ideas,
>or even forbidding education to any class or race, the later which was
>once commonly done.
I agree that it is not in the best interest to create intellectual
classes by denying access to good ideas. The open ideas of early
america lead to great advances. But now the government fears a
populace with any knowledge and it will help lead to the collapse
of the US. The bad thing is most people to stupid to even grasp
what you are saying here.
>>
>> True, most of the crypto out there is weak. It's based on simple
>> algorithms, and can be found in a wide variety of commercial programs.
>> But algorithms like IDEA and Blowfish are not in the "bad crypto"
>> category. I would venture to say that Scott16u does, however. But
>> since you proved IDEA was weak with no evidence...
I have been able to undo slight more than one full round of
IDEA in the litaure. Weak keys keep being found. SOme one has
undone 3.5 rounds. IT is based on mixture of 2 algebras and
not randam S tables like scott16u. It only needs a small portion
of encrypted text to be analysised. While the whole file is needed
in scott16u. They may have been good crypto when everybody had VIC
20's as there good computers. But with todays machines they are
not good.
>
>I've written lots of algorithms, some intended to be weak in a sense, to
>illustrate some particular singular or group of techniques. There is
>nothing wrong with this. Usually, this was intentional; sometimes,
>however, I have been surprised by the results of a combination more than
>once.
Writing reduced versions I feel is an important step in evualating
the strength of an encryption program.
>
>Doctors tell you that a routine aspirin will help you. If one helps
>significantly, you may feel that taking lots will make you feel
>*incredibly great*; bit, too much can prove fatal. Don't try to do
>everything with too few or not well matched techniques to get good
>security, you tend to shoot yourself in the foot that way.
I like the analogy except it does not fit here. If one liked
PGP doing to a dozen times is not going to help. If PGP broken
they just undo one layer at a atime. If I was going to have
an arm amutated and the doctor gave me a choice of asprin or
opium. I would opt for the opium. It is good for the stomach
to where as lots of asprin is going to damage the stomach and
will not reduce this pain very much. I think this a better analogy
>
>I still have some reservations about DES, and I think they may be
>well-founded, but I have failed to see how to exploit them. I do not
>claim that it is weak, only that I am suspicious about parts of it. I may
>never be able to find a means of entry into it myself, but others are
>suggesting faster key searches based on related ideas. That in itself is
>pleasing, that I may have not been entirely on the wrong track after all.
THe NSA could break DES by a key search in just a few days. People
on the net spent a long time only because they where using regular
computers. the NSA has had very special computers and finite state
logic machines designed or costimzed for DES and other special
codes. Read the PUZZLE PALACE it mentions the making of DES. Thank
about it. Anybody with a fucking brain would have made it if not
32 then 64 bits for a key. They picked key size to be largest they
could easily do a key search. Yet large enough that the general
public could not do it. In 5 years if home PC keep geting faster
you may have a program in your home machine to do it.
>
>
>If you can do the same with IDEA, more power to you. I have reservations
>about it too. Are they justified? I don't know, but possibly. Having
>leaning feelings is different from stating a fact about weakness.
>
>> I can prove Scott16u
>> is weak by the same method - "The NSA probably has already cracked
>> Scott16u."
>
>Just casually walk in and wander around in the halls until you find the
>"Scott 16u Decryption Section" painted on some door in gold letters.
If you every see it on the door then it would be a trick.
It is not used by any group. Besides it is the ideas and principles
that are in the design, They fear more than anything. The
"wrapped PCBC" chainning with the Onion layer has got them
worried. Becasue that Idea may spread to the currently misdirected
crypto community that has been lead down the garden path
by the wonderful misinformation of the NSA types.
>>
>> So, when rhetoric fails you, you turn to insults?
>
>Forgive him, he has been watching too much C-SPAN.
I watch things like XENA
time to break this into
David A. Scott
In a previous article, wts...@itexas.net (W T Shaw) says:
>Forgive him, he has been watching too much C-SPAN.
I like XENA better
ok rest
>>
>> > ... I Personally think that it is
>> > STUPID to have checks in the code like PGP to make it easier
>> > for the NSA types to break it.
>
>Consider that there may be another purpose without necessarily causing
>that. Whether that is a result is another question, and one worth asking.
There is really no other purpose other than ignorance to encrypt then weaken
>
>> > IT would be no more frustrating
>> > to use for the average programer if it was not there. Its main
>> > purpose is to make it easyier to break. Or at least in something
>> > like PGP which is option rich there should be a way to encrypt
>> > with out putting any helpful clues to the breaking of it.
>
>PGP implementations have always suffered from poor overall design. The
>package is getting better, but the internals are what is of most
>important.
that is why I like the earlier versions it was easier to get the
real source code.
>>
>> ....Tell me, Dave, how does Scott16u insure data
>> integrity? By totally failing when one bit of the ciphertext is
>> changed? You seem to think that one algorithm (yours) should be used
>> for all applications?
>
>Avalanching makes a cipher system more vulnerable. If you pool less
>quantity into some sort of local avalanching, you can at least further
>some communications success in spite of noise getting into the link. "You
>cannot eliminate all noise," Communications 101.
I feel it is the communication envolopes that handle packets
of data on the net. True no comumication is error free. That
is why the communication pactets have CRC built in them. When
they get a bad CRC they just resend the data. How oftem do you
get a bad *.zip file over the internet anymore. I had lots of
truoble getting the original DJGPP software error free. But the
last few times hard drive crashed I down load those many megs of
file wiht no errors. Oh I am sure ther where errors it is just that
the communication packets catch those as they are designed to do
and then resend it. With all this talk about reliablity of you get
a *.exe file from internet that has a few errors. do you rerun it
to try to figure out where the error is to fix or do you just
re download it. I just redownload it. The error free transmtion
of digital code is not the responsiblity of the encryption program
and should be sepearate. However I admit lots of time if sending
text. I amy zip it up anad than check integraty after getting
the message to see if zip says it ok. This is stronger than other
ciphers at this since even though the zip file is pridictable
at certain portions. My method does not allow the enemy to
take adavantage of this due to the chaining involving every
other bit of the file.
>
>> As someone pointed out, Scott16u has all of the
>> characteristics which are least desirable in a communications cipher.
It is a letter in a group of communication packets. THink about it.
In the old days yes ciphers had to be robust to communication errors
but in your hard drice or over the net you want ERROR free packets or
have the packets resent. The recovering of part of a file is almost
usless on a computer. Granted if you read a message you may with the
hunan brain figure out the whole message even if it has errors. BUt
sent an executable with a few errors and try to run them on your
machine you are most likely fucked. The way of today is send me
the whole fucking file error free or send it again. If you liev
in a different world or time go back to the old way. Like wise
the chainning methods people still use (NSA loves it) still
has this weak error recovery property and it weaks the code.
David A. Scott
In a previous article, wts...@itexas.net (W T Shaw) says:
>In article <6abl42$8ib$1...@news.ysu.edu>, an...@yfn.ysu.edu (David A. Scott)
>wrote:
>
>> In a previous article, tbb...@mail.lrz-muenchen.de () says:
>>
>> I think scott16u would be better because most of the ciphers
>> in used require the attackers to use only a small portion
>> of the encrypted text to check for a solution. All the information
>> to crack them is in very short segments. No decent cipher for
>> files should be that way today.
>
>It is a problem of magnitude. I agree that is it really dumb to be able
>to solve for a key with only one or two sort blocks of ciphertext. It
>does not justify the other extreme however. Messages can be truncated, or
>occasional data flaws do pass without detection. Requiring a significant
>amout of data be processed to solve for a key is a good idea as it makes
>brute force searches difficult. Better is to make it difficult to ever
>reassemble the entire key.
Well if you worried and scared you can chope it up to blocks of a
few thousand bytes. It just is that for file of only a few dozen
megabytes a block of the whole file size was convinet.
>
>> They still would not be able to recover the information due to
>> the "wrapped PCBC" type of chainning. And yes one could use
>> DES or IDEA or BlOWFISH to do this kind of chainning if one
>> wished but I have not seen it done elsewhere.
>
>I put out an application that includes an extensive wrapping; let me see
>when....June 30, 1995, not in the highest quality algorithm either, just a
>demonstation.
I am not sure I saw your product can you give an over view of
what you call a wrapping. Is it looped around or just several
passes. Does it require the file to be decrypted in the reverse
direction of the encryption passes. That is. If the file is encrypted
top to bottom then like a zipper you have to start at bottom of file
and work you way up. If not then you don't even come close to what
I mean by wrapped PCBC.
>> >
>> >It didn't need too much time to find a known-plaintext-attack, so why do
>> >you think, the NSA hasn't developed an attack against SCOTT-type ciphers?
>> I think they have against many forms of wrapped smooth chaining.
>> but I don't see how that is possible against the begining and ending
>> layer of the type I laid out. Yes wiht several thousan messages with
>> the shortest files I allow one could build a table but this not reasonable
>> since method is realy for files I could just say make them 8 bytes or more.
>> To attack the U version by plaitext attack is the same as guessing
>> the soultion so it is not resonable. If one can show a resonable attack
>> against scott16u using fewere than a 100 choosen plain text files I
>> will quit posting and bragging about it forever.
>
>It is possible that you have piled on enough layers to effectively foil
>decryption. It is not that difficult to make something rather strong.
>However, needing only 100 chosen plain text files for hacking it is far
I was waving my hands how about 1000 what number grabs your fanacy.
I have been playing with fewer layers. I feel the 2 end layers with maybe
3 center layers is enough. However I see no reason to use less sonce it
is extremely fast as it is. I also feel to be good in the year 2010 the
methods in use then would run real slow on todays machines. Encrypt should
take more operations to encrpt in the future as machines get faster.
>too few to qualify as really strong encryption. You hint at a need to
>have much more diversity of output. With some effort, you should be able
>to find it, but it might be involved with a simplification of your
>algorithm to make it more efficient.
You doubt it becasue you don't even fuckin understand it. Or
you wwould not have made this last comment.
>
>> >o They could have tested scott16 for possible weaknesses.
>> I am sure they tested it. I am sure they noticed the weakness
>> first. But I think the chainning method has them scared because
>> it has the ability to effectively change the block size of
>> any block cipher to the actual size of the file and it does it
>> in a way that no padded bytes needed for a files that ends on
>> a partial block.
>
>I have always considered chaining as a false god. Its eyes are not even
>real diamonds, perhaps only cubic zirconia's fresh from The Shopping
>Channel.
Well if you look at the chaining the GODS of crypto have left you
then you are right. THEY FUCKING SUCK. But you can expand your
brain a little and dump those outdated chainning methods that the
NSA has duped people into using. Wake up and take alook.
>
>> >o They do have the money, man- and computer-power to test any
>> > cipher they see much better than anybody else did during your contest.
>> >o ERGO: If there is any possible attack, THEY KNEW since the
>beginning of
>> > the contest.
>
>And, they need to win the money so badly....
>
>> I gave so many hints to the 8 bit contest that it should have been
>> broken by them. If is was not. Then they are a bunch of overpaid
>> blood sucking pigs wasting tax money.
>
>It's hoop-time at the dog show.
Is that simialr to a dog and pony show after the jerks with there
suits comein.
>
>> However I would really be
>> surprsied if they broke the 16 bit contests. In which case I thank
>> they are gods and if Clinton can't handle all the hot 19 year old
>> breeding stock maybe the NSA men could helpout.
>
>It would be hard to pass their routine purity-of-behavior tests, not that
>some might not be jealous of what gets passed on the political side.
Gee I never thought of that. Maybe I don't pass there tests either
since I still think the best women in the US are the legal whores of
the NBA (Nevada Brothel Association). They are cleaner and less likely
to pass AIDS than the ladies you run into at a church social. But don;t
take my word for it ask the government which is still pissed as hell
that the CDC has yet to find a case of AIDS transmitted to a customer.
And they are looking hard. I would rather fuck any of them than an unknown
>>
>...
>> >> A key should be on the order of the key sizes I use.
>> >
>> >Why?
>> Because I am going to use a totally different key each time.
>> I can swallow that I can be tricked to but out a chossen plain
>> text message but I will be damed if I am going to but out same
>> message with just a slightly different key.
>
>A good algorithm would have some life to any key. Being a single-shot
>system is proof enough that it is bad.
>
>> My keysize is the size needed to cover all mappings of a single
>> cycle. that is why it is the size it is.
>
>Insufficient, too determinative.
bullshit this is to long
David A. Scott
In a previous article, wts...@itexas.net (W T Shaw) says:
I chopped it since getting to long
>...
>> >> A key should be on the order of the key sizes I use.
>> >
>> >Why?
>> Because I am going to use a totally different key each time.
>> I can swallow that I can be tricked to but out a chossen plain
>> text message but I will be damed if I am going to but out same
>> message with just a slightly different key.
>
>A good algorithm would have some life to any key. Being a single-shot
>system is proof enough that it is bad.
OK use the same fucking key until your tired. Then use a totally
differnt key when u change. Do you like that better. The size
of my key is what is necessiary to span the whole space.
>
>> My keysize is the size needed to cover all mappings of a single
>> cycle. that is why it is the size it is.
>
>Insufficient, too determinative.
BULLSHIT AGAIN YOU DON"T KNOW WHAT THR FUCK YOUR SAYING
Only a brain dead idoit would say it is insufficient. It covers
the whole fucking spaace allowing all single cycle 16 bit tables
to be use so hardly insufficient
>> >
>> >Even the 128 bit used in IDEA should be enough to keep people from
>> >brute-forcing a cipher.
>
>>
>> I might belive this if one used wrapped PCBC wihtit.
>>
>Chaining a good algorithm with a compatible 'nother layer does tend to
>make things stronger.
AGAIN FUCK YOU you don't have the foggiest idea of what I mean
by my form of chaining.
>
>> >The really interesting attacks don't depend on keysize.
However just knowing nothing else but key size.
the larger the key size the safer the alogorithm is. Know
go ahead and be an ass. I don;t say key siae alone determines
safety. I said KNOWING NOTHING ELSE the longer the key the bettr
chance of security. AND by key size I mean the power of 2 (number
of bits) to represent a unique mapping.
>> >
>> >What's the use of such a large key if a cipher is weak against the
>> >unknown attack?
>> The key is the size it is for convenice, But your right
>> if it is weak us different method.
>
>It is never convenient to have a traumatically larger key than necessary.
What the hell is traumatically larger. If the key is protected by
a variable lenght password it can be any fucking size that conviently
sits on your hard dirve.
>--
an...@yfn.ysu.edu--krypto: maintaining the right to develop,
publish, and distribute works of my own creation.
yes remember tht 96 is code for 69.
Steve Sampson
David A. Scott wrote
> BULLSHIT AGAIN YOU DON"T KNOW WHAT THR FUCK YOUR SAYING
>Only a brain dead idoit would say it is insufficient. It covers
>the whole fucking spaace allowing all single cycle 16 bit tables
>to be use so hardly insufficient
Besides having a filthy mouth, your spelling is borderline English.
Might I suggest that you use a mailer with a built-in spell-checker?
If you are going to project yourself as being more of an expert than those
you wish to curse at, then you might want to actually be able to spell
just as good, if not better.
Good luck,
Steve
TM (remove Xs to reply)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 24 Jan 1998 03:22:44 GMT, an...@yfn.ysu.edu (David A. Scott) wrote:
> ARe you that 13 year old kid witht the mom in the NSA?
>I fixed it for plaintext attack anyway.
I think you probably have me confused with someone else. I'm 16, and
my mom is an English teacher. Close, but no cigar.
> My constest was real world thye had mesages where plain texts
>known and encrypted version. The contest was to find the palin
>text of anther file. Hell in the real world the enemy may
>cahnge the key in a random nature with every message. I could
>have done that. Is that more real world.
Like I said, a real world examination isn't always enough. Sometimes
you have to look at things in a theoretical light. It's good to test
how much stress a structure can take before breaking - then you know
how strong it is. It doesn't matter what kind of attacks are "allowed"
in the real world - all but a tiny fraction of the current
cryptographic systems can be rendered null and void by Mongo, NSA
Special Agent, and his trusty hedge clippers. "Give me the key or lose
a toe." *snip*
> Not ture. THere only the attacks that both parties allow
>can occur. The realted key attack is something to take peoples
>minds off. Of how bad encryption is done so it is more if
>an Acidemic exercise than anything to do with reality.
>How every it could come up and I am sure if the NSA is any
>goods they have thousands of various tests to see weaknesses.
>IF you want to talk about real weaknesses how but the checks
>PGP puts in to see if you have right key. I see no one bitching
>about that. That is more relivant than the rare related ket stuff.
Once again, sanity checks are a trade-off between supreme security and
usability. If the greatest encryption program in the world was
user-hostile, no one would use it.
> WELL i was right you are that little kid who claimed his mom
>worked for the NSA.
Yeah, me talking about your resistance to outside opinion certainly
confirms my identity.
> I have pointed out several times the weaknesses of IDEA and
>why they should not be used. Go ahead what is weakabout mine.
>IF you have any conections to honest people in the NSA or
>is that an oxymoron. See what they say about it.
I have *no* clue why you're lumping me with the NSA. Anyways, here's a
list of flaws in your algorithm-
o Lack of peer review
o Error-propagating (this makes it bad for communications)
o Dumbshit author (I don't trust anyone less articulate than I to
write something better than I)
o Current algorithm based on flawed algorithm
And this is without looking at the source code.
>>So, when rhetoric fails you, you turn to insults?
> KId you got I thought rhetoric and insluts the same.
Rhetoric is argument - insults are a way of dodging questions.
> IF a block is wrong the overlaying COMMUNICATION PROTICAL
>SHOULD THROUGH CRC STUFF SEND THE RIGHT DAM BLOCK.
Yes folks, you heard it here. Communication applications *need* to
have a non error-propagating cipher. There's a reason such ciphers
were developed. I mean, try talking to someone else who's ever written
or is writing a secure communications program. They will tell you, as
I have tried to, as is common sense, that you can't use the same
cipher for file encryption as for communications.
>SANITY CHECKS ARE FOR FUCKING IDIOTS YOU DO YOUR BEST TO
>HID INFOMATION KID. GET FUCKING REAL YOU ADD NO SHIT TO
>WEAKEN IT. THE SO CALLED SANITY CHECK IS ONLY A DRUG LIKE
>WEAKNESS FOR IDIOTS. WAKE UP THEY MAKE IT EASIER TO
>BREAK OR ARE YOU TO STUPID TO SEE THIS MINOR POINT???
Damn, man. Calm down. Wouldn't want some old fart like yourself to
drop dead of a stroke or anything. Christ. Deep breaths... you got it.
In, out, in, out... think calm. Right then. Think about this:
You have two sections of a plaintext message - the message (M), and
the CRC of the message (CRC). You also have the algorithm you're going
to encrypt them with - E. The ciphertext would equal E(M,CRC). In
order to get the CRC, you still have to decrypt E(M,CRC) with the
correct key, or break the algorithm in some way. One way sanity checks
(implemented correctly) DO help the attacker is by letting the
attacker know when he has the correct key. That's all. The attacker
still has to crack the cipher - E before he can check the CRC.
BTW, Dave, why is it that I (a 16 year old junior in high school)
write better than you (a weird old guy who's probably been through
college)? I've always wondered that.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQA/AwUBNMplWAdZfH4UxP3mEQKAnQCeNW4FCYVuBZiO+j+x/Ed0InJ4K3gAoOLN
yLFMVt25lhwf8/6ELMJLN9ro
=oqwl
Gordon Oliver
David A. Scott wrote:
[snip]
> out there. I don't think I am doing a good job mostly idiots who
> think they know something write back. Without every even testing
> it. Nothing personall but I take forn your comments you never tried
> it either.
David,
Could you post a detailed description of your algorithm? I.e enough
to actually implement it independently. I searched for such a
description (or any description) and could not find one. This way
people could search for weaknesses in the algorithm, and they could
even do this if they were living outside the US.
If the algorithm passes said scrutiny, it would be worth using. But
until it does, people would be silly to use an unknown algorithm.
(why should I trust you any more than the NSA, for all _I_ know, you
might work for them :-)
gordon.
Andreas Enterrottacher
The decryption of a 1-megabyte file needs 2^17 times longer than the
decryption of a 64-bit block. If we had to brute-force it, this would
add 17 bit of strength.
All other kinds of cryptanalysis may or may not become difficulter -
they could as well become simpler.
So you would as well think, DES with PCBC would be strong?
> >
> >The really interesting attacks don't depend on keysize.
> >
> >What's the use of such a large key if a cipher is weak against the
> >unknown attack?
> The key is the size it is for convenice, But your right
> if it is weak us different method.
>
> >
> >> Fock the others
> >> if they so stupid to only want short keys. It is like learning chess
> >> I doubt if I could beat Kolanoskey (bad spelling) in my first game
> >> but I did a few years later. Yes I can learn and am superior to
> >> most of you in that I when I learn I get better than most in math
> >> related things.
> >
> >Just break IDEA and we will beliefe.
> No u would not belive If i was Jeus hime self
No, but if you would break IDEA.
Too large for key-exchange.
> >o Key-generation is far too slow to use the cipher within a network.
> no
Even blowfish needs horribly long for a cipher used in a network.
You cipher can't handle frequent change of the key.
> >o The amount of data needed by SCOTT16 is too large for many kinds
> > of hardware.
> memory prices dropping
> > It's not only impossible to use SCOTT16 on a smartcard, you will in
> > truble when coding many channels at the same time with different
> > keys on ANY hardware.
> maybe
> >o A single biterror will destroy the whole message.
> that is fucking right. use crc for block transfers if a
> block has an error resend it.
For many purposes it's better to live with the error - secure phones,
for example.
> >o It's impossible to read parts of a message before having received the
> > whole message.
> Know you are starting to understand
Because of this, it's useless for encrypting datastreams.
I want to read the first part of a textfile wile the rest is on the way.
Besides: It's as well useless for a secure file system.
> >
> >Above all, PGP is a complete system, while SCOTT16 is only one component:
> >The symmetric cipher.
> for know but like MPJ said earlier it has a very unique chainning method
unique is not the same as good.
> >
> >> >> Soon 1000 dollar contest for scott16u.zip
> >> >
> >> >I'll hold my breath.
> >> >
> >> >
> >> Well if your still holding your dead now
>
> --
> "http://www.sni.net/~mpj/crypto.htm" MPJ's North American Strong Cry
> ptographic Software Archive Look under the FTP file archive in
> the \new Directory to get scott16u.zip
Andreas Enterrottacher
enterro...@t-online.de
enterro...@lrz.tu-muenchen.de
Andreas Enterrottacher
Conderning the security of wrapped PCBC:
Standard PCBC was used to do authentisation and blockchaining at the
same time.
It isn't used any more in Kerberos, because it is possible to exchange
two blocks. This will destroy both blocks - all other blocks will
survive. If your integrity check tests only the last blocks, you won't
find the destroyed blocks and think, the file would be ok.
This shows, that PCBC is useless as an integrity check if the attacker
wants to hide the destruction he caused.
What way did you solve this problem when developing wrapped PCBC?
Andreas Enterrottacher
enterro...@t-online.de
enterro...@lrz.tu-muenchen.de
Andreas Enterrottacher
Andreas Enterrottacher wrote:
>
> Conderning the security of wrapped PCBC:
>
> Standard PCBC was used to do authentisation and blockchaining at the
^^^^^^^^^^^^^^
Of course not authentisation, but integrity check.
David A. Scott
I can't spell worht shit but so fucking what. If someone is going
to decide how good my encryption is base on my speeliing I say
fuck them. Sometimes I do use the spelling checker but it is slow
and sometimes I don't spell near good enough to correct it any way
and other times I spell correct words it is just they aren'y really
the words I wanted to use. I some times wake up not sure if I can
read, I don't think my brain wired the way most are.
one of my best friends says I never will find a women like that
Jack Niclious movie out something about happiness I already forgot
the title. But I do go on. And as long as there are sweet legal
whores in NEvada life is still worht living.
David A. Scott
In a previous article, xmxexsx...@xjxpxsx.xnxextx (TM remove Xs to reply)) says:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On 24 Jan 1998 03:22:44 GMT, an...@yfn.ysu.edu (David A. Scott) wrote:
>
>> ARe you that 13 year old kid witht the mom in the NSA?
>>I fixed it for plaintext attack anyway.
>
>I think you probably have me confused with someone else. I'm 16, and
>my mom is an English teacher. Close, but no cigar.
well I think guessing within 3 years is pretty fucking close.
How old do you think I am kid. ANd don't show this stuff to your
mommy or she will take your computer away. How second thought
show some balls and show her how rnglish is misused in the net.
>
>Once again, sanity checks are a trade-off between supreme security and
>usability. If the greatest encryption program in the world was
>user-hostile, no one would use it.
Sanity checks are no better than sanity napkins. WHen eirther is
in use it just hids a smell. For most encrypt the method used
is not understandable by the user. Most would have no fucking idea
if DES or IDEA was in use. People only go by window dressing.
PGP could have used my 8 bit encryption for the IDEA and no one
who did not look at souce would know the difference.
>I have *no* clue why you're lumping me with the NSA. Anyways, here's a
>list of flaws in your algorithm-
>
>o Lack of peer review
Hay it is there for the public. But thise who want me to for
the review can just wait. The lack of a peer review in a formal
setting is not my falut. IT will not happen since those high
up are in bed wiht the NSA or they are dumb and the NSA has
nothing to fear from them.
>o Error-propagating (this makes it bad for communications)
Jesus kid. It is the communication envolopes that handle
the errors. We have rapidily left the analog world behind
file don't need to contain erroecting sequences especially
encrytped files.
>o Dumbshit author (I don't trust anyone less articulate than I to
>write something better than I)
>o Current algorithm based on flawed algorithm
>
>And this is without looking at the source code.
>
then stay stupid kid
>>>So, when rhetoric fails you, you turn to insults?
>> KId you got I thought rhetoric and insluts the same.
>
>Rhetoric is argument - insults are a way of dodging questions.
>
>> IF a block is wrong the overlaying COMMUNICATION PROTICAL
>>SHOULD THROUGH CRC STUFF SEND THE RIGHT DAM BLOCK.
>
>Yes folks, you heard it here. Communication applications *need* to
>have a non error-propagating cipher. There's a reason such ciphers
>were developed. I mean, try talking to someone else who's ever written
>or is writing a secure communications program. They will tell you, as
>I have tried to, as is common sense, that you can't use the same
>cipher for file encryption as for communications.
>
no it aint
> -export-a-crypto-system-sig -RSA-3-lines-PERL
>#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
>$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
>lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
>
--
David A. Scott
In a previous article, xmxexsx...@xjxpxsx.xnxextx (TM remove Xs to reply)) says:
Sorry kid had to chop it up. It was to lonmg.
Yes I might gtet a stroke my blodd pressure very high but
got so stuff from a lady of the evening that has always
lowered my pressure so not to worry. I thougth I was going
to have to hop a plane to RENO since they have good medical
facilites at the MUSTANG ranch.
>BTW, Dave, why is it that I (a 16 year old junior in high school)
>write better than you (a weird old guy who's probably been through
>college)? I've always wondered that.
The reason is I got in the 99+ percentile on my college entracne
exaims in the math and science section. And in the cold war days
they let is people in the low teens percentile for english pass.
I also have a master degree in control theroy. But I think you
mom would be happy to now I could never teach you anything in school
since I can't pass the English part od test for teachers. If
I was in school today I would never make college. I would never
pass English, As it was in college I found the English section
for the dumb jocks who scratch there balls all during class.
Not a female in the class. Women are differnet then men they
tend to be superior in ENglsih and such But we kick ass in math
and sciece. You may not hear many reahers say that today since
it is politically correct to pretend men and woman have equal
talent. They don't woman are so better phyxically than a man if
they had equal brain power they would have all the money in the
world and I would not be able to vivsit Nevada Brothels any more.
TM (remove Xs to reply)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 25 Jan 1998 02:21:32 GMT, an...@yfn.ysu.edu (David A. Scott) wrote:
> well I think guessing within 3 years is pretty fucking close.
>How old do you think I am kid. ANd don't show this stuff to your
>mommy or she will take your computer away. How second thought
>show some balls and show her how rnglish is misused in the net.
Well, by your incredible ability to express yourself, I would say 2,
but I guess I can't go by that. No wonder you don't use a spell
checker - your sentances are hard enough to read, let alone parse. And
honestly, I could care less how old you are. My experience is that
after a certain point, age is irrelevant. My mom would have a hard
time taking my computer away, because this is *my* computer. And yes,
she knows how ignorant and pathetic people on the internet can be.
> Sanity checks are no better than sanity napkins. WHen eirther is
>in use it just hids a smell. For most encrypt the method used
>is not understandable by the user. Most would have no fucking idea
>if DES or IDEA was in use. People only go by window dressing.
>PGP could have used my 8 bit encryption for the IDEA and no one
>who did not look at souce would know the difference.
Good comparison. Funny, but inaccurate. Yes, you can't trust an
encryption program unless you compiled it yourself. Sad, but true.
That's why I believe in open source code and the GNU liscense.
>>o Lack of peer review
> Hay it is there for the public. But thise who want me to for
> the review can just wait. The lack of a peer review in a formal
> setting is not my falut. IT will not happen since those high
> up are in bed wiht the NSA or they are dumb and the NSA has
> nothing to fear from them.
Yeah, I'm sure everyone who has peer-accepted algorithms out there is
certainly in bed with the NSA. Jesus. I'm not saying Scott16u is not
available for peer review, just that not much peer review has been
done, and any algorithm without at least 5 years of field testing
can't be considered secure.
>>o Error-propagating (this makes it bad for communications)
> Jesus kid. It is the communication envolopes that handle
> the errors. We have rapidily left the analog world behind
> file don't need to contain erroecting sequences especially
> encrytped files.
Analog or not, error propagation is something totally useless in
communications ciphers. Take a look at all the stream ciphers in use
in cell phones (not the US version, tho), faxes, etc. You are correct
is saying that error-propagation is valuable in file encryption, but
file encryption is not the same thing as communications encryption.
> then stay stupid kid
If you're what's smart, you can count on it.
>>Yes folks, you heard it here. Communication applications *need* to
>>have a non error-propagating cipher. There's a reason such ciphers
>>were developed. I mean, try talking to someone else who's ever written
>>or is writing a secure communications program. They will tell you, as
>>I have tried to, as is common sense, that you can't use the same
>>cipher for file encryption as for communications.
>>
> no it aint
You know, if only that made sense. No, what ain't what?
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQA/AwUBNMsEZgdZfH4UxP3mEQI6ZACfSe0utZOJ/NjmU4fhw+Zqc6dkhvUAn2Xm
OjYcun7Y+eOfUtxYsSncsG1a
=C0IE
TM (remove Xs to reply)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 25 Jan 1998 02:39:16 GMT, an...@yfn.ysu.edu (David A. Scott) wrote:
>Yes I might gtet a stroke my blodd pressure very high but
>got so stuff from a lady of the evening that has always
>lowered my pressure so not to worry. I thougth I was going
>to have to hop a plane to RENO since they have good medical
>facilites at the MUSTANG ranch.
I fail to see prostitution as anything but degrading for both parties.
Nice to see other people have different opinions, tho.
> The reason is I got in the 99+ percentile on my college entracne
>exaims in the math and science section. And in the cold war days
>they let is people in the low teens percentile for english pass.
>I also have a master degree in control theroy. But I think you
>mom would be happy to now I could never teach you anything in school
>since I can't pass the English part od test for teachers. If
>I was in school today I would never make college. I would never
>pass English, As it was in college I found the English section
>for the dumb jocks who scratch there balls all during class.
>Not a female in the class. Women are differnet then men they
>tend to be superior in ENglsih and such But we kick ass in math
>and sciece. You may not hear many reahers say that today since
>it is politically correct to pretend men and woman have equal
>talent. They don't woman are so better phyxically than a man if
>they had equal brain power they would have all the money in the
>world and I would not be able to vivsit Nevada Brothels any more.
Huh. I remember reading something about how they had to make English
classes at MIT mandatory, because no one could write a decent report.
Also, the reason why more males than females choose science over the
arts has less to do with brain function than social structures. Women
have equal brain power - some people, however are just plain dumb.
On a side note, I think it might be time to ship you back to the
brothel - you seem to be more cranky of late.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQA/AwUBNMsGDQdZfH4UxP3mEQKTOwCgrnXNmP3M6kFluVu9YNDEJX4PiQMAoOp2
9zKyZopvb/hfTOELxJal3nQ/
=QB1Q
Steve Sampson
David A. Scott wrote in message <6ae6ht$bnb$1...@news.ysu.edu>...
>
>In a previous article, ssam...@usa-site.net ("Steve Sampson") says:
>
>>
>>David A. Scott wrote
>>
>>> BULLSHIT AGAIN YOU DON"T KNOW WHAT THR FUCK YOUR SAYING
>>>Only a brain dead idoit would say it is insufficient. It covers
>>>the whole fucking spaace allowing all single cycle 16 bit tables
>>>to be use so hardly insufficient
>>
>>Besides having a filthy mouth, your spelling is borderline English.
>>Might I suggest that you use a mailer with a built-in spell-checker?
>>
>>If you are going to project yourself as being more of an expert than those
>>you wish to curse at, then you might want to actually be able to spell
>>just as good, if not better.
>
> I can't spell worht shit but so fucking what.
That should be:
"I can't spell worth shit, but so fucking what?"
Notice that it is really a form of a question. Thus, it should have a question
mark punctuation. Also, you need a comma in there, as you are moving
from a statement to a question.
You could also write it this way:
"I can not spell worth a darnn; however, why should that be important?"
If someone is going
>to decide how good my encryption is base on my speeliing I say
>fuck them.
If you can't spell, you can't document. If you can't document, your life
as a programmer will be limited. An employer will have to hire you and
one other to do the job normally done by one. Thus, most likely your
pay will be about half that of your peers.
With spelling like that, my employer wouldn't let you past the resume
stage. They have too much documentation to be performed.
> Sometimes I do use the spelling checker but it is slow
>and sometimes I don't spell near good enough to correct it any way
>and other times I spell correct words it is just they aren'y really
>the words I wanted to use.
There is nothing being said here, that couldn't be said an hour or two
later. Slow is fine. Spend a few hours on your reply. Then as you get
better, you will be surprised that you can spell almost automatically.
But if you insist on being lazy in this, then the group can only assume
you are of limited mental capacity, or state, and (if they haven't
already) just ignore you.
Right now, your spelling skills are about 4th grade level, so you
can understand why people don't want to read at that level.
I would suggest a good Community College. Go in, tell them your
English is poor and you want to improve. They will assign you a
tutor, and within a year, you will be able to double your wages.
> I some times wake up not sure if I can
>read, I don't think my brain wired the way most are.
> one of my best friends says I never will find a women like that
>Jack Niclious movie out something about happiness I already forgot
>the title. But I do go on.
It is possible you have a chemical imbalance. I would suggest a visit
to your doctor, and ask for an evaluation. Brains aren't defective in
wiring, they are defective in chemicals. Mostly through chemical abuse.
> And as long as there are sweet legal
>whores in NEvada life is still worht living.
I think that is known as an oxymoron, That is, a "sweet whore."
Whores are in business to make money. Mostly to satisfy their
drug habit. A female or male prostitute is the last place you should
go to get your ego stroked.
You need to change. Someone has to tell you. You may not like this,
and I will become another person to curse at, but through a little
work now, your life can improve in ways you never dreamed. You may
even begin to appreciate yourself.
Steve
David A. Scott
In a previous article, xmxexsx...@xjxpxsx.xnxextx (TM remove Xs to reply)) says:
>checker - your sentances are hard enough to read, let alone parse. And
I didn't know 16 year olds are even acquainted with words like parse.
>Well, by your incredible ability to express yourself, I would say 2,
>but I guess I can't go by that. No wonder you don't use a spell
>honestly, I could care less how old you are. My experience is that
>after a certain point, age is irrelevant. My mom would have a hard
>time taking my computer away, because this is *my* computer. And yes,
>she knows how ignorant and pathetic people on the internet can be.
Well you take about your mon do you have a dad. If not maybe
your mom and I could get together. She could clean up my act.
>
>> Sanity checks are no better than sanity napkins. WHen eirther is
>>in use it just hids a smell. For most encrypt the method used
>>is not understandable by the user. Most would have no fucking idea
>>if DES or IDEA was in use. People only go by window dressing.
>>PGP could have used my 8 bit encryption for the IDEA and no one
>>who did not look at souce would know the difference.
>
>Good comparison. Funny, but inaccurate. Yes, you can't trust an
>encryption program unless you compiled it yourself. Sad, but true.
>That's why I believe in open source code and the GNU liscense.
>
I use GNU also. But I thought the comparision perfect.
If you really want to be a help down load my software and
clean up the ENGLISH in it. OK? You can change the user interface
if you like. ALso 2 people aksed for a copy but ssytem dumped
and I lst the messages so if you are there write back or look
at site in signature.
>>>o Lack of peer review
>> Hay it is there for the public. But thise who want me to for
>> the review can just wait. The lack of a peer review in a formal
>> setting is not my falut. IT will not happen since those high
>> up are in bed wiht the NSA or they are dumb and the NSA has
>> nothing to fear from them.
>
>Yeah, I'm sure everyone who has peer-accepted algorithms out there is
>certainly in bed with the NSA. Jesus. I'm not saying Scott16u is not
>available for peer review, just that not much peer review has been
>done, and any algorithm without at least 5 years of field testing
>can't be considered secure.
I think as computers advance in speed and memory cability 5 years
may be the life span of any good crypto and then new stuff needed.
>
>>>o Error-propagating (this makes it bad for communications)
>> Jesus kid. It is the communication envolopes that handle
>> the errors. We have rapidily left the analog world behind
>> file don't need to contain erroecting sequences especially
>> encrytped files.
>
>Analog or not, error propagation is something totally useless in
>communications ciphers. Take a look at all the stream ciphers in use
>in cell phones (not the US version, tho), faxes, etc. You are correct
>is saying that error-propagation is valuable in file encryption, but
>file encryption is not the same thing as communications encryption.
>
I see where you are coming from now adn you are right for now.
But things still in a state of flux. And contrary to what you
hear or belielw I don't think my stuff is for everything.
>> then stay stupid kid
>
>If you're what's smart, you can count on it.
I am more of an idoit savant according to close
friends. You don't have to be like me. You can't since
your to dam good at english.
>"I never set out to be weird. It was always the other people
> who called me weird."
>-- Frank Zappa --
Your funny phasre at end sucks it does not seem to belong
to you why not be yourself and pick something better suited
I don't think I fit it either but If a vote was taken I am
sure that people would expect that kind of crap at the end
of my messages not yours.
>
>http://www.sinnerz.com/tmessiah/
Kid I tried to go here and I don't need a fucking better
browser. You need to make it LYNX compatible. So people
who have some respect for bandwith don't have to flood
the internet with waste bits. Also Lynx more resistant
to attack by people who know just what the fuck to do to
screw your PC. with your fancy fucking browsers that do
shit behind the scenes on your hard drive. THere are some
neat sites you can visit but I don't wish to advertise
there locations if still there that will crash or take
over your machine.
David A. Scott
In a previous article, xmxexsx...@xjxpxsx.xnxextx (TM remove Xs to reply)) says:
>
>On 25 Jan 1998 02:39:16 GMT, an...@yfn.ysu.edu (David A. Scott) wrote:
>
>>Yes I might gtet a stroke my blodd pressure very high but
>>got so stuff from a lady of the evening that has always
>>lowered my pressure so not to worry. I thougth I was going
>>to have to hop a plane to RENO since they have good medical
>>facilites at the MUSTANG ranch.
>
>I fail to see prostitution as anything but degrading for both parties.
>Nice to see other people have different opinions, tho.
While you lead a sheltered life. Most people don't like it.
If I had a wife who was loving and put out I mostlikey would never
had found out how sweet some of them are. Of course your illegal
drug and HIV infected prostittutes that are in most states is a
direct result of not making it legal and regulated like it should bee.
I thought some where in the bible it says better to shoot it off
in the belly of a whore than to spill your seed on the ground.
At least that was sort of what some one told me one time. If some
can write back to me giving chapter and verse and version of bible
I will write it down.
>
>
>Huh. I remember reading something about how they had to make English
>classes at MIT mandatory, because no one could write a decent report.
>Also, the reason why more males than females choose science over the
>arts has less to do with brain function than social structures. Women
>have equal brain power - some people, however are just plain dumb.
Kid that is crap sure the bell curves over lap but there
brains on the average smaller than mans. And that is fucking
facts they use to teach in school. But i suppose do to dumbing
down of america they are afraid to teach the truth. ANy more
since it is better to assume woman and men the same. If men and
woman the same then there should be as many male prostitutes as
women. THere isn't. Woman in general lack the ability to grasp
certain mathematical things. That is on the average. IT has less
to do with how one is rasied then you belive. Of course since the
distributions overlap you will find some woman good in math and
science just not as many. For some reasom woman are best language
translators. REad about identical twin studies of twins raseosed
totally different it shocks people just how little envornment has
to do wiht behaviors and talents.
>
>On a side note, I think it might be time to ship you back to the
>brothel - you seem to be more cranky of late.
Well if your can raise the money I would be willing togo.
However you will not be able to go wiht me till you are 18
unless you can get a note from a doctor saying it would help
you.
macck
In article <34C9E977...@telecommm.com>, go...@telecommm.com says...
>
>David A. Scott wrote:
>[snip]
>> out there. I don't think I am doing a good job mostly idiots who
>> think they know something write back. Without every even testing
>> it. Nothing personall but I take forn your comments you never tried
>> it either.
>
>David,
>
>Could you post a detailed description of your algorithm? I.e enough
>to actually implement it independently. I searched for such a
>description (or any description) and could not find one. This way
>people could search for weaknesses in the algorithm, and they could
>even do this if they were living outside the US.
>
>If the algorithm passes said scrutiny, it would be worth using. But
>until it does, people would be silly to use an unknown algorithm.
>(why should I trust you any more than the NSA, for all _I_ know, you
>might work for them :-)
>
> gordon.
>
Try the sci.crypt archives I believe it was posted here by someone
anonymously. Remember exporting cryptographic technology is still a
felony in America.
--
Mack
See the three new X8 ciphers, including the technical paper X8.TXT
and the reference implementation (feedback requested):
http://www.users.zetnet.co.uk/hopwood/crypto/scott16/x8.zip
http://www.sni.com/~mpj/crypto.htm under Encryption Libraries as X8.ZIP.
David A. Scott
In a previous article, ssam...@usa-site.net ("Steve Sampson") says:
>
>David A. Scott wrote in message <6ae6ht$bnb$1...@news.ysu.edu>...
>> I can't spell worht shit but so fucking what.
>
>That should be:
>
> "I can't spell worth shit, but so fucking what?"
are you sure. I use comma where there is a pasue i read them similar
except a pause and question wanting an anwser. I didn't use a ? since
I really just making a staement and nt asking a question. But thanks
for catching it. I problee did it worng. Just telling why I did it way
I did it. But my english sucks.
>
>Notice that it is really a form of a question. Thus, it should have a question
>mark punctuation. Also, you need a comma in there, as you are moving
>from a statement to a question.
>
>You could also write it this way:
>
> "I can not spell worth a darnn; however, why should that be important?"
>
BUt that is more words. is not short and sweet better why waste words.
darnn canbe confused as a little baby talking or sewing or knitting and
which way have you heard people speak.
> If someone is going
>>to decide how good my encryption is base on my speeliing I say
>>fuck them.
>
>If you can't spell, you can't document. If you can't document, your life
>as a programmer will be limited. An employer will have to hire you and
>one other to do the job normally done by one. Thus, most likely your
>pay will be about half that of your peers.
That depends. WHen I worked for the governament I made it to top
step. Since I had the ability to make the fucking shit work. I know
I was hated my most management but when programs got tight or problems
could not be solved I was ht one called in. When you work on black shit
they are desparte to get things to work. Now i did go out as cold war
ended. Put if things turn to shit as it may when things become 2000
I may go back to high pay. Or if the guy in IRAQ starts knocking planes
out of the sky like they were carrier pigieons than I will work again.
The problem now wiht cold war the volume of documentation and the
ability to look busy while being politically correct it everything.
But little real work is being done and as we sit on are fat smug
asses the chinese will kick our butts someday. Don't get me wrong
there are good governemnt programers who can write. BUt they
don;t like the back stabbing or the fact no one in charge can tell
good code from bad code so they are leaving too.
>
>With spelling like that, my employer wouldn't let you past the resume
>stage. They have too much documentation to be performed.
well where I worked we had teck writters. Or sometimes I wrote
the code for anohter employee (a woman) and she did all the
documenting. It was great till she retired.
>
>> Sometimes I do use the spelling checker but it is slow
>>and sometimes I don't spell near good enough to correct it any way
>>and other times I spell correct words it is just they aren'y really
>>the words I wanted to use.
>
>There is nothing being said here, that couldn't be said an hour or two
>later. Slow is fine. Spend a few hours on your reply. Then as you get
>better, you will be surprised that you can spell almost automatically.
>But if you insist on being lazy in this, then the group can only assume
>you are of limited mental capacity, or state, and (if they haven't
>already) just ignore you.
Your ok
>Right now, your spelling skills are about 4th grade level, so you
>can understand why people don't want to read at that level.
>I would suggest a good Community College. Go in, tell them your
>English is poor and you want to improve. They will assign you a
>tutor, and within a year, you will be able to double your wages.
I make enough to feed myself and supply a few whores with money
what else is there. I have had special tutoring adn several
english classes it don't get better.
>
>> I some times wake up not sure if I can
>>read, I don't think my brain wired the way most are.
>> one of my best friends says I never will find a women like that
>>Jack Niclious movie out something about happiness I already forgot
>>the title. But I do go on.
>
>It is possible you have a chemical imbalance. I would suggest a visit
>to your doctor, and ask for an evaluation. Brains aren't defective in
>wiring, they are defective in chemicals. Mostly through chemical abuse.
Well since Uncle was always taking my piss and I don't use
drugs if they gave a rats ass they sould of tested for imbalances
if they didn't then they did not care.
>
>> And as long as there are sweet legal
>>whores in NEvada life is still worht living.
>
>I think that is known as an oxymoron, That is, a "sweet whore."
>Whores are in business to make money. Mostly to satisfy their
>drug habit. A female or male prostitute is the last place you should
>go to get your ego stroked.
I think you confuse the sweet WHores of NEVADA with the common
whores found in most of america. They are as different as night
and day. I sir on this topic speak with experience, DO YOU??
>
>You need to change. Someone has to tell you. You may not like this,
>and I will become another person to curse at, but through a little
>work now, your life can improve in ways you never dreamed. You may
>even begin to appreciate yourself.
I don't curse you for this. Thanks for the advise. I wish you
or an ENGLISH expert would clean up comments in scott16u.zip
Feel free to do so.
David A. Scott
In a previous article, ma...@linknet.net (macck) says:
>In article <34C9E977...@telecommm.com>, go...@telecommm.com says...
>>
>>David A. Scott wrote:
>>[snip]
>>> I didn't take it personally. Just trying to wake the brain dead
>>> out there. I don't think I am doing a good job mostly idiots who
>>> think they know something write back. Without every even testing
>>> it. Nothing personall but I take forn your comments you never tried
>>> it either.
>>[snip]
>>
>>David,
>>
>>Could you post a detailed description of your algorithm? I.e enough
>>to actually implement it independently. I searched for such a
>>description (or any description) and could not find one. This way
>>people could search for weaknesses in the algorithm, and they could
>>even do this if they were living outside the US.
>>
>>If the algorithm passes said scrutiny, it would be worth using. But
>>until it does, people would be silly to use an unknown algorithm.
>>(why should I trust you any more than the NSA, for all _I_ know, you
>>might work for them :-)
>>
>> gordon.
>>
>
>Try the sci.crypt archives I believe it was posted here by someone
>anonymously. Remember exporting cryptographic technology is still a
>felony in America.
GORDON I LOST YOUR MAIL.
Yes I think it was the original version that was posted. But it
was weak to "choosen plaintext attack" and there where weak keys
that I found in using DIEHARD tests. You really need to see
the SCOTT16U.ZIP version. Just go to MJP arhive like
macck's x8.zip When at the site go to the raw ftp area not
the area in front that says file encryption or what ever.
in the directory new/ it is there. And since this is macck
letter I one time moded his to work wiht GNU C also his
code neater looking if you want use X8 if macck does not
mind and you can mode it to do the same encryption as
scott16u.zip. THe hopwood guy mentioned below was one
time letting it at over seas if you beg but I think
he hates me know. But I still owe him a beer if we
ever meet.
>
>--
>Mack
>See the three new X8 ciphers, including the technical paper X8.TXT
>and the reference implementation (feedback requested):
>http://www.users.zetnet.co.uk/hopwood/crypto/scott16/x8.zip
>http://www.sni.com/~mpj/crypto.htm under Encryption Libraries as X8.ZIP.
>
>
>
--
W T Shaw
In article <34cb025a...@news.jps.net>,
xmxexsx...@xjxpxsx.xnxextx (TM (remove Xs to reply)) wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 25 Jan 1998 02:21:32 GMT, an...@yfn.ysu.edu (David A. Scott) wrote:
>
> > well I think guessing within 3 years is pretty fucking close.
> >How old do you think I am kid. ANd don't show this stuff to your
> >mommy or she will take your computer away. How second thought
> >show some balls and show her how rnglish is misused in the net.
>
> Well, by your incredible ability to express yourself, I would say 2,
> but I guess I can't go by that. No wonder you don't use a spell
> checker - your sentances are hard enough to read, let alone parse. And
> honestly, I could care less how old you are. My experience is that
> after a certain point, age is irrelevant. My mom would have a hard
> time taking my computer away, because this is *my* computer. And yes,
> she knows how ignorant and pathetic people on the internet can be.
>
Age is irrelevant, except if you are young, you have more time to fully
take advantage of the more intelligent things you have already come up
with. Good luck for all your years.
As of DS, having been accused mysel fof not using the best of grammar and
taking adequate care to be clear, concise, and avoid stupid clerical
mistakes, don't sent him away; he makes my style look so much better than
if no bottom end of the composition scale were there to replace me.
To DS from BS(that's what my HS ag teacher always calls me, even after
30++ years), grammar ain't that important after all; but, occasional crap
is hard to miss in any language; a little of it adds fragrance to events,
but too much is a bother
--
wts...@itexas.net--crypto: maintaining the right to develop,
publish, and distribute works of my own creation.
A person is free if limited only my his own imagination.
W T Shaw
In article <34cc04e5...@news.jps.net>,
xmxexsx...@xjxpxsx.xnxextx (TM (remove Xs to reply)) wrote:
> On 25 Jan 1998 02:39:16 GMT, an...@yfn.ysu.edu (David A. Scott) wrote:
>
> Huh. I remember reading something about how they had to make English
> classes at MIT mandatory, because no one could write a decent report.
>
I talked with my freshman composition teacher a few months ago. She made
the same complaint, as she did decades ago. It is pretty well a trite
attack. Carefully following instructions is important, impossible if you
do not know them. I knew them in advance, so at least I got grade points
in that class; noone else in the thirty of so got any. Being on the
internet is so casual that you let your guard down, and are tempted to be
lax, not following the old rules.
Now, when it comes to making a scientific description, it is time to take
care since good science requires being adequate. Again, being somewhat
lax, we tend to report premature hunches, something almost never published
in traditional forms of scientific literature.
TM (remove Xs to reply)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 25 Jan 1998 16:49:31 GMT, an...@yfn.ysu.edu (David A. Scott) wrote:
> While you lead a sheltered life. Most people don't like it.
>If I had a wife who was loving and put out I mostlikey would never
>had found out how sweet some of them are. Of course your illegal
>drug and HIV infected prostittutes that are in most states is a
>direct result of not making it legal and regulated like it should bee.
>I thought some where in the bible it says better to shoot it off
>in the belly of a whore than to spill your seed on the ground.
>At least that was sort of what some one told me one time. If some
>can write back to me giving chapter and verse and version of bible
>I will write it down.
You know, all your rationalization seems pathetic. And who cares what
the Bible says about whoring? It also says don't have sex out of
wedlock.
> Kid that is crap sure the bell curves over lap but there
>brains on the average smaller than mans. And that is fucking
>facts they use to teach in school. But i suppose do to dumbing
>down of america they are afraid to teach the truth. ANy more
>since it is better to assume woman and men the same. If men and
>woman the same then there should be as many male prostitutes as
>women. THere isn't. Woman in general lack the ability to grasp
>certain mathematical things. That is on the average. IT has less
>to do with how one is rasied then you belive. Of course since the
>distributions overlap you will find some woman good in math and
>science just not as many. For some reasom woman are best language
>translators. REad about identical twin studies of twins raseosed
>totally different it shocks people just how little envornment has
>to do wiht behaviors and talents.
Neaderthals had a larger brain than modern humans, but they were less
intellegent. The reason why there are more female protitutes than male
is because most women don't like the idea of having sex with someone
they don't know. For someone your age, you know astonishingly little
about women. No wonder you haven't found a loving wife. Also, by
looking at the fact that there are less women in the sciences, you
derive the conclusion that women aren't as good as men in the
sciences. You seem to totally overlook the power of our rigid social
structures.
> Well if your can raise the money I would be willing togo.
>However you will not be able to go wiht me till you are 18
>unless you can get a note from a doctor saying it would help
>you.
No thanks, I'd rather not degrade myself for a cheap fuck.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQA/AwUBNMvNMwdZfH4UxP3mEQJXIgCfeRGrhPyQVEI/RUuwisFRKah6BR8AoKwo
i20aVrKonmVl6zvyrvZGdqQY
=QSf6
David A. Scott
In a previous article, wts...@itexas.net (W T Shaw) says:
>
>Now, when it comes to making a scientific description, it is time to take
>care since good science requires being adequate. Again, being somewhat
>lax, we tend to report premature hunches, something almost never published
>in traditional forms of scientific literature.
>--
That is why I publish the source code. it does a better job of
saying what I am doing than what I can say in ENglish.
David A. Scott
In a previous article, xmxexsx...@xjxpxsx.xnxextx (TM remove Xs to reply)) says:
>
>No thanks, I'd rather not degrade myself for a cheap fuck.
>
Good boy but I think we lost the thead somewhere and it may
have been my fault. So to you people if any are following this
at all sorry. I should not argue with childrem.
But give scott16u.zip a shot. i will try to stay more on
topic. and KID if you want to argue write me dirsct ok?
David A. Scott
In a previous article, enterro...@t-online.de (Andreas Enterrottacher) says:
>Conderning the security of wrapped PCBC:
>
>Standard PCBC was used to do authentisation and blockchaining at the
>same time.
>
>It isn't used any more in Kerberos, because it is possible to exchange
>two blocks. This will destroy both blocks - all other blocks will
>survive. If your integrity check tests only the last blocks, you won't
>find the destroyed blocks and think, the file would be ok.
I am not sure why you are asking. My published code use what
I call "wrapped PCBC" but it is not PCBC. I made it up since that
is what it is closet to. Note PCBC is for one pass chainging.
If One use at least 3 layers of Wrapped PCBC in an incryption.
Then if an attacker changes two blocks by swapping the whole
decrypted file is changed so the attempt would be noticed and it
would afffect the whole file.
>
>This shows, that PCBC is useless as an integrity check if the attacker
>wants to hide the destruction he caused.
It shows regular PCBC is useless as an integrity check. But
not wrapped PCBC
>
>What way did you solve this problem when developing wrapped PCBC?
Do a test the problem is not there?
David A. Scott
In a previous article, enterro...@t-online.de (Andreas Enterrottacher) says:
>Andreas Enterrottacher wrote:
>>
>> Conderning the security of wrapped PCBC:
>Sorry: An error occured:
>
>>
>> Standard PCBC was used to do authentisation and blockchaining at the
> ^^^^^^^^^^^^^^
>Of course not authentisation, but integrity check.
>
>> same time.
>>
>> It isn't used any more in Kerberos, because it is possible to exchange
>> two blocks. This will destroy both blocks - all other blocks will
>> survive. If your integrity check tests only the last blocks, you won't
>> find the destroyed blocks and think, the file would be ok.
>>
>> This shows, that PCBC is useless as an integrity check if the attacker
>> wants to hide the destruction he caused.
>>
>> What way did you solve this problem when developing wrapped PCBC?
>>
the folling is a test using actual scott16u I hope it anwsers
you question.
this is orginal file for test using scott16u and
the key is a 3 character file "f18" as the key
what follows is a series of hex dumps of files envovled
0000 54 68 69 73 20 69 73 20 61 20 74 65 73 74 2E 0D *This is a test..*
0010 0A . . . . . . . . . . . . . . . *.*
number of bytes is 17
here is encrypted output file from above.
0000 86 6C F0 D7 9D 23 59 46 D4 FD 35 20 B1 CD 3A CC *.l...#YF..5 ..:.*
0010 81 . . . . . . . . . . . . . . . *.*
number of bytes is 17
this is a 2 block swap that bothered you
0000 86 6C F0 D7 9D 46 D4 23 59 FD 35 20 B1 CD 3A CC *.l...F.#Y.5 ..:.*
0010 81 . . . . . . . . . . . . . . . *.*
number of bytes is 17
this is decrypted output from above file
0000 FE 1B A6 7E 00 D7 35 17 93 2A EF DA 2A 3F 27 4A *...~..5..*..*?'J*
0010 90 . . . . . . . . . . . . . . . *.*
number of bytes is 17
due to nature of 16bit boundaries here is alternate test
0000 86 6C F0 D7 9D 23 D4 FD 59 46 35 20 B1 CD 3A CC *.l...#..YF5 ..:.*
0010 81 . . . . . . . . . . . . . . . *.*
number of bytes is 17
see it still fails no tricky two blocks only changed
0000 9F 68 1F 35 3E B3 F3 61 88 17 E0 BC 06 81 55 A0 *.h.5>..a......U.*
0010 2A . . . . . . . . . . . . . . . ***
number of bytes is 17
I hope this shows what you want as you can see the problem is
not there. But you could have tested this your self.
Bryan G. Olson; CMSC (G)
David A. Scott (an...@yfn.ysu.edu) wrote:
: Put if things turn to [****] as it may when things become 2000
: I may go back to high pay. Or if the guy in IRAQ starts knocking planes
: out of the sky like they were carrier pigieons than I will work again.
Net users with professional aspirations might want to
keep it mind that it is now common practice to do a
brief net-search when evaluating candidates for
technical positions.
--Bryan
Peter Smith
>
> Net users with professional aspirations might want to
> keep it mind that it is now common practice to do a
> brief net-search when evaluating candidates for
> technical positions.
People should be able to speak their minds, snoops or not. Shakespeare
spelt his own name at least six different ways. Note the above '[****]'
was the word 'shit' in the original post, a most censorious misspelling.
David A. Scott
In a previous article, ol...@umbc.edu (Bryan G. Olson; CMSC G)) says:
>David A. Scott (an...@yfn.ysu.edu) wrote:
>
>: Put if things turn to [****] as it may when things become 2000
>: I may go back to high pay. Or if the guy in IRAQ starts knocking planes
>: out of the sky like they were carrier pigieons than I will work again.
>
>Net users with professional aspirations might want to
>keep it mind that it is now common practice to do a
>brief net-search when evaluating candidates for
>technical positions.
>
Don't let this freedom robbing person scare you. What you do
on your on time is your business. If the company is so concerned
about your off time use of net. Then they are probibily not
worth working for anyway. The net should be where you are free.
macck
In article <6ad2sj$3ls$1...@news00.btx.dtag.de>, enterro...@t-online.de
>
>David A. Scott wrote:
>>
[snip]
>> They still would not be able to recover the information due to
>> the "wrapped PCBC" type of chainning. And yes one could use
>> DES or IDEA or BlOWFISH to do this kind of chainning if one
>> wished but I have not seen it done elsewhere.
>
>The decryption of a 1-megabyte file needs 2^17 times longer than the
>decryption of a 64-bit block. If we had to brute-force it, this would
>add 17 bit of strength.
>
>All other kinds of cryptanalysis may or may not become difficulter -
>they could as well become simpler.
If you use the PCBC or wrapped PCBC method with a different block cipher
then the analysis cannot be easier than the underlying cipher if ECB mode.
[snip]
>> >Even the 128 bit used in IDEA should be enough to keep people from
>> >brute-forcing a cipher.
>>
>> I might belive this if one used wrapped PCBC wihtit.
>>
>
>So you would as well think, DES with PCBC would be strong?
>
It would certainly be stronger if it used PCBC with a 'keyed' round.
That is different keys for the DES in each wrapped PCBC round.
[snip]
>> no just the right size
>
>Too large for key-exchange.
I beleive that the keying method doesn't require long key, The
key can be much shorter. Any key of length 256 bits should produce
a different table. Finding which table is produced is not considerably
easier unless I have missed something in the past few months.
>> >o Key-generation is far too slow to use the cipher within a network.
>> no
>
>Even blowfish needs horribly long for a cipher used in a network.
>You cipher can't handle frequent change of the key.
Finding good methods of producing secure keys is an ongoing task.
Specifically finding a 'good' method of producing keyed tables.
Shuffling algorithms generally take N steps for an N element table.
An 8 bit table such as produced for blowfish (4 tables) takes time.
I don't agree with the AES search criteria of 'one size fits all'.
Different algorithms have different strengths. Of course the AES
search specifically excludes stream ciphers which are normally used
to handle network traffic. RC4 is a good example of a fast stream
cipher that could be used in a network situation.
>> >o The amount of data needed by SCOTT16 is too large for many kinds
>> > of hardware.
>> memory prices dropping
>> > It's not only impossible to use SCOTT16 on a smartcard, you will in
>> > truble when coding many channels at the same time with different
>> > keys on ANY hardware.
>> maybe
>> >o A single biterror will destroy the whole message.
>> that is fucking right. use crc for block transfers if a
>> block has an error resend it.
>
>For many purposes it's better to live with the error - secure phones,
>for example.
>
The wrapped PCBC method is not applicable to transmission streams. It is
a large block cipher. This would be most useful in a file situation for
archiving or where large file blocks are encrypted.
>> >o It's impossible to read parts of a message before having received
the
>> > whole message.
>> Know you are starting to understand
>
>Because of this, it's useless for encrypting datastreams.
>I want to read the first part of a textfile wile the rest is on the way.
>
Yes there are much better systems for encrypting datastreams, SCOTT16
is a file encryption system not a data stream encryption system.
>Besides: It's as well useless for a secure file system.
>
Not true, In an archive file system it performs well I based my X8
series ciphers on some of the same principles. However the X8 series
were designed for file systems that could be used on an 8 bit processor.
For example an encrypting disk controller. Most modern disk systems
access a track at a time and store it in cache. Certainly the SCOTT16
cipher could be used in such a situation, to decrypt or encrypt a track
at a time. I think using 8K clusters would be more efficient.
I currently have all of my partitions set to 8K clusters.
>> >
>> >Above all, PGP is a complete system, while SCOTT16 is only one component:
>> >The symmetric cipher.
>> for know but like MPJ said earlier it has a very unique chainning method
>unique is not the same as good.
It appears to be a good chaining method if error recovery is not
desired. Error recovery is not nessissarily a function of the encryption
method. The transmission protocol should handle error recovery.
[snip]
>> --
>> "http://www.sni.net/~mpj/crypto.htm" MPJ's North American Strong Cry
>> ptographic Software Archive Look under the FTP file archive in
>> the \new Directory to get scott16u.zip
>
>Andreas Enterrottacher
>enterro...@t-online.de
>enterro...@lrz.tu-muenchen.de
>
--
tbb...@mail.lrz-muenchen.de
On 24 Jan 1998, Andreas Enterrottacher wrote:
> Besides: It (SCOTT16) is as well useless for a secure file system.
>
You will have to encrypt data in blocks or PCBC would be useless.
I'd say, the smallest acceptable block is a 512 byt block on a disk.
Because of this, you will have to decrypt a 512 bit block even if you
want to read only one byte.
The fraction of time you are wasting is as large as the amount of
additional time the attacker needs to break the cipher.
Andreas Enterrottacher
enterro...@lrz.tu-muenchen.de
enterro...@t-online.de
J.A. Terranson
Steve Sampson <ssam...@usa-site.net> wrote in article
<6adb5j$5...@snews2.newsguy.com>...
>
> David A. Scott wrote
>
> > BULLSHIT AGAIN YOU DON"T KNOW WHAT THR FUCK YOUR SAYING
> >Only a brain dead idoit would say it is insufficient. It covers
> >the whole fucking spaace allowing all single cycle 16 bit tables
> >to be use so hardly insufficient
>
Might I suggest that the focus of this NG has shifted from the exploration
of cryptographic
concepts to the exploration of David's cryptographically impaired
personality?
I have read through most of this thread, and have learned only that David
foams a lot
when talking, and that *everyone* here enjoys making him do this. Even
though
David doesn't seem to understand what is happening (in the NG, the Country,
the PLANET?),
the rest of you are nevertheless leading him into an early grave. Yes,
it's funny. But no, it's
really not productive...
MHO,
J.A. Terranson
sya...@mfn.org
OFFICE 97: Bloatware on a weight gain diet;
WINDOWS 95: A computer virus with mouse support;
WINDOWS NT: A lifetime hotfix service, complete with starter CD.
Jay Holovacs
David A. Scott <an...@yfn.ysu.edu> wrote in article
<6ahroh$akc$1...@news.ysu.edu>...
>
> In a previous article, ol...@umbc.edu (Bryan G. Olson; CMSC G)) says:
>
> >
> >Net users with professional aspirations might want to
> >keep it mind that it is now common practice to do a
> >brief net-search when evaluating candidates for
> >technical positions.
> >
> Don't let this freedom robbing person scare you. What you do
> on your on time is your business. If the company is so concerned
> about your off time use of net. Then they are probibily not
> worth working for anyway. The net should be where you are free.
>
Morally, you are right. In the real world, however, where a hiring decision
is on such intangibles as how confidently you answer a question and whether
you look the interviewer in the eye, where background checks are common,
it's amazing how a controversial statement can influence the choice,
especially if there are other qualified candidates.
This is not an argument to keep quiet, but just be sure what you say will
not make you uncomfortable 2 years from now.
Jay
Bryan G. Olson; CMSC (G)
Jay Holovacs (holo...@idt.net) wrote:
: Morally, you are right. In the real world, however, where a hiring decision
: is on such intangibles as how confidently you answer a question and whether
: you look the interviewer in the eye, where background checks are common,
: it's amazing how a controversial statement can influence the choice,
: especially if there are other qualified candidates.
It's not a background check. I always net-check candidates,
but I don't follow pointers into talk.*. If I'm looking at
an applicant for a technical position, why on earth shouldn't
I read what he's written in sci or comp groups?
--Bryan
W T Shaw
In article <6aubl5$3er$1...@news.umbc.edu>, ol...@umbc.edu (Bryan G. Olson;
CMSC (G)) wrote:
This is all the more reason for some to be a bit anonymous in posting. Use
some nickname or other that would never appear on an application.
Patrick Juola
In article <wtshaw-3101...@207.101.116.55> wts...@RadioFreeTexas.spamstop.com (W T Shaw) writes:
>In article <6aubl5$3er$1...@news.umbc.edu>, ol...@umbc.edu (Bryan G. Olson;
>CMSC (G)) wrote:
>
>> Jay Holovacs (holo...@idt.net) wrote:
>>
>> : Morally, you are right. In the real world, however, where a hiring decision
>> : is on such intangibles as how confidently you answer a question and whether
>> : you look the interviewer in the eye, where background checks are common,
>> : it's amazing how a controversial statement can influence the choice,
>> : especially if there are other qualified candidates.
>>
>> It's not a background check. I always net-check candidates,
>> but I don't follow pointers into talk.*. If I'm looking at
>> an applicant for a technical position, why on earth shouldn't
>> I read what he's written in sci or comp groups?
>>
>This is all the more reason for some to be a bit anonymous in posting. Use
>some nickname or other that would never appear on an application.
I'd advise against it, and suggest instead that you simply avoid making
an asshole of yourself on the net unless you are willing to take the
consequences. Wearing my corpus-linguist hat, I can assure you that
simply publishing under a pseudonym will *NOT* prevent people from
determining whether or not you wrote some particular piece of deathless
prose -- or utter and abhorrent gibberish. Stylometry is fairly easy
to do, and particularly in a job-application situation, where the standards
of proof are relaxed, it's just a question of whether or not someone
is willing to take the trouble to run any of the zillions of tests
on their news feed.
At the moment, that's probably impractical, although no more
impractical than someone like DejaNews archiving all of News or
AltaVista searching the entire Web. Perhaps there's even a business
opportunity out there for someone to calculate stylometry vectors
based on a news feed and provide them on request to potential
employers. As disks, cpus, and bandwidth continue to get cheaper,
the impracticality will grow less and less.
-kitten
W T Shaw
In article <6avks0$gde$1...@news.ox.ac.uk>, pat...@gryphon.psych.ox.ac.uk
(Patrick Juola) wrote:
> In article <wtshaw-3101...@207.101.116.55>
wts...@RadioFreeTexas.spamstop.com (W T Shaw) writes:
> >>
> >This is all the more reason for some to be a bit anonymous in posting. Use
> >some nickname or other that would never appear on an application.
>
> I'd advise against it, and suggest instead that you simply avoid making
> an asshole of yourself on the net unless you are willing to take the
> consequences. Wearing my corpus-linguist hat, I can assure you that
> simply publishing under a pseudonym will *NOT* prevent people from
> determining whether or not you wrote some particular piece of deathless
> prose -- or utter and abhorrent gibberish. Stylometry is fairly easy
> to do, and particularly in a job-application situation, where the standards
> of proof are relaxed, it's just a question of whether or not someone
> is willing to take the trouble to run any of the zillions of tests
> on their news feed.
I well aware of identification through style, an area I once did lots of
formal research in. But, mundane comments are not necessarily that
deterministic. Some view trivial interests as a distraction, while other
view such as illustrating personal depth; neither is more than an
philosophical preference.
Suppose that person X posted anti-Barney comments. While being of
non-importance to some people, to some personel hack might use them to
justify their treatment of an applicant, even though it had no
relationship to the job in question. Picking people because they do not
have strong opinions, or because they do, or because of some measure
against unseen political correctness does not seem to be a high moral
calling.
> At the moment, that's probably impractical, although no more
> impractical than someone like DejaNews archiving all of News or
> AltaVista searching the entire Web. Perhaps there's even a business
> opportunity out there for someone to calculate stylometry vectors
> based on a news feed and provide them on request to potential
> employers.
I can see it now, to be included with an employment application, a release
to search your traces at your ISP, along with you medical, employment, as
well as court records. It's just a matter of time.
Patrick Juola
I would be surprised to find any significant subset of personnel
employees that I would regard as having a "high moral calling"; in
my admittedly biased opinion, they usually rank somewhere between
used-car salesmen and drug dealers.
You're conflating two issues -- one is the question of "should they",
and the other is the question of "can they". Using an anonymous
handle for postings, however, addresses neither of those issues.
>I can see it now, to be included with an employment application, a release
>to search your traces at your ISP, along with you medical, employment, as
>well as court records. It's just a matter of time.
Probably is. But the solution isn't to develop *ineffective* technical
countermeasures, is it?
-kitten
Steve Sampson
I've added you to my worldwide database of un-hirable.
This database contains 180,000 names of people who posted articles
favoring authoritarian regimes, federalism, or just because they voted
Democrat after 1990.
To get off the list, please send $35 to the RNC, in care of:
Fascist Trackers USA/GB/Argentina
Steve
Patrick Juola wrote
Patrick Juola
In article <6b1sea$n...@snews1.newsguy.com> "Steve Sampson" <ssam...@usa-site.net> writes:
>I've added you to my worldwide database of un-hirable.
>
>This database contains 180,000 names of people who posted articles
>favoring authoritarian regimes, federalism, or just because they voted
>Democrat after 1990.
Cool! One more person demonstrating the omnipresence of small-minded
bean counters and the utter futility of trying to please all the people
all the time.
So tell me, did I get put on as "-kitten"?
Of course, I'm dreadfully scared by the possibility of this sort
of black list, and therefore will immediately change my handle.
What reassurance do I have, other than <giggle> your innate sense
<chortle> of <wheeze> honor and <chuckle> decency, that you won't
immediately link my new handle to my old one?
Let's face it, guys.... Usenet is a public medium. Anything you
post out there *will* be misused -- and there ain't no such thing
as untraceable anonymity.
-kiTTen
(n.b. new spelling, see!)
W T Shaw
In article <6b17t6$lnu$1...@news.ox.ac.uk>, pat...@gryphon.psych.ox.ac.uk
(Patrick Juola) wrote:
>
> I would be surprised to find any significant subset of personnel
> employees that I would regard as having a "high moral calling"; in
> my admittedly biased opinion, they usually rank somewhere between
> used-car salesmen and drug dealers.
You left out politicians, somewhere in there kinda close.
>
...
> >I can see it now, to be included with an employment application, a release
> >to search your traces at your ISP, along with you medical, employment, as
> >well as court records. It's just a matter of time.
>
> Probably is. But the solution isn't to develop *ineffective* technical
> countermeasures, is it?
>
I mentioned this as a *matter of time* in jest. Actually, demanding too
much information should be a breach of privacy, and something a
prospective employer should not do.
Patrick Juola
In article <wtshaw-0102...@207.101.116.67> wts...@RadioFreeTexas.spamstop.com (W T Shaw) writes:
>In article <6b17t6$lnu$1...@news.ox.ac.uk>, pat...@gryphon.psych.ox.ac.uk
>(Patrick Juola) wrote:
>>
>> I would be surprised to find any significant subset of personnel
>> employees that I would regard as having a "high moral calling"; in
>> my admittedly biased opinion, they usually rank somewhere between
>> used-car salesmen and drug dealers.
>
>You left out politicians, somewhere in there kinda close.
>>
>...
>> >I can see it now, to be included with an employment application, a release
>> >to search your traces at your ISP, along with you medical, employment, as
>> >well as court records. It's just a matter of time.
>>
>> Probably is. But the solution isn't to develop *ineffective* technical
>> countermeasures, is it?
>>
>I mentioned this as a *matter of time* in jest. Actually, demanding too
>much information should be a breach of privacy, and something a
>prospective employer should not do.
I suspect you're closer to the truth in your jest than either of us
would like. And, frankly, the idea of someone reading my postings
bothers me a lot less than a lot of other privacy violations I see
routinely performed.
Have you been around long enough to remember when there were "hundreds
of thousands" of people on the Net, and we were all abjured not to
write anything we wouldn't be willing to read aloud in a full SuperBowl
stadium?
The idea that anything I put onto a known public and insecure forum
might be viewed and remembered by the public at large somehow doesn't
worry me that much.... rather like if I were to appear on TV and
then be really annoyed because a lot of people knew what I looked
like. 8-)
-kitten
W T Shaw
In article <6b43gc$sli$1...@news.ox.ac.uk>, pat...@gryphon.psych.ox.ac.uk
(Patrick Juola) wrote:
>
> I suspect you're closer to the truth in your jest than either of us
> would like. And, frankly, the idea of someone reading my postings
> bothers me a lot less than a lot of other privacy violations I see
> routinely performed.
How privacy is invaded to any extent is important to consider. Some
restrictions have been placed on employers asking certain private
questions. Beyond being politically correct, I wonder how far requests
for infomation might go, and if they would be honored.
>
> Have you been around long enough to remember when there were "hundreds
> of thousands" of people on the Net, and we were all abjured not to
> write anything we wouldn't be willing to read aloud in a full SuperBowl
> stadium?
Consider that the comments of players and professional commentators are
less and less formal these days in that circumstance. Being frank and
off-the-cuff seems to be winning over reserved and scripted. People are
less impressed by stilted conduct. Still, it is good to consider what one
does and says. I retained the optional flash screen prior to posting to
newsgroups; one should probably heed its warnings, which reminds one of
the widespread nature of the internet.
>
> The idea that anything I put onto a known public and insecure forum
> might be viewed and remembered by the public at large somehow doesn't
> worry me that much.... rather like if I were to appear on TV and
> then be really annoyed because a lot of people knew what I looked
> like. 8-)
>
I really is not that bothersome to me either, really. What would be
really annoying would be to overly characterize a person as looking a
certain way, not realizing that apperances and attitudes of everyone
changes in time.