[vox-tech] Linux's Vulnerability to E-mail Viruses

vox-tech@lists.lugod.org vox-tech@lists.lugod.org
Fri, 26 Apr 2002 03:08:17 -0400


On Thu, Apr 25, 2002 at 06:51:46PM -0700, Chris McKenzie wrote:
> Modern encryption, assymetric processes.

On Thu, Apr 25, 2002 at 07:13:02PM -0700, Peter Jay Salzman wrote:
# also, i could be totally way off base here, but i think you and mike
# were talking about different types of "processes".  i'm pretty sure mike
# is familiar with reversible processes.  i'm guessing he thought you meant
# something that goes into a process table.   (?)

Chris,

  Okay, Pete was absolutely correct, the rest of your email was talking 
about software programs, then switched context to encryption without
using the word encryption, so I was trying to figure out how a executable
was safer being asymmetric...  ;)


On Thu, Apr 25, 2002 at 06:51:46PM -0700, Chris McKenzie wrote:
> me lock
> you lock
> me unlock
> you unlock

  That is an novel method of secured transmission that would not
have come to mind and I ditto Pete's question... 

On Thu, Apr 25, 2002 at 07:13:02PM -0700, Peter Jay Salzman wrote:
# this isn't how modern crypto systems work, is it?   this assumes that
# the "locks" commute.

- Does symmetric encryption require that sort of combination to work?
  (A.lock, B.lock, A.unlock, B.unlock)


  Something like (gzip | bzip2 | gunzip | bunzip2) would fail miserably 
at the gunzip stage... come to think of it even 
(rot13 | bzip2 | rot13 | bunzip2) wouldn't work... I think that scheme
requires all locking methods involved to have that can be combined 
attribute.

btw: the '|' characters above are meant to be unix pipes not logical ORs ;)


> So I put a lock on the box and send it to you.  You can't open that
> lock so in a ridiculous notion, you put another lock on it, one that you
> have the key for and send the doubly locked box back to me.  I unlock my
> lock but the box is still locked by you.  I send it back, and you unlock
> your lock and have the software.

  For physical world stuff I don't understand why you wouldn't just lock
the explosive box with some new random lock, ship the box to the person.
Then once you know they have the box, ship them a copy of the key... you
are always risking interception and destruction of the item during
first shipment.

  ... and while I'm thinking about it, it seems like it would be more
straight forward in for the end receiver to send you the lock (for 
which only he has a key), you apply the lock to the explosive package
and ship it, the receiver then uses his key to unlock.  

  This second thing is basically what is public key encryption amounts 
to, and you were trying to explain symmetric systems... so I still don't
understand symmetric, but now I know you are talking about encryption.

    TTFN,
      Mike

I think in the physical world you a problem:
- I want _this_ to get to _you_.

In the electronic world it's different:
- I want _only you_ to be able to get _this_.

to explain the use of explosives above, my understanding of encryption:
==========
  To draw on a physical world analogy, encryption is a lock box that goes 
around something.  This lock box has two very interesting properties: 
- some explosives such that if people tamper with the box it implodes 
  so they can't get the contents inside without being bomb experts :)
- a little magic button on the lock box that when pressed the box 
  perfectly replicates itself and it's contents so people can try 
  lock-picking the box for years if they have the motivation.