Berkeley CSUA MOTD:1998:March:22 Sunday <Saturday, Monday>
Berkeley CSUA MOTD
1998/3/22-27 [Uncategorized] UID:13847 Activity:nil
03/21   Problems with Pnews looping and running echo millions of times
        when your login connection gets disconnected unexpectedly have
        been fixed.  Problems to root.
1998/3/22-23 [Computer/SW/Mail] UID:13848 Activity:nil
3/21    Any good implementations of a good imapd client under unix? -- Marco
        \_ Fetchmail is typically recommended (you mean an IMAP client, right?)
           and follows the philosophy of delivering to a local sendmail.  And,
           it's free and written by ESR.
1998/3/22-23 [Computer/SW/Security] UID:13849 Activity:high
3/21    Ron Rivest is at it again: he's invented a technique to achieve
        message confidentiality with hash functions and no encryption,
        simple, intuitive, and completely non-export-controlled.
        \_ note that he's just rephrased steganography to have a more dynamic
           method of mixing the message bits into another data stream, and he
           relies on message authentication to reject the superfluous data.
           old mechanical crypto systems in the 60s did stuff like that
           but filtered by using the same psuedo-random sequence as the
           sender. Rivest's method will require a good random generator at
           the sender (to permute packet order for the chaff). it will
           \_ why do you think that?  my reading of his text didn't imply
              any packet order changes, just one or more chaff mesgs per
              valid packet.  please mail me --oj
              \_ The packets go out in the same order, but you have to send
                 chaff too, and the chaff has to be in an unpredictable
                 order with respect to the wheat.  If you always do
                 wheat1-chaff1-chaff1 wheat2-chaff2-chaff2 wheat3-chaff3-chaff3
                 it's not hard to figure out where the wheat is.
           also probably make everybody's exportable authentication code
           get reclassified as munitions, now that someone's pointed out
           how it "really is encryption" (the way regulators think). --karlcz
           p.s. he also requires that the secret authentication key get
           transported by some other secure means (public-key encryption
           for those of us without exploding-attache-case couriers ;-).
        \_ I'm not too terribly impressed.  As karlcz pointed out there's
           still this secret-key business thats required to create valid MACs
           and I'm not really psyched about the typical CSUA idiot adding
           300 chaff packets per wheat packet to keep their email and porn
           URLs secret from "Them".  The net is slogged enough as it is.
           What really needs to happen is to drop the ridiculous export
           controls.  If I'm a terrorist or in the mafia, I _am_ going to
           \_ That was exactly Rivest's point, though.  Obviously a block
              cipher is much more effective than chaffing, but it's currently
              in a very different political position.  But Rivest's own
              conclusion is: "Mandating government access to all communications
              is not a viable alternative.  The cryptography debate should
              proceed by mutual education and voluntary actions only."  That
              goes for international controls as well as domestic.
           use the best possible encryption for all communications, and
           be damned the US law.  Hello, duh, a terrorist or high powered
           mafioso is already going away for life.  Going to add 3 months
           of consecutive time for an encryption export violation?!?
           \_ you miss the point.  If encryption were export legal, then it'd
              be easy to market via consumer channels.  Once that happens,
              you can pretty much kiss good-bye law enforcement's ability to
              wire-tap even the petty criminals.
              \_ So the point wasn't to make a decent and reasonable secure
                 communications method, but was simply to snub law enforcement
                 with a hacked end run?
                 \_ Yeah, kinda looks that way.
Berkeley CSUA MOTD:1998:March:22 Sunday <Saturday, Monday>