[vox-tech] Linux's Vulnerability to E-mail Viruses

Chris McKenzie vox-tech@lists.lugod.org
Thu, 25 Apr 2002 18:51:46 -0700 (PDT) 

Sure, I wasn't trying to intend a pun, I just mispelled.

ok.  I will give you examples for have and know.
Being "carded" before buying alcohol is a process that requires you to
have ID as opposed to buying anything else in which case it only requires
you to have money.  If you don't have it, money/id, whatever, then you
cannot complete the process.

Sometimes, having is not good enough however.  For you ATM card, not only
do you need to have the card but you need to know the pin to access your
account at the ATM.  This is so someone that has a pin and not the card or
visa versa can't do top much (ideally).  Computer login can be the same.
I can restrict login to be from a list of friendly computers.  So you have
to first have access to the friendly computers then know the login on the
system, simply having access to the friendly computeris not enough and
simply knowing the login is not enough.

Microsoft displays a horrible implementation of this with registration
keys.  Not only do you need to have the software but you need to know this
long incoherent string of characters which you can get from most friends
and easily with internet access.  The .NET will eliminate one of these.
After it is implemented then either the computer itself must be uniquely
identified somehow as something you have or you must uniquely be
identified somehow through fingerprints or something like that.  This
would be coupled with something you know, a login/password pair probably.

Asymmetric/Symmetric processes.

A Symmetric Process is something that is reversible, like a ball bouncing,
if you reverse a video of someone bouncing a ball you might not be able to
tell which way is forward and which way is backward.  However if someone
breaks some crystal on the ground then it is very distinct because crystal
magically reassembling itself to some dove shape is not a normal
occurance.

And if you were to reassemble the shattered crystals (it is possible given
a lot of time and effort)  There would be only one way to do it.  And a
major clue of how to do it depends on what it looked like initially.

In comes almost modern encryption

Pretend that you had some fantastic device that could figure out how the
crystal breaks and it some how magnificantly tracks every piece of the
crystal, then you throw the pieces into this mystical machine and the
crystal is reassembled.

It would be easy to assume that the device for putting the crystal back
together would be much more difficult then a device for taking it apart,
say a hammer.

This process is nearly-asymmetric.  Although it is much more difficult to
do the reverse it is still possible, and in fact, it is the same process
in reverse as long as you know how it broke although a different
procedure.

An example of this in real life is a door.  The magnificant machine in
this case is something I have, a key.  I put it in the lock and turn,
simple enough, the door no longer opens.  Some nefarious person comes
along and uses some much much more sophisticated device and reverses the
process.  Because what I did is quite difficult to undo without something
I have or know, it is somewhat secure.  This is essentially how modern
algorithms work.

Modern encryption, assymetric processes.

Alright, say I had a very rare piece of software, OpenStep 4.2/i386 and I
wanted to send it to you.  However, you live in some remote jungle where
you can't copy a key.  But I don't want the item to be stolen along the
way.  So I put a lock on the box and send it to you.  You can't open that
lock so in a ridiculous notion, you put another lock on it, one that you
have the key for and send the doubly locked box back to me.  I unlock my
lock but the box is still locked by you.  I send it back, and you unlock
your lock and have the software.
	By the same idea, I can come up with some very sophisticated lock
-- one Dr Seuss would be proud to put in a book.  I design it in such a
way so that whenever you lock the lock the lock is designed in such a way
that you need a different key to unlock it.
Ah, this is the asymmetric part -- if someone wanted to unlock it,
reversing what they just did was not enough because it is some mystical
lock that must be unlocked by a different process.  Thus I can give out
these locks and the locking keys freely and say "if you want to send me
anything throw my lock on it and lock it.  I have the only key to unlock
it".
	An example of an asymmetric process in nature is a chemical
reaction.  Say I throw two chemicals together and they bond and turn
green.  How would I seperate them?  I definitely can't go in there and
break the bonds by hand...more than likely, I may have to do something
entirely different, say make the chemical some scorching temperature to
get what I started with.  Perhaps I may get three different chemicals as a
result of this.  Then I may have to combine two to get my original two
chemicals

00000000000000000000000000000000000000000
Symmetric is where doing and undoing is the same procedure and process.
near or almost-asymmetric is where undoing is the same process as doing
but is a different procedure

asymmetric is where undoing is a different procedure and process.

Note how unlocking the double locked box was in fact different then
locking it.  It was (different process/different procedure)
me lock
you lock
me unlock
you unlock

as opposed to a symmetric (same process/same procedure)
me lock
you lock
you unlock
me unlock

which would also work.  I think that is accurate, if I made a mistake,
please, no flames.  thanks


On Thu, 25 Apr 2002 msimons@moria.simons-clan.com wrote:

> On Thu, Apr 25, 2002 at 04:23:30PM -0700, Chris McKenzie wrote:
> > Also, be aware
> > of symmetric versus assymetric processes and processes that require you
> > to have something or know something.  Assymetric processes that require
> > you to have or know something are usually preferred.
>
> Chris,
>
>   The two sentences above lost me.  Could you explain a little more
> what context you are talking about...
>
> I've not heard the phrases:
>   "symmetric processes",
>   "assymetric processes",
>   "processes that require you to have or know something"...
>
>   Thanks,
>     Mike
>
> my spell checker says "asymmetric"
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
>

Sincerely,
	Christopher J. McKenzie

	cjm@ucdavis.edu
	mckenzie@cs.ucdavis.edu
	(530) 297-6110
	609 Anderson 161
	Davis, CA