[vox-tech] Linux's Vulnerability to E-mail Viruses

Jeff Newmiller vox-tech@lists.lugod.org
Thu, 25 Apr 2002 23:52:59 -0700 (PDT) 

On Thu, 25 Apr 2002, Rod Roark wrote:

> Interesting, I never thought about that before.  The "locking" 
> (and corresponding unlocking) could easily be done by xor'ing 
> against some string of pseudo-random characters that only 
> the encryptor knows how to produce.

I suspect the statistics of this process would allow a significant
fraction (on average half?) of the hidden bits to peek through... which
doesn't sound very secure to me.

> 
> -- Rod
>    http://www.sunsetsystems.com/
> 
> On Thursday 25 April 2002 07:13 pm, Peter Jay Salzman wrote:
> > begin Chris McKenzie <cjmckenzie@ucdavis.edu>
> >
> > > Sure, I wasn't trying to intend a pun, I just mispelled.
> > >
> > > Modern encryption, assymetric processes.
> > >
> > > Alright, say I had a very rare piece of software, OpenStep 4.2/i386 and I
> > > wanted to send it to you.  However, you live in some remote jungle where
> > > you can't copy a key.  But I don't want the item to be stolen along the
> > > way.  So I put a lock on the box and send it to you.  You can't open that
> > > lock so in a ridiculous notion, you put another lock on it, one that you
> > > have the key for and send the doubly locked box back to me.  I unlock my
> > > lock but the box is still locked by you.  I send it back, and you unlock
> > > your lock and have the software.
> >
> > hi chris,
> >
> > cool post.
> >
> > this isn't how modern crypto systems work, is it?   this assumes that
> > the "locks" commute.   that for a given message A, a chris lock C and
> > peter lock P:
> >
> > chris CA --> peter PCA --> chris C^(-1)PCA --> peter P^(-1)C^(-1)PCA
> >
> > but i can't actually unlock the software unless
> >
> > P^(-1)C^(-1) = C^(-1)P^(-1)
> >
> > i don't know much about modern crypto systems other than RSA type
> > things.  is this how they work?  or am i reading too much into an
> > analogy?

I don't know much about them either (I just use them) but if

  P = peter's public key
  p = peter's private key
  C = chris's public key
  c = chris's private key

and

  ptxt =  decode( encode( ptxt, P ), p )
  ptxt =  decode( encode( ptxt, p ), P )
  ptxt != decode( encode( ptxt, P ), P )
  ptxt != decode( encode( ptxt, C ), C )

(critical assumptions) then

  ctxt = encode( encode( ptxt, c ), P )

encoded by chris is a secure message unencodeable only by peter using

  ptxt = decode( decode( ctxt, p ), C )

[...]

---------------------------------------------------------------------------
Jeff Newmiller                        The     .....       .....  Go Live...
DCN:<jdnewmil@dcn.davis.ca.us>        Basics: ##.#.       ##.#.  Live Go...
                                      Live:   OO#.. Dead: OO#..  Playing
Research Engineer (Solar/Batteries            O.O#.       #.O#.  with
/Software/Embedded Controllers)               .OO#.       .OO#.  rocks...2k
---------------------------------------------------------------------------