Safe password?
paul...@yahoo.com
I use an encryption program that uses AES-256 as its encryption
algorithm but only allows passwords with a maximum length of 16
characters. Is it possible to create a safe password with only 16
characters for this encryption type?
Regards,
Paul
Luc The Perverse
news:1135518234.7...@g44g2000cwa.googlegroups.com...
What character set is permitted?
If 96 characters are permitted and you choose them randomly then the number
of bits of entropy from your password can be calculated with this simple
formula.
(ln (96^16)) / ln 2 or about 105 bits.
--
LTP
:)
JP LR
"Luc The Perverse" <sll_noSpamli...@cc.usu.edu> a écrit dans le
message de news:43aec400$0$7748$3a2e...@news.csolutions.net...
> <paul...@yahoo.com> wrote in message
> news:1135518234.7...@g44g2000cwa.googlegroups.com...
> > Hi,
> >
> > I use an encryption program that uses AES-256 as its encryption
> > algorithm but only allows passwords with a maximum length of 16
> > characters. Is it possible to create a safe password with only 16
> > characters for this encryption type?
>
>
> What character set is permitted?
> If 96 characters are permitted and you choose them randomly then the
number
> of bits of entropy from your password can be calculated with this simple
> formula.
>
> (ln (96^16)) / ln 2 or about 105 bits.
>
> --
> LTP
>
> :)
>
>
Hello
I disagree, because you can use dictionnaries to attack your password.
2000 words is enough to read a newspaper.
As words are 5 characters long on the average, there are 3 or 4 words in a
16 characters.
So the formula is more or less 2000^5, which is sghlitly more than 50 bits.
A far worse result than 105 bits.
Indeed if you use rare words, you will probably need a 20,000 words
dictionnary which will give a key of 70 bits.
To protect against dictionnary attacks, do not use spaces or take only the
first letter of every words of a passphrase.
Jean-Pierre
Carlos Moreno
>>> [...] Is it possible to create a safe password with only 16
>>>characters for this encryption type?
>>
>>What character set is permitted?
>>eans,
>>If 96 characters are permitted and you choose them randomly then the
>
> number
>
>>of bits of entropy from your password can be calculated with this simple
>>formula.
>>
>>(ln (96^16)) / ln 2 or about 105 bits.
>
> I disagree, because you can use dictionnaries to attack your password.
Huh?! With 16 characters chosen at random? One of us is
misunderstanding the issue...
Carlos
--
Unruh
>Hi,
What kind of "characters"
64^16=2^96-- a 94 bit key is still impossible to brute force.
But that assumes that you choose the key randomly. Noone does.
>Regards,
>Paul
Unruh
>"Luc The Perverse" <sll_noSpamli...@cc.usu.edu> a écrit dans le
>message de news:43aec400$0$7748$3a2e...@news.csolutions.net...
>> <paul...@yahoo.com> wrote in message
>> news:1135518234.7...@g44g2000cwa.googlegroups.com...
>> > Hi,
>> >
>> > I use an encryption program that uses AES-256 as its encryption
>> > algorithm but only allows passwords with a maximum length of 16
>> > characters. Is it possible to create a safe password with only 16
>> > characters for this encryption type?
>>
>>
>> What character set is permitted?
>> eans,
>> If 96 characters are permitted and you choose them randomly then the
>number
>> of bits of entropy from your password can be calculated with this simple
>> formula.
>>
>> (ln (96^16)) / ln 2 or about 105 bits.
>>
>> --
>> LTP
>>
>> :)
>>
>>
>Hello
>I disagree, because you can use dictionnaries to attack your password.
>2000 words is enough to read a newspaper.
What has this to do with anything? Why would he select his passwords from
the 2000 most common words?
If I assume that his password is selected from the two words cat or dog
repeated enough times to fill the 16 bytes, I get 2 bits of "entropy". Why
is that an answer to his question?
Luc The Perverse
news:don1bl$m6a$1...@nntp.itservices.ubc.ca...
>>I use an encryption program that uses AES-256 as its encryption
>>algorithm but only allows passwords with a maximum length of 16
>>characters. Is it possible to create a safe password with only 16
>>characters for this encryption type?
>
> What kind of "characters"
> 64^16=2^96-- a 94 bit key is still impossible to brute force.
> But that assumes that you choose the key randomly. Noone does.
No one?
My passwords are randomly generated. They are admittedly less than 16
characters of random characters, usually 8 - 12 with a concatenated "non
random" string, which is easy to remember for me, such as a phone number,
name or sentence.
If I were more concerned about the security of a particular file, I would up
that to 15 or more random characters. As it stands, I have relatively
little to lose or to keep secret, and as such am only trying to thwart
amateur hackers. For instance I highly doubt that I would refuse to
surrender my hard drive password under any type of interrogation (government
sponsored or otherwise) But I sleep a little better at night knowing no
one off the street can walk in so easily, turn on my computer and install a
virus or a keylogger. It is simply not worth people's time when I am a
random target.
--
LTP
:)
Luc The Perverse
news:43aef2ad$0$21282$8fcf...@news.wanadoo.fr...
What on earth are you talking about?
I am talking about randomly generated characters - where did this talk of
words come from?
Do you think the only passwords in the world are sentences?
--
LTP
:)
Mxsmanic
You can create passwords that might be sufficiently secure for some
applications, but you cannot exploit the full security of the
algorithm's keyspace, because no 16-character password will provide a
key of 256 bits. Even if you use every bit of every character, that
still comes out to only 128 bits; and in practice there are some
characters you can't use, so the actual effective key length is far
less than the algorithm allows (only 105 bits if you limit your
password to printable characters).
--
Transpose mxsmanic and gmail to reach me by e-mail.
Mxsmanic
> I disagree, because you can use dictionnaries to attack your password.
> 2000 words is enough to read a newspaper.
> As words are 5 characters long on the average, there are 3 or 4 words in a
> 16 characters.
> So the formula is more or less 2000^5, which is sghlitly more than 50 bits.
> A far worse result than 105 bits.
Nobody said anything about restricting the password to words from a
dictionary, which is a bad idea for any password.
> Indeed if you use rare words, you will probably need a 20,000 words
> dictionnary which will give a key of 70 bits.
Just don't use words at all. Words are an especially poor choice for
short passwords.
> To protect against dictionnary attacks, do not use spaces or take only the
> first letter of every words of a passphrase.
Or better yet, DON'T USE WORDS.
Mxsmanic
> What kind of "characters"
> 64^16=2^96-- a 94 bit key is still impossible to brute force.
> But that assumes that you choose the key randomly. Noone does.
Some of us do.
Just the muddy the waters a bit more, if the password is Unicode and
even unassigned characters are used in the password, it would be
possible to use every key in the AES-256 keyspace. Of course, that is
even more improbable than anything else discussed thus far.
Unruh
>paul...@yahoo.com writes:
105 bits would be fine. That is not going to get broken by exhaustive
search. However most human chosen passwords are more like 20-30 bits.
JP LR
OK, you are right you were speaking of randomly generated characters.
So my comment is not adequate.
JP
Carlos Moreno
>> [...]
>>I am talking about randomly generated characters - where did this talk of
>>words come from?
>
> OK, you are right you were speaking of randomly generated characters.
> So my comment is not adequate.
In all fairness: your comment *was* adequate -- it was not *relevant*
as a reply to the previous post :-)
Carlos
--
paul...@yahoo.com
> <paul...@yahoo.com> wrote in message
> news:1135518234.7...@g44g2000cwa.googlegroups.com...
> > Hi,
> >
> > I use an encryption program that uses AES-256 as its encryption
> > algorithm but only allows passwords with a maximum length of 16
> > characters. Is it possible to create a safe password with only 16
> > characters for this encryption type?
>
>
> What character set is permitted?
>
> If 96 characters are permitted ...
Not quite but almost. All characters that can be typed on a standard
keyboard with the exception of characters that are created by using
Ctrl + Alt are permitted.
I never use words in my passwords, just first letters of some made up
sentences combined with numbers. So I guess I should be pretty safe
with a *good* 16 character password.
Thanks to everyone for answering!
Paul
David Taylor
> Luc The Perverse wrote:
>
>> <paul...@yahoo.com> wrote in message
>> news:1135518234.7...@g44g2000cwa.googlegroups.com...
>> > Hi,
>> >
>> > I use an encryption program that uses AES-256 as its encryption
>> > algorithm but only allows passwords with a maximum length of 16
>> > characters. Is it possible to create a safe password with only 16
>> > characters for this encryption type?
>>
>>
>> What character set is permitted?
>>
>> If 96 characters are permitted ...
>
> Not quite but almost. All characters that can be typed on a standard
> keyboard with the exception of characters that are created by using
> Ctrl + Alt are permitted.
On my keyboard, that appears to be 96 characters. Unless you allow
AltGr+` (broken vertical pipe) and AltGr+3 (euro symbol), which makes
98.
--
David Taylor
David Taylor
> "Luc The Perverse" <sll_noSpamli...@cc.usu.edu> a ?crit dans le
> message de news:43aec400$0$7748$3a2e...@news.csolutions.net...
>>
>> If 96 characters are permitted and you choose them randomly then the
>> number of bits of entropy from your password can be calculated with
>> this simple formula.
>>
>> (ln (96^16)) / ln 2 or about 105 bits.
>>
> 2000 words is enough to read a newspaper.
> As words are 5 characters long on the average, there are 3 or 4 words in a
> 16 characters.
> So the formula is more or less 2000^5, which is sghlitly more than 50 bits.
> A far worse result than 105 bits.
>
> Indeed if you use rare words, you will probably need a 20,000 words
> dictionnary which will give a key of 70 bits.
>
> To protect against dictionnary attacks, do not use spaces or take only the
> first letter of every words of a passphrase.
Or, as stated in the message you're replying to -- pick the characters
in the password *randomly*.
--
David Taylor
Mxsmanic
> On my keyboard, that appears to be 96 characters. Unless you allow
> AltGr+` (broken vertical pipe) and AltGr+3 (euro symbol), which makes
> 98.
On Windows machines, there are 225 printable characters (including the
space), and if you use them all randomly in a 16-character password,
you can obtain a keyspace of about 125 bits. Still insignificantly
small compared to the keyspace of AES-256.
Luc The Perverse
news:dopk19$vmf$1...@outcold.yadt.co.uk...
If you use ALT keys with your number pad you can get more.
Like Alt+0199 is Ç and I think 233 is "é" . . yup it was
--
LTP
:)
Juuso Hukkanen
>Mxsmanic <mxsm...@gmail.com> writes:
>
>>characters you can't use, so the actual effective key length is far
>>less than the algorithm allows (only 105 bits if you limit your
>>password to printable characters).
>
>105 bits would be fine. That is not going to get broken by exhaustive
>search. However most human chosen passwords are more like 20-30 bits.
Just measured it to be (less than ) 14.822 random bits!
How.. first looked up a password file, probably containing old web
site passwords. File had:
107651 passwords
768547 characters (excl. carriage returns)
,that means:
7.14 chars per password
57,114 bits per password
Password file contains lots of words vulnerable to dictionary attack,
but let's forget that. Let's pretend that the attacker is alien
species from planet Omicron 8 (1000 light years from here). Omicronian
8s do not have earth dictionaries, but they have WinZip and that same
password file.
After removing the line breaks from the password file (PK/)WinZip
compresses at maximum the file down to 308200 bytes indicating maximum
of 2,863 random bytes per password (22,904 bits).
However if sorted the password file before zipping, the file size goes
down to 199454 bytes ((PK/)Winzip@max).->indicating maximum of 1,853
random bytes per password (14,822 bits).
So, if an alien attacker gets their hands to that file, counts its
frequency and repeated patterns, than finds picks a popular username
(one to which a website says name already taken), ->then the alien
attacker will need to build 2^14.822 password which mimic the entropy,
pattern and length properties of those passwords in a password file,
in order to (in average) find a right password.
2^14.222 equals 19109.47 attempts to guess the users password.
Somehow I think that the whole idea of passwords should be revisited
:)
Juuso Hukkanen
(to reply by e-mail set addresses month and year to correct)
paul...@yahoo.com
> On Windows machines, there are 225 printable characters (including the
> space), and if you use them all randomly in a 16-character password,
> you can obtain a keyspace of about 125 bits. Still insignificantly
> small compared to the keyspace of AES-256.
Does that mean if I have the choice between AES-256 and AES-128
combined with a 16-character password I could just as well take AES-128
being no less secure than AES-256?
Paul
giorgio.tani
Hi, IMHO it's quite hard that an user would remember easily a 16
character password randomly generated, also if from a reduced character
set.
On the other side, it's quite probable that if it's the user that is
requested to chose the password, he/she will chose a trivially
guessable one.
The keyspace, expecially in the second case, would be far from the one
of AES-256 and the system could be brute forced with an effort very
lower than bruteforcing an AES 256 implementation that uses the wole
keyspace, however this fact alone is not a mandatory reason to "reduce"
the encryption to an AES-128.
I would rather enforce the application's capability to exploit the AES
256 keyspace, in example AFAIK you have two ways:
- you may let the user enter long sentences and hash it (with a
collision resistent hash) to a random key of the length you desire;
- you may use a two factor authentication "something you have plus
something you know" generating a random keyfile, that the user will
have to manage in a secure way, plus a traditional password
authentication, that the user have to remeber (and here you can
implement the same suggestion of the first point of letting the user
type a long passphrase and then hash it to the length you desire).
Mxsmanic
> Does that mean if I have the choice between AES-256 and AES-128
> combined with a 16-character password I could just as well take AES-128
> being no less secure than AES-256?
Yes, if each character is drawn from a set of 256 or fewer characters
(which is inevitable if the characters are held in 8-bit bytes).
Unruh
>> I use an encryption program that uses AES-256 as its encryption
>> algorithm but only allows passwords with a maximum length of 16
>> characters. Is it possible to create a safe password with only 16
>> characters for this encryption type?
>Hi, IMHO it's quite hard that an user would remember easily a 16
>character password randomly generated, also if from a reduced character
>set.
>On the other side, it's quite probable that if it's the user that is
>requested to chose the password, he/she will chose a trivially
>guessable one.
>The keyspace, expecially in the second case, would be far from the one
>of AES-256 and the system could be brute forced with an effort very
>lower than bruteforcing an AES 256 implementation that uses the wole
>keyspace, however this fact alone is not a mandatory reason to "reduce"
>the encryption to an AES-128.
>I would rather enforce the application's capability to exploit the AES
>256 keyspace, in example AFAIK you have two ways:
No it is idiotic. The application uses AES256 and then demands a key length
of less than 16 characters. That is idiotic. It indicates that the designer
knew nothing about cryptography or security. And you would trust anything
to him/her?
John E. Hadstate
> "giorgio.tani" <giorgi...@email.it> writes:
>
>>I would rather enforce the application's capability to
>>exploit the AES
>>256 keyspace, in example AFAIK you have two ways:
>
> No it is idiotic. The application uses AES256 and then
> demands a key length
> of less than 16 characters. That is idiotic. It indicates
> that the designer
> knew nothing about cryptography or security. And you would
> trust anything
> to him/her?
It may seem idiotic to you, but the Sun JRE does essentially
the same thing. It allows the developer to develop a system
using strong cipher algorithms and then, at run time, based
on the presence and contents of a "policy file", limits the
key length. One can download "unlimited strength" policy
files from the Sun site, but the default is to use "strong"
(read "weakened") keys.
On a side note, this must have some interesting implications
for the portability and global interoperability of Java
applications created using Sun's cryptographic services.
Sebastian Gottschalk
> It may seem idiotic to you, but the Sun JRE does essentially
> the same thing. It allows the developer to develop a system
> using strong cipher algorithms and then, at run time, based
> on the presence and contents of a "policy file", limits the
> key length. One can download "unlimited strength" policy
> files from the Sun site, but the default is to use "strong"
> (read "weakened") keys.
Check the implementation and you'll find that "strong" doesn't either
mean or implement "weakened", but really just "limited".
Unruh
>John E. Hadstate wrote:
I think Hadstate used "limited" as also falling within the terms of
definition of "weakened". If Sun "limited" the password to one byte would
you agree that they had also "weakened" it? Or one bit?
Joseph Ashwood
> algorithm but only allows passwords with a maximum length of 16
> characters. Is it possible to create a safe password with only 16
> characters for this encryption type?
I was going to say that you can't get the full 256-bits because ASCII
characters are only 8-bits and 8*16 is only 128-bits of password available,
but as was pointed out by others, what kind of characters? If you use UTF-32
that gives you the theoretical ability to put 512-bits of entropy into the
password, well in excess of the 256 it can actually use. However, more than
likely it is an ASCII-like environment, which means that there are
functionally < 100 different characters available (before anyone says it,
yes I do have passwords that I memorized in octal, they are useful in very
rare situations, if at all), so you will have log_2(100)*16 (100 and a few)
available bits of potential entropy, which is beyond the abilities of any
known method of bruteforcem, and represents approximately 10^16 mips*years
of work, or 10^13 years on a single 4GHz cpu core. Unless you have extremely
demanding requirements (e.g. President Shrub calling from Air Farce One)
this will be more than enough, but will be a far cry from the 256 available.
With an Asian language, which like Chinese can have 10,000 different
characters the numbers are a bit different, the equations the same. The
maximum entropy jumps to log_2(10,000)*16, or around 210 bits. This is
around 10^49 mips*years, or around 10^45 years with a single 4GHz cpu core.
I would say that even if your requirements are President Shrub calling from
Air Farce One this is sufficient.
Joe
cryptonom
What about Unicode character sets (Japanese, Hindi, Arabic, Tamil,
Cyrillic, Chinese, Korean, etc)?
Most non-Latin sets have many more characters than the Romance
Languages, and thus must provide more entropy per character, no?
There are plenty of European languages which provide quite a few more
characters than English. Wouldn't these also allow for more entropy in
pass phrases?
Seems to me that those working in English are at a distinct disadvantage
(as far as pass phrase entropy is concerned) to those working in
languages with larger character sets.
giorgio.tani
> of less than 16 characters. That is idiotic.
evaluate the real security of the system, in the sense that as I say in
another post that application will be like an armoured wall (AES-256)
with a tiny wooden door (16 characters limited to typeable set).
And yes, maybe the OP should firstly understand better the security
issues in password management reading some of the good literature that
can be found online... however, I also know that learning from errors
is one of the most common way people learn things!
The solutions I see to this may be in extending the password length and
hashing it, with a proper collision resistent hash, to the desired
length, however it will not prevent the user to chose a trivial
password that can be easily guessed in few trials or with basic social
engineering tecniques. It would be like enforcing the door replacing it
with an armoured one, but nothing could reasonably prevent the user to
let it open or with the key in a silly place...
So, a better solution would be to enforce the password as in the
previous paragraph but also use for keying a second factor like a
string of pseudorandom bytes, generated by a suitable prng (or better
collecting enthropy by various computer's devices like implemented on
most of modern operating systems).
Nothing will prevent the user to manage in a silly way also the second
factor of authentication but still "something you know plus something
you have" approach is somewhat better in giving chances to protect the
user from himself!
Joseph Ashwood
news:Z2stf.209031$qk4....@bgtnsc05-news.ops.worldnet.att.net...
> What about Unicode character sets (Japanese, Hindi, Arabic, Tamil,
> Cyrillic, Chinese, Korean, etc)?
Yes, the UTF-32 languages will have far more available entropy than any
others, that's why I did the calculations I did. Chinese has the largest
character-set, and the Latin sets are all about tied for the smallest, se
the choice of English is simply a matter of familiarity.
> Most non-Latin sets have many more characters than the Romance Languages,
> and thus must provide more entropy per character, no?
If the characters are chosen randomly, then yes they do. Chosen non-randomly
it will almost certainly line up with an English translation having ~1 bit
of entropy per character, so due to the compression offered by the use of
additional characters, you will get some increase, but it is highly
dependent on the form and language.
> There are plenty of European languages which provide quite a few more
> characters than English. Wouldn't these also allow for more entropy in
> pass phrases?
To a small degree, what you have to remember is that a character set of 32
entries can express 5 bits of entropy, but to reach 10 bits takes a
character set of 1024 entries. This does not lend itself well to
memorization, so most languages will actually optimize them out over the
course of time, even Chinese which has the largest has a functioning set
that is a small fraction, with an increasing move to a latin-based character
set that drops their apparent entropy actually lower than English. This
shrinkage plays a role only to a small degree as I noted before the
character set size has to grow exponentially for linear growth in the
expressable entropy. This effect is actually dramatic enough that for most
purposes I recommend that a high security password be chosen with 2 dice and
the 36 combinations mapped to a-z, 0-9 (exand as needed, a quarter can
supply shift control, etc), this shrinks the space further, but makes things
easily computable and with most current systems using hashes anyway it
provides more of a warm-fuzzy for some people than diceware.
> Seems to me that those working in English are at a distinct disadvantage
> (as far as pass phrase entropy is concerned) to those working in languages
> with larger character sets.
The disadvantage is only minor, the difference in expressable entropy
between a character set of 96 and a character set of 120 just isn't that
big, representing a fraction of a bit per character, even the difference
between 96 and 10,000 isn't actually that big, with the larger set only
capable of expressing double the entropy per character. Considering usable
ranges, the differences between languages is typically not a major concern,
it is only when we have very high security requirements (e.g. President
Shrub . . . . .), and very tight constraints (e.g. 16 characters) that the
difference begins to have an effect.
Joe
Unruh
Terribly small entropy. That second byte in unicode tends not to be used
much -- ie the range of values is very small. Ie, far less entropy.
>Most non-Latin sets have many more characters than the Romance
>Languages, and thus must provide more entropy per character, no?
very maginal. None has even twice as many characters. It is usually just a
few extrs. And if it uses something like unicode, those extras are done by
using a single bit of that second byte, a real waste of a byte.
His limit was 16 bytes AFAIK not "16 characters no matter how many bytes the
character is encoded in"
Gabriel Lear
...President Shrub calling from Air Farce One...
Mr. Ashwood,
I deeply respect your comprehension and familiarity with
Cryptography, and I acknowledge your proficiency in the field. However,
I must ask what possible motive would you have for (twice!) denigrating
the Office of the President of the United States of America, in a time
such as this, other than an over-zealous eagerness to distinguish
yourself by appearing clever and witty in front of your peers?
And what possible result could come of this ostentatious and feeble
attempt at grandstanding, other than the exposure of a (small) part of
yourself as an unsophisticated and immature adolescent?
Also, I would very much appreciate if you could cite the source of
the phrase "President Shrub", which obviously must be from one of the
Liberal propaganda media outlets, e.g. AP, UPI, Reuters, ABC, CBS, NBC,
MSNBC, CNN, BBC, etc., as I've noticed the phrase used a number of times
lately in other newsgroups, and by other mind-numb robots.
Thank-you, and have a happy and joyous new year.
--Gabriel Lear
Unruh
>Joseph Ashwood wrote:
>...President Shrub calling from Air Farce One...
>Mr. Ashwood,
> I deeply respect your comprehension and familiarity with
>Cryptography, and I acknowledge your proficiency in the field. However,
>I must ask what possible motive would you have for (twice!) denigrating
>the Office of the President of the United States of America, in a time
>such as this, other than an over-zealous eagerness to distinguish
>yourself by appearing clever and witty in front of your peers?
There is a difference between the office of the President and the person
who happens to occupy that title. And what does "at a time such as this"
mean? It is precisely in times of trouble that the actions of the occupant
of that office should be under the closest scrutiny. Because it is
precisely in times of trouble that people may misuse such offices for their
own and not the nation's purposes.
> And what possible result could come of this ostentatious and feeble
>attempt at grandstanding, other than the exposure of a (small) part of
>yourself as an unsophisticated and immature adolescent?
> Also, I would very much appreciate if you could cite the source of
>the phrase "President Shrub", which obviously must be from one of the
>Liberal propaganda media outlets, e.g. AP, UPI, Reuters, ABC, CBS, NBC,
>MSNBC, CNN, BBC, etc., as I've noticed the phrase used a number of times
>lately in other newsgroups, and by other mind-numb robots.
Liberal? Sheesh. You have sunk pretty low haven't you?
Gabriel Lear
> Liberal? Sheesh. You have sunk pretty low haven't you?
I would like to say that I have as much respect for you as I do for Mr.
Ashwood, but I don't. So I'm not going to dignify you with a response
other than to say that you have committed what should be an anathema to
any would-be cryptographer. That is, exposing a weakness. In this case,
the weakness of being a Liberal that hates being called a Liberal.
Joseph Ashwood
news:lcednZfwFKdEKive...@northstate.net...
> Joseph Ashwood wrote:
>
> [extremely demanding security requirements]...President Shrub calling from
> Air Farce One...
Editted to contain useful information.
> However, I must ask what possible motive would you have for (twice!)
> denigrating the Office of the President of the United States of America,
> in a time such as this, other than an over-zealous eagerness to
> distinguish yourself by appearing clever and witty in front of your peers?
What I wonder is why you took offense at this so easily. There are a number
of different interprettations of my statement, including denigration of the
design proposed, as it certainly would never be placed on Air Force One.
Instead of taking this as a comment for clarity, you have for some reason
interpretted it as an insult. Since it is fairly common knowledge that we
take offense at our own fears, what is your concern about the current
president of the United States? There is no bad time to poke fun at someone
who has generated such incompetence in a seat of power, but such statements
as President Shrub and Air Farce One do not convey his abilities with better
clarity than simply looking at his record. He is the one who decided to
launch an unwinnable war on terror, he is the one who chose to invade Iraq
in spite of there being no reason. He is the one who fought to maintain the
right to torture. Being called Shrub is the least of the problems.
And just for the record, if I had wanted to insult him, I could certainly do
better, it would not be a problem to quote a certain South Park episode
regarding the last US presidential election.
I do however think that this is far enough off-topic to not waste everyone's
time continuing the thread on a newsgroup, if you insist on continuing it my
email is available, but I won't reply on group.
Joe
Gabriel Lear
> What I wonder is why you took offense at this so easily. There are a number
> of different interprettations of my statement, including denigration of the
> design proposed, as it certainly would never be placed on Air Force One.
> Instead of taking this as a comment for clarity, you have for some reason
> interpretted it as an insult. Since it is fairly common knowledge that we
> take offense at our own fears, what is your concern about the current
> president of the United States?
No, in this case, I took offense at your "poking fun" at my President
during a time of national upheaval, that is, during a time of war. I
assure you, it had nothing to do with any "fears".
> There is no bad time to poke fun at someone
> who has generated such incompetence in a seat of power,
That's your opinion. I could name lots of people that hold the opposite
view.
> but such statements
> as President Shrub and Air Farce One do not convey his abilities with better
> clarity than simply looking at his record.
Finally, we agree on something!
> He is the one who decided to launch an unwinnable war on terror,
There are hundreds of thousands of military personnel fighting in Iraq
and Afghanistan right now that would tell you the war on terror will be
won. Time and history will prove you wrong. You'll just have to trust me
on that.
> he is the one who chose to invade Iraq in spite of there being no reason.
"Without question we need to disarm Saddam Hussein. He is a brutal,
murderous dictator leading an impressive regime. He presents a
particularly grievous threat because he is so consistently prone to
miscalculation. And now he's miscalculating America's response to his
continued deceit and his consistent grasp for weapons of mass destruction."
John Kerry, January 23rd, 2003
"If Saddam rejects peace, and we have to use force, our purpose is
clear: We want to seriously diminish the threat posed by Iraq's weapons
of mass destruction program."
Bill Clinton, February 17th, 1998
"We must stop Saddam from ever again jeopardizing the stability and the
security of his neighbors with weapons of mass destruction."
Madeleine Albright, February 1st, 1998
"He will use those weapons of mass destruction again as he has ten times
since 1983."
Sandy Berger, Clinton national security advisor, February 18th, 1998
"Saddam Hussein has been engaged in the development of weapons of mass
destruction technology, which is a threat to countries in the region,
and he has made a mockery of the weapons inspection process."
Representative Nancy Pelosi (Democrat, California)., December 16th, 1998
"We begin with a common belief that Saddam Hussein is a tyrant and a
threat to the peace and stability of the region. He has ignored the
mandate of the United Nations, is building weapons of mass destruction
and the means of delivering them."
Senator Carl Levin (Democrat, Michigan), September 19th, 2002
"We know that he has stored nuclear supplies, secret supplies of
biological and chemical weapons throughout his country."
Al Gore, September 23rd, 2002
"Iraq's search for weapons of mass destruction has proven impossible to
deter, and we should assume that it will continue for as long as Saddam
is in power."
Al Gore, September 23rd, 2002
"There was unmistakable evidence that Saddam Hussein is working
aggressively to develop nuclear weapons and will likely have nuclear
weapons within the next five years. We also should remember that we have
always underestimated the progress Saddam has made in development of
weapons of mass destruction."
Senator Jay Rockefeller (Democrat, West Virginia) October 10th, 2002
"We are in possession of what I think to be compelling evidence that
Saddam Hussein has and has had for a number of years a developing
capacity for the production and storage of weapons of mass destruction."
Senator Bob Graham (Democrat, Florida) December 2002
"In the four years since the inspectors left, intelligence reports show
that Saddam Hussein has worked to rebuild his chemical and biological
weapons stock. His missile delivery capability, his nuclear program. He
has also given aid, comfort, and sanctuary to terrorists including
Al-Qaeda members. It is clear, however, that if left unchecked, Saddam
Hussein will continue to increase his capacity to wage biological and
chemical warfare and will keep trying to develop nuclear weapons."
Senator Hillary Clinton (Democrat, New York) October 10th of 2002
"We have known for many years that Saddam Hussein is seeking and
developing weapons of mass destruction."
Senator Ted Kennedy (Democrat, Massachusetts) September 27th, 2002.
"The last UN weapons inspectors left Iraq in October of '98. We are
confident that Saddam Hussein retains some stockpiles of chemical and
biological weapons and that he has since embarked on a crash course to
build up his chemical and biological warfare capabilities. Intelligence
reports indicate that he is seeking nuclear weapons."
Senator Robert Byrd (Democrat, West Virginia) October 3rd, 2002.
> He is the one who fought to maintain the right to torture.
I think you're missing the whole point here. We could, and should, kill
the terrorists, and not even bother taking them as prisoners. We capture
them to save American lives, and to end the war sooner. There's nothing
difficult in grasping that concept. Why do Liberals have such a hard
time with that? Besides, the Rules of the Geneva Convention relevant to
torture apply only to "members of armed forces". (Convention III. Part
I. Art. 3.) No matter how Liberals want to interpret that, we are *not*
in hostile combat with "members of armed forces" as the writers of the
Geneva Convention intended to convey.
It's also interesting that during the Clinton administration, techniques
of torture were used every day on prisoners from Haiti, Somalia and
Kosovo, but nobody criticized them then. In fact, the Liberal media
didn't even bother to bring it to anybody's attention.
Being called Shrub is the least of the problems.
I never said it was a problem. I said I don't appreciate you poking fun
at my President when you have absolutely no grounds whatsoever for doing
so, as I've just now proven to you.
> And just for the record, if I had wanted to insult him, I could certainly do
> better, it would not be a problem to quote a certain South Park episode
> regarding the last US presidential election.
Ok, as you wish. I'll add "South Park Animated Cartoon" to the list of
sources of Liberal propaganda. But I think your pushing it if you
consider the writers of South Park as being authoritative on
Presidential elections. You're scraping the bottom of the barrel there.
> I do however think that this is far enough off-topic to not waste everyone's
> time continuing the thread on a newsgroup, if you insist on continuing it my
> email is available, but I won't reply on group.
You are right, this is off-topic, which is why I prefaced my first post
with the OT, which I see has been removed. But you were the one that
included this "off-topic" subject in your post, and besides, I really
don't think this to be a waste of anyone's time. This is very important
material that's being discussed. If someone disagrees, they can move on
to the next thread.
I'll close with this quotation that summarizes my views exactly.
"Anybody who doesn't appreciate what America has done and President
Bush, let them go to hell!"
--Iraqi voter Betty Devisha
stan
wrote:
>Unruh wrote:
>
>> Liberal? Sheesh. You have sunk pretty low haven't you?
>
>I would like to say that I have as much respect for you as I do for Mr.
>Ashwood
<snip drivel>
No. Unruh's question was valid:
Gabriel Lear
> No. Unruh's question was valid:
>
> "You have sunk pretty low haven't you?"
You don't like being called a Liberal either, "stan"?
Now, that's the type of person I would describe as having "sunk pretty
low": someone that is not proud of what they are, whether it's a Liberal
or a Conservative, or even a Moderate. Whatever political stance you
take, take pride in it. And don't be ashamed of being called a Liberal,
"stan".
Phil Carmody
Apparently I've not been paying attention, and have lost the plot.
What the fuck is this to do with cryptography?
Phil
--
What is it: is man only a blunder of God, or God only a blunder of man?
-- Friedrich Nietzsche (1844-1900), The Twilight of the Gods
Gabriel Lear
> Apparently I've not been paying attention, and have lost the plot.
>
> What the fuck is this to do with cryptography?
Is that a rhetorical question, Phil?
Or are you really expecting an answer?
Tom St Denis
Weren't you insulting me not 30 days ago for talking out of turn and
such? Hmm... interesting.
BTW, posting the prefix "OT: " to your post does not make it ok to post
off topic material to a group.
Tom
Gabriel Lear
> Weren't you insulting me not 30 days ago for talking out of turn and
> such? Hmm... interesting.
No. You obviously have mistaken me for someone else. But, let's assume
for a moment that it was me. Explain what you are referring to as
"talking out of turn".
> BTW, posting the prefix "OT: " to your post does not make it ok to post
> off topic material to a group.
I'm ready to let this sub-thread die off. In fact, I already had. And
then "stan" had to jump in there with his question. Besides, doesn't
posting here make you guilty of the same offense? I think that is
interesting. You still haven't learned that you have to abide by the
same laws as us mere mortals, have you?
Tom St Denis
Gabriel Lear wrote:
> Tom St Denis wrote:
>
> > Weren't you insulting me not 30 days ago for talking out of turn and
> > such? Hmm... interesting.
>
> No. You obviously have mistaken me for someone else. But, let's assume
> for a moment that it was me. Explain what you are referring to as
> "talking out of turn".
In the "where is tom" thread you suggest I was hiding because I was
sulking and licking my wounds [or something like that].
And yes, you do change your email address quite a bit. Either Gabriel
Lear is a popular name here or you change your email [or google just
sucks] as it only finds two posts with your current ID.
> > BTW, posting the prefix "OT: " to your post does not make it ok to post
> > off topic material to a group.
>
> I'm ready to let this sub-thread die off. In fact, I already had. And
> then "stan" had to jump in there with his question. Besides, doesn't
> posting here make you guilty of the same offense? I think that is
> interesting. You still haven't learned that you have to abide by the
> same laws as us mere mortals, have you?
Actually it's accepted that pointing out unacceptable behaviour is not
in and of itself unacceptable. E.g. telling someone their thread is OT
is not OT nor unacceptable.
Tom
Gabriel Lear
> In the "where is tom" thread you suggest I was hiding because I was
> sulking and licking my wounds [or something like that].
I cannot fathom how, by any stretch of the imagination, you connect that
with "talking out of turn". But I'll take your word for it.
> Actually it's accepted that pointing out unacceptable behaviour is not
> in and of itself unacceptable. E.g. telling someone their thread is OT
> is not OT nor unacceptable.
I'll make a note of that. Don't be surprised though if I remind you of
it sometime in the future.
cryptonom
>
> Actually it's accepted that pointing out unacceptable behaviour is not
> in and of itself unacceptable. E.g. telling someone their thread is OT
> is not OT nor unacceptable.
Which is what started this OT thread, i.e. somebody pointing out Mr.
Ashwood's unacceptable remarks about the blessed POTUS. It would be
best to keep the smartassed comments out of a scientific newsgroup; but
it would come as a surprise if that really happened, since the regular
posters in this group are all trying to outsmart and upstage each other.
Maybe sci.crypt should change its name to sci.crypt-pissing-contest?
stan
wrote:
>stan wrote:
>
>> No. Unruh's question was valid:
>>
>> "You have sunk pretty low haven't you?"
>
>You don't like being called a Liberal either, "stan"?
Nobody called me a Liberal. Why would they? Unless they were clueless
and reduced to blindly barfing up words with no basis. Hmmmm...
I'm just saying Unruh's question was valid:
Gabriel Lear
> I'm just saying Unruh's question was valid:
>
> "You have sunk pretty low haven't you?"
>
I surmise that you're not quite up to speed with the rest of the pack,
"stan", but, yes, I did indeed answer your question.
When you go back to school this week, ask your teacher to explain it to
you. Maybe they will be able to help you to see and to learn the
"indirect method" of answering imbecilic questions.
Phil Carmody
> Gabriel Lear wrote:
...
> And yes, you do change your email address quite a bit. Either Gabriel
> Lear is a popular name here or you change your email [or google just
> sucks] as it only finds two posts with your current ID.
Ah, that explains a lot..
(("from"
("Gabriel Lear <gl...@norstrum.net>" -1000 nil s)
...
my alist needs another record, it appears.
While I'm here - happy new year.
stan
wrote:
>stan wrote:
Man...
No. No you didn't answer the question from Unruh, which now appears
more valid than ever:
"You have sunk pretty low haven't you?"
And what's with all the finger pointing you're doing around here? You
don't appear to be advanced enough to understand that your assumptions
about others (including me) are unwarranted.
An analogy is you're like a turd yelling at a beautiful sunset.