Popular Cryptography Magazine
Globemaker
http://popularcryptography.blogspot.com/
The articles include an evaluation of an algorithm, and an encrypted
essay called "Vertically Extruded Privacy Hardware Using Generalized
Electronic Strata" encrypted with AES using the 128 key of all zeros.
This encryption step prevents incompetent people from reading the
intellectual properties.
adacrypt
I am hugely honoured to have my stuff going up on "Popular
Cryptography Magazine" what ever reaction it may provoke from your
readership.
I find it a bit off-putting that I have to encrypt any article that I
may send you for your consideration as being of interest and
worthwhile from a publishing aspect - I would very much like to
subscribe occasionally and perhaps you could advise me of any
alternatives - I have no desire for secrecy unless you want that for
reasons unknown to me.
My dilemma now is that not being into AES at all I cannot enjoy seeing
my stuff up front on your new venture.
Good Luck with your new Mag. - thanks - adacrypt
Dave -Turner
only weakly protected even though it doesn't need protection - all this does
is force the reader to waste extra time. Seems a bit pointless to me.
David Eather
Posting all that encrypted crap is a seriously stupid idea - the only
thing it does is make reading the blog an extra pain in the arse,
discouraging readers and anyone who might submit. Revise that idea by
eliminating it.
Globemaker
> Posting all that encrypted crap is a seriously stupid idea - the only
> thing it does is make reading the blog an extra pain in the arse,
> discouraging readers and anyone who might submit. Revise that idea by
> eliminating it.
stupid? Stupid? STUPID??? No my friend, this brings home to the reader
the practical awkwardness of using any modern crypto software. I know
from my experience how difficult it is for a Master of Science to
enter the "all zeros key" and to decrypt a stranger's file. There are
so many TV show to watch and donuts to eat that most people have great
difficulty finding the time and mental energy to decrypt one file with
a known key using the most standardized algorithm in all of cryptodom.
Watch TV, eat, do not try to decrypt stuff.
adacrypt said:
> My dilemma now is that not being into AES at all I cannot enjoy seeing
> my stuff up front on your new venture.
Not AES. I will encrypt the evaluation of Vector Cryptography using
your own software of Vector Encryption, not AES. Then strangers will
need to install your Vector Cryptography software on their computers
and use "the all zeros key" to read the evaluation. If your software
is difficult to install and use, then readership will be lower than if
your program is easy to install and use.
Some of the introductions are in plaintext. Some essays use Greeek
letters so I can read them slowly without changing them back to
English.
Cryptography is too advanced and complicated for most people to use.
The style of Popular Cryptography Magazine is not pleasant for most
people. But all are welcome!
adacrypt
Hi,
Digressing a little from your last viewpoint. I take the view that
absolutely everthing about the algorithm is open to the adversary
anyway and the crypto strength has to be demonstrated by the sheer
intractactability of the ciphertext even when it is handed to him.
Using cryptography to manipulate the lethargic reader may prove to be
destructive in that he will do the most common thing known to lazy
people - he will just get some more doughnuts and forget about it. -
Cheers - adacrypt
adacrypt
Hi again,
I think "Popular Cryptography Magazine" is a very useful notice board
as an adjunct to sci crypt and as a means for readers to expand and
expound stuff that the more cryptic sci crypt is impatient about.
Judging from the posts there is a lot of crossfire from different
disciplines of reader in sci crypt who often make no attempt to
rationalise their own input in the eyes of less equipped other readers
and simply see sci crypt as their private preserve - there is a lot of
parochial tunnel vision at times but there is great potential for some
one like yourself to rationalise this in some form of central clearing
house.
I think that a lot of people like myself are not all round crypto
experts but are almost hypnothically focused on the intellectual core
of the cipher-to-be (in their locker - its all I know) and accept that
their finished work is going to be needing huge tertiary inputs from
people like yourself in the form of software engineering (?) and
infrastructure management(?) , something that is way ouside of their
present scope.
Your method of making people toe the line is a bit draconian - I think
it would be more productive if you studied the deployment of Popular
Cryptography Magazine as a resource and as a flux in the understanding
sphere - I think - adacrypt
WTShaw
The last statement is rather prejudicial, that incompetent people
can't use AES, etc., and that competent people can. It's as specific
and true as stating those that eat figs and ice cream are true
gourmets and those that don't aren't, and I'd stand by the last
statement but I have learned to stay away from such folk, as far away
as possible.
To play the game, I should offer a better end algorithm of mine, but
who can best evaluate it? All knowledge is founded in values, so how
fair are you willing to be?
David Eather
> David said:
>> Posting all that encrypted crap is a seriously stupid idea - the only
>> thing it does is make reading the blog an extra pain in the arse,
>> discouraging readers and anyone who might submit. Revise that idea by
>> eliminating it.
>
> stupid? Stupid? STUPID??? No my friend, this brings home to the reader
> the practical awkwardness of using any modern crypto software.
Yes, stupid.
You and everyone else use cryptography almost every day, probably
several times a day you/they aren't even aware of the fact - that's how
unobtrusive real cryptography is.
If you wanted to review something useful try PGP or TrueCrypt. For
example, PGP whole disk encryption is so unobtrusive that after you
enter the password you won't notice *any* performance or operational
change on your PC, but turn it off or log off and your entire hard drive
is protected from everyone.
>I know
> from my experience how difficult it is for a Master of Science to
> enter the "all zeros key" and to decrypt a stranger's file.
There are 8 year olds who use cryptography daily. Most don't seem to
need a Master's. Do you see a difference between what you do and think
and what is done in practice?
<Snip>
adacrypt
>You and everyone else use cryptography almost every day, probably
>several times a day you/they aren't even aware of the fact - that's how
>unobtrusive real cryptography is.
What your'e saying is simply an unconscious nuance of human behaviour
- I reckon that there is a myriad out there of real cryptography that
is in truth merely varying degres and instances of failed cryptography
hardly worth calling cryptography in most serious circles - that has
to include the RSA cipher which of course is a declared failure
(somewhere in the "Handbook of Applied Cryptography") of a
mathematical one-way function cipher.
There should be only one cryptography that is implied when that word
i.e. cryptography is used without qualification and that is
'Theoretically Unbreakable Class' of cryptography ( same handbook ).
One way or another this launching of "Popular Cryptography Magazine"
is a turning point for the good in crypto publications in my view - I
just hope that they will change the goal posts - I reckon if they
worked on a policy of publishing by meritorios invitation it would
become such a coveted prize that it would fill a much needed niche
between say the American Mathematical Society and sci crypt. -
adacrypt
Tom St Denis
You're a funny, funny person.
Tom
Globemaker
> One way or another this launching of "Popular Cryptography Magazine"
> is a turning point for the good in crypto publications in my view - I
> just hope that they will change the goal posts - I reckon if they
> worked on a policy of publishing by meritorios invitation it would
> become such a coveted prize that it would fill a much needed niche
> between say the American Mathematical Society and sci crypt. -
> adacry
During these early stages of evaluating your Vector Cipher 2, I am
focussing on two aspects for Popular Cryptography Magazine:
I cannot find a place in your software to enter a key of all zeros.
When I tried to encrypt a file with 24 megabytes of ASCII information,
the ciphertext was only 3 kilobytes long.
Do you, adacrypt, have any comment on those two issues?
Are these the right programs to be evaluating?
real_time_encryption_program_mark_2.exe
batch_encryption_program_mark_2.exe
general_encryption_program_mark_2.exe
general_decryption_program_mark_2.exe
Globemaker
> You and everyone else use cryptography almost every day, probably
> several times a day you/they aren't even aware of the fact - that's how
> unobtrusive real cryptography is.
It is automated to be unobtrusive so unskilled people can benefit.
That automation disallows anyone to enter the key of all zeros, except
in rare instantiations.
>
> If you wanted to review something useful try PGP or TrueCrypt.
I tried out TrueCrypt. It disallows me to enter the key of all zeros.
> >I know
> > from my experience how difficult it is for a Master of Science to
> > enter the "all zeros key" and to decrypt a stranger's file.
>
> There are 8 year olds who use cryptography daily. Most don't seem to
> need a Master's. Do you see a difference between what you do and think
> and what is done in practice?
Yes, I notice that the automated authentication is about as
trustworthy as on-line slot machines.
adacrypt
Hi,
>Are these the right programs to be evaluating?
>real_time_encryption_program_mark_2.exe
>batch_encryption_program_mark_2.exe
>general_encryption_program_mark_2.exe
Yes, these are the right programs alright.
That version does not display any of the internal computations at
runtime that Mark_0 does - it is a working version - it also an exact
copy of Mark_1
I have no idea what a key of all zeros that you mention is and there
is no accomodation in my source code for it - I suspect my cipher is
rejecting something it is not intended to do - it may sound small-
minded but frankly the only thing I want to understand is security of
information that is encrypted by one of the two cipher types (sporadic
mapping to integer points in space) - that I am promoting - I want to
cooperate with you and suggest that if you email me a file of
plaintext - I will encrypt it at my end and compare results - remember
I work in denary all the time - no binary ever - except inside my
computer as machine code - hope to hear from - cheers - Adacrypt
adacrypt
Hi again ,
Are you able to encrypt and decrypt the test files of plaintext that
are included in the directory (folder) of Vector Cipher_2 ok ? -
adacrypt
WTShaw
Anyone might make a particular program work on one computer as he is
accustomed to do, but try it on several for grins. Programming
languages can mess up due to corruption of the sources,
incompatibilities of platform, or less than transparent
communications. Visit a friend, let him download it and attempt to
make it work. You can learn lots this way. Every day furnishes new
opportunities to go astray. Concentrate and learn, do it myself.
adacrypt
>
> - Show quoted text -
Yup !
I accept that as a very essential part of the beta testing ! - regards
- adacrypt
adacrypt
Hi,
Suggest also running the Mark_0 program and see where it crashes out
- that is what it is there for - a diagnostic program
Dave -Turner
decrypt said messages, so really - what is the point of ANY security??? The
only thing it does is waste peoples time, and nobody likes that. There is NO
security because you've provided everybody the key and algorithm to decrypt
it, thus reducing it to a simple time-wasting exercise. Sorry, but it just
doesn't make sense - the ONLY thing it does is waste peoples time.
adacrypt
Naw Dave,
I think you have posted this in the wrong place.
The change-of-origin ploy is the basis of a one-way function - it is
totally and utterly impossible to reverse except by access to the
mutual databases - as long as Alice and Bob keep these secret then it
is impossible for anybody to know what the change-of-orign was that is
used for any item of ciphertext - each item of ciphertext has a
different one - it virtually needs a transfer of data from a human
memory to a computer memory - Only Alice and Bob can do that - there
is no secret about anything else - as it should be in principle
according to basic crypto - one-way functions are only workable by
means of mutual database technology - no sweat about how much is
public - at the end of the day Eve cannot get past the change-of-
origin stumbling block - cheers - adacrypt
Fritz Wuehler
Dave, please be smart and do not respond to google groups posts.
You will eliminate 99% of idiots just with this simple step.
Globemaker
... you've provided everybody the key and algorithm to decrypt
> it, thus reducing it to a simple time-wasting exercise. Sorry, but it just
> doesn't make sense - the ONLY thing it does is waste peoples time.
It does more than waste time. It gives people a motivation to attempt
to decrypt something with a specific key. When those readers of
Popular Cryptography Magazine search the world for software that will
let them enter a key, they will find that there are few with that
power, and that they may need to pay for the software. Many
cryptographic programs disallow keys to be entered, like TrueCrypt,
AES Crypt, and Adacrypt. Popular Cryptography Magazine is sticking
that in your face.
Also, see the Popular Cryptography Magazine page on random numbers to
imagine the possible uses of posting encrypted files of random numbers
with a standard file size of 8 kilobytes. You do not yet realize the
full power of the random side.
Tom St Denis
> On Jun 29, 12:26 pm, "Dave -Turner" <ad...@127.0.0.1> wrote:
> ... you've provided everybody the key and algorithm to decrypt
>
> > it, thus reducing it to a simple time-wasting exercise. Sorry, but it just
> > doesn't make sense - the ONLY thing it does is waste peoples time.
>
> It does more than waste time. It gives people a motivation to attempt
> to decrypt something with a specific key. When those readers of
> Popular Cryptography Magazine search the world for software that will
> let them enter a key, they will find that there are few with that
> power, and that they may need to pay for the software. Many
> cryptographic programs disallow keys to be entered, like TrueCrypt,
> AES Crypt, and Adacrypt. Popular Cryptography Magazine is sticking
> that in your face.
First off, calling a blog a magazine is just stupid. Magazines are
collections of articles published in a periodic fashion as issues
collected on a larger period as volumes. A blog is a place where
people vomit their conscious stream of thought and other people read
it out of sheer boredom.
Second, calling yours "popular" in the title is about as authentic and
original as Fox's "Fair and Balanced" or calling NK "democratic."
Third, being able to (assuming) ECB decrypt a file with a zero key is
in no way a form of power. For starters, an application written to do
that is totally useless in a real cryptographic application. You have
no key negotiation (other than to explicitly state what it is), you're
not even using a chaining mode let alone an authentication code which
means I can post your ciphertext altered and it would still decrypt.
In short it proves that you don't know how cryptography is supposed to
be done.
Fourth, I write cryptography for a living. Been doing it for nearly
10 years and I could whip up an AES decrypt with keys all zero
application while sitting sloshed in my seat after 4 pints of beer.
And I still don't care to. Why? Why the fuck would I read your
article? You've shown me no evidence that you have the first FSM damn
clue about cryptography at all. I'd rather take lessons on
cryptography from the writers of Swordfish than you. The fact that
you're gravitating towards Adacrypt as some sort of authority is proof
enough that you're clueless.
Good luck with your "Popular" "Cryptography" "Magazine" ...
Tom
adacrypt
Hi,
>You do not yet realize the
>full power of the random side.
I think there are a lot of others that also do not understand what
random really means - they confuse it with a haphazard collection
process that's supposed to carry along some extraordinary inbuilt
intractability that must surely emanate from being haphazrd they
think, when its used later - instead of meaning equal probability of
being the next one to be called in some unbiased retrievable system.
In passing - quite frankly I do not know enough of the wider field of
cryptodom to be able to analyse how destructive claims in posts such
as Dave's can be discredited by the available software, methodology
etc - at present I am following my instincts entirely and justifying
it mathematically as I go along - I have no doubt of the veracity of
my stuff to date - I don't need to collect any baggage that the
current crypto industry throws up - I am convinced it is on the way
out anyway even if it takes a few years - Cheers - adacrypt
Globemaker
> First off, calling a blog a magazine is just stupid. Magazines are
> collections of articles published in a periodic fashion as issues
> collected on a larger period as volumes. A blog is a place where
> people vomit their conscious stream of thought and other people read
> it out of sheer boredom.
Your bitterness is evident.
>
> Second, calling yours "popular" in the title is about as authentic and
> original as Fox's "Fair and Balanced" or calling NK "democratic."
Your denunciation is premature.
> Third, being able to (assuming) ECB decrypt a file with a zero key is
> in no way a form of power. For starters, an application written to do
> that is totally useless in a real cryptographic application.
That is a lie. Test vectors are published commonly with a zero key so
people can input the zero key into the software with a known plaintext
to prove that the known ciphertext results.
> You have
> no key negotiation
Lies, all lies. The Magazine asks people to send in their writings and
to define the key themselves. You seem prone to extremist
exaggerations and absolutism.
>
> Fourth, I write cryptography for a living.
I want to read the Magazine you write for. Where is it?
> Been doing it for nearly
> 10 years and I could whip up an AES decrypt with keys all zero
> application
"application"? Do you need to write a new program that specializes in
the all zeros key? I just double click on the program a bought using
money called Perfect File Encryption Using AES. I don't throw a temper
tantrum.
while sitting sloshed in my seat after 4 pints of beer.
> And I still don't care to. Why? Why the fuck
That beer makes you swear alot, does it? Good. Your anger makes you
stronger and bold.
would I read your
> article? You've shown me no evidence that you have the first FSM damn
> clue about cryptography at all. I'd rather take lessons on
> cryptography from the writers of Swordfish than you. The fact that
> you're gravitating towards Adacrypt
Adacrypt has an even temperment. He is a pleasant fellow to correspond
with. I also enjoy reading about your anger and beer. Please write
again about Popular Cryptography Magazine.
as some sort of authority is proof
> enough that you're clueless.
>
> Good luck with your "Popular" "Cryptography" "Magazine" ...
>
> Tom
Ha Ha Ha ..............
Tom St Denis
> On Jun 30, 6:39 am, Tom St Denis <t...@iahu.ca> wrote:>
>
> > First off, calling a blog a magazine is just stupid. Magazines are
> > collections of articles published in a periodic fashion as issues
> > collected on a larger period as volumes. A blog is a place where
> > people vomit their conscious stream of thought and other people read
> > it out of sheer boredom.
>
> Your bitterness is evident.
I'm not bitter, I'm just idiot resistant.
> > Second, calling yours "popular" in the title is about as authentic and
> > original as Fox's "Fair and Balanced" or calling NK "democratic."
>
> Your denunciation is premature.
And your command of language is not inspiring.
> > Third, being able to (assuming) ECB decrypt a file with a zero key is
> > in no way a form of power. For starters, an application written to do
> > that is totally useless in a real cryptographic application.
>
> That is a lie. Test vectors are published commonly with a zero key so
> people can input the zero key into the software with a known plaintext
> to prove that the known ciphertext results.
Ok, you're right, it's useful for TEST VECTOR PURPOSES. Not for
encrypting messages.
> > You have
> > no key negotiation
>
> Lies, all lies. The Magazine asks people to send in their writings and
> to define the key themselves. You seem prone to extremist
> exaggerations and absolutism.
So I tell you [and the world] what my key is? And this is a form of
"realistic" key negotiation in your mind?
> > Fourth, I write cryptography for a living.
>
> I want to read the Magazine you write for. Where is it?
I've published two books on the subject.
> "application"? Do you need to write a new program that specializes in
> the all zeros key? I just double click on the program a bought using
> money called Perfect File Encryption Using AES. I don't throw a temper
> tantrum.
I wouldn't buy a piece of software to do something I could accomplish
with a dozen lines of C. And I wouldn't write those dozen lines to
read your blog.
Tom
biject
I think I like Globemaker guy. Any one who pisses off little
Tommy can't be all bad. Second DAVE WHO do you mean
me Turener Eather or who dave is a common name.
Though I like the Globe guy he seems very clever. I would never
read your article if I need to buy your software. Though you write
great I have this gut feeling you code is crap. Maybe the Globe
guy since he had money to burn and actually bought you pile
of whatever it is can give us more thoughts of how good he
thinks it is. Say compared to scott19u.
David A. Scott
--
My Crypto code
http://bijective.dogma.net/crypto/scott19u.zip
http://www.jim.com/jamesd/Kong/scott19u.zip old version
My Compression code http://bijective.dogma.net/
**TO EMAIL ME drop the roman "five" **
Disclaimer:I am in no way responsible for any of the statements
made in the above text. For all I know I might be drugged.
As a famous person once said "any cryptograhic
system is only as strong as its weakest link"
Tom St Denis
> I think I like Globemaker guy. Any one who pisses off little
> Tommy can't be all bad. Second DAVE WHO do you mean
> me Turener Eather or who dave is a common name.
Right back at you, pal.
>
> Though I like the Globe guy he seems very clever. I would never
> read your article if I need to buy your software. Though you write
> great I have this gut feeling you code is crap. Maybe the Globe
> guy since he had money to burn and actually bought you pile
> of whatever it is can give us more thoughts of how good he
> thinks it is. Say compared to scott19u.
You guys need a clubhouse to go with your "publication."
Tom
David Eather
I thought you were writing about cryptography not about who you do and
don't get on with.
WTShaw
> On Jun 30, 6:39 am, Tom St Denis <t...@iahu.ca> wrote:>
>
> > First off, calling a blog a magazine is just stupid. Magazines are
> > collections of articles published in a periodic fashion as issues
> > collected on a larger period as volumes. A blog is a place where
> > people vomit their conscious stream of thought and other people read
> > it out of sheer boredom.
>
> Your bitterness is evident.
>
Since crypto has sometimes been defined in the same category, the
CryptoMag name can be taken as a pun, joke, or parody, as well as
descriptive as a serious periodical if it works out. I'm all for it as
long as it has any positive effect; time will tell.
Since I deal with indirect key words in key generation processes, the
letters "allzeros" could be used as a key, which is also a pun, joke,
or parody of the transportable nature of such things when given a
chance.
For example in the modification of base64 coding to base65 cipher,
"allzeros" in one pass produces /
JXQISTqHgnYal9xGyhtEwfND0Osk68W2m1RPMFc=+7bUj5VZAozBKruC3Lviep4d which
might present a slight problem for most to remember.
In the
Globemaker
very clever. I would never
> read your article if I need to buy your software. Though you write
> great I have this gut feeling you code is crap. Maybe the Globe
> guy since he had money to burn and actually bought you pile
> of whatever it is can give us more thoughts of how good he
> thinks it is. Say compared to scott19u.
>
> David A. Scott
Hello Mr. Scott, I already have used scott19u.zip and I evaluated it
many years ago. It works perfectly. The security is practically
unbreakable, due to the large key size and the complicatedx rounds.
Congratulations on 15 years of good cryptgraphic algorithm donations.
Comparing scott19u.zip with adacrypt's Vector Cipher 2 is like
comparing an Audi A6 car to a Stanley Steamer. While scott19u.zip is
not a Lamborghini, at least I can use a key that I choose. With Vector
Cipher 2, I cannot define one key. Also, Vector Cipher 2 failed to
encrypt a 25 megabyte file. Scott19u alway succeeded to encrypt any
file I gave it.
Once again, good work, David A. Scott. We spoke on the telephone,
once. Thank you for a polite and articulate conversation. You are
persistent and helpful. Keep up the efforts, you are a shining example
of a paragon, and a truely motivational paradigm.
Globemaker
> I thought you were writing about cryptography not about who you do and
> don't get on with.
Yes, the Popular Cryptography Magazine discusses crypto, but on
sci.crypt I decided to make an exception for this one thread. I
remember when The Saint first posted on sci.crypt in late 1994, he
seems so bright and smart, I am shocked to now read The Saint using
foul language about my new Magazine, rolling in his beer-fueled puke-
speech to insult a Magazine that is one week old. How infantile Tom
"The Saint" Denis seems, perhaps due to the pressures of working at
AMD, Advanced Micro Devices. I also worked at AMD as an engineer, so I
have some sympathy for the aggravation and anxiety that AMD commonly
produces in engineers who once cared about technology.
So, Dave Eather, you are right to chastise me for responding to The
Saint's emotional outburst. I am sorry. I was wrong. I apologise to
The Saint and to all readers of sci.crypt for that. In the future I
will let the infantile temper tantrums pass under my hull, like 2.4
million gallons of oil per day, never expecting to plug it fully.