Hello,

I just installed 6.5.8ckt 08 and I love the robustness of the program.
I do have a few questions regarding the configuration settings if you
don't mind.

I use QS/Stunnel/Tor for email/usent

I am not sure what options to choose in 6.5.8ckt; here is where I am
not sure:

Options > General >:
Append Key ID to comment block
Append key fingerprint to comment block

Options > Email >:
VBS Preferences (VBS Options & Custom VBS)
Version String Preference

Options > Advanced >:
Symmetric Algorythm Pref (my list: Blowfish>3DES>AES256>TwoFish>etc)
Prefered Hashing Algorythm (I think RIPEMD160 is the Hash algo to use)
Trust Model
Key Properties Disply Preference
Export Format

Thanks for any help !!

[ Post a follow-up to this message ]

-----BEGIN PGP SIGNED MESSAGE-----

On 28 Apr 2005, newanonuser wrote:
>Hello,
>
>I just installed 6.5.8ckt 08 and I love the robustness of the program.
>I do have a few questions regarding the configuration settings if you
>don't mind.
>
>I use QS/Stunnel/Tor for email/usent
>

I do not use QS so it may "step in between"...


>I am not sure what options to choose in 6.5.8ckt; here is where I am not su
re:
>
>Options > General >:
>Append Key ID to comment block
>Append key fingerprint to comment block
>

No to both or blank or whatever.


>Options > Email >:
>VBS Preferences (VBS Options & Custom VBS)
>


Does not matter as is only used when YOU validate a message.


>Version String Preference
>

"N/A" is a good one to use.

>Options > Advanced >:
>Symmetric Algorythm Pref (my list: Blowfish>3DES>AES256>TwoFish>etc)
>

Ensure you have IDEA if employing RSA NYM Keys.


>Prefered Hashing Algorythm (I think RIPEMD160 is the Hash algo to use)
>

RSA NYM keys require MD5

So RSAv3 needs MD5

Others are up to you

SHA1 is still OK - despite recent FUD


>Trust Model
>

Not so important.

Display... and Treat... are for your display in PGPKeys.


minimum...

Warn when encrypt to ADK

>Key Properties Disply Preference
>

Not so important - maybe.

Select Long, Long

>Export Format
>

Again perhaps not so important - select compatable.


Ciao!

BiKiKii

-----BEGIN PGP SIGNATURE-----
Version: N/A

iQEVAwUBQnHUt/Rwi/QFFzi5AQE+Jwf+M2A/bOimy8MaGVFscShbtBcH7hZKidfg
 Raf3NzToA1TdR9PPPHd7x9PcAfradkiZ+ZRCTxKw
/9hbS3ECTDZpCH9GcXcKtbDx
b2/ XiudYD5bmTYe9R+n2jupKTuIz26vB+hRCMtvvtnA
HL3XSpOu6FzFPTkFnBHee
 4jz0S2n9hH3AtvkXU0LjKtwPqlSDie53iV4KTI7h
fHiAVPgaMSNqyBHXnc8fUZtt
iS73eN/fLBHVFURUe6IHIv6sKulOJlbQL6Ko42mWp8W/XGz5aj7NeJ0RVnTDRRtO
/ lJOM6cbpLAhRTM8TyP7YMxk4TlbgWSr6ekEceAwH
vV7rLTR1BFCSg==
=HrcL
-----END PGP SIGNATURE-----

[ Post a follow-up to this message ]

BiKiKii Admin wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On 28 Apr 2005, newanonuser wrote:
>
> 
>
> Ensure you have IDEA if employing RSA NYM Keys.

I am using DSS NYM keys; what Algorythms should I use?

>
> 
>
> RSA NYM keys require MD5
>
> So RSAv3 needs MD5

I am useing DSS NYM keys; what Hashing Algorythm should I use?

>
> Others are up to you
>
> SHA1 is still OK - despite recent FUD

Are there any issues with using DSS keys?  I use DSS Nymservers and
remailers in my reply-block and headers.


Thanks very much; this info is great

[ Post a follow-up to this message ]

-----BEGIN PGP SIGNED MESSAGE-----

BiKiKii Admin wrote:

<snip>
 
>
>
> RSA NYM keys require MD5
>
> So RSAv3 needs MD5
>
> Others are up to you
>
> SHA1 is still OK - despite recent FUD

They found an attack in 2^69 rounds instead of the full 2^80 which is to
be expected in SHA-1, didn't they?

Bruce Schneier says in <http://www.schneier.com/crypto-gram-0503.html>:
"They can find collisions in SHA-1 in 2^69 calculations, about 2,000
times faster than brute force.  Right now, that is just on the far edge
of feasibility with current technology.  Two comparable massive
computations illustrate that point."

It is a serious break of SHA-1 but it will still take about 2^160
operations to find a collision with a specific plain text (e.g.
something you sign with a DH/DSS key). Maybe due to the reduced strenght
of SHA-1 they can be found (a little) faster now.

About MD5, I keep hearing from folks that it shouldn't really be used
anymore.. Still, since the keysize of MD5 is only 128 it would be
possible to find collisions in only 2^64 even if it were at full
strenght! (which it is not AFAIK).

Thomas
- --
"Nothing is true. Everything is permitted" - W.S. Burroughs, Naked Lunch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

 iQB5AwUBQnJCcQEP2l8iXKAJAQEmXwMdGopuQnG7
bY+zw96VRhn4dcNs2lRQ/OIT
EJ9Gs5UXJDf8Bx2d9ou+/ LLLvHmciiFZ+f91uVdBSlwnKWzjsMlbunovLgH7A
W/M
 1Vg9cef2O6byzWzFDAjsE6eg3b4aEDug3LNAXw==

=R87i
-----END PGP SIGNATURE-----

[ Post a follow-up to this message ]

Thomas J. Boschloo wrote in
<4272501b$0$776$3a628fcd@reader20.nntp.hccnet.nl>:
 
>
> They found an attack in 2^69 rounds instead of the full 2^80 which is to
> be expected in SHA-1, didn't they?
>
> Bruce Schneier says in <http://www.schneier.com/crypto-gram-0503.html>:
> "They can find collisions in SHA-1 in 2^69 calculations, about 2,000
> times faster than brute force.  Right now, that is just on the far edge
> of feasibility with current technology.  Two comparable massive
> computations illustrate that point."
>
> It is a serious break of SHA-1 but it will still take about 2^160
> operations to find a collision with a specific plain text (e.g.
> something you sign with a DH/DSS key). Maybe due to the reduced strenght
> of SHA-1 they can be found (a little) faster now.
>
> About MD5, I keep hearing from folks that it shouldn't really be used
> anymore.. Still, since the keysize of MD5 is only 128 it would be
> possible to find collisions in only 2^64 even if it were at full
> strenght! (which it is not AFAIK).
>
MD5 is full strength though it's thought some of the weaknesses in MD4 might
apply, but as you say it's not really enough to be secure. Personally I
have more confidence in MD5 than SHA-1 though. To my mind SHA-1 is like a
bridge with a crack in it. It might be made to take a hundred times your
weight and the engineer says it can still handle 20 times as much, but I
wouldn't be confident to walk over it. The problem is not the effectiveness
of the current attack, it's that there is an attack at all.

[ Post a follow-up to this message ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

["Followup-To:" header set to alt.privacy.anon-server.]
On Fri, 29 Apr 2005 16:19:29 +0200, Thomas J. Boschloo wrote in
Message-Id: <4272501b$0$776$3a628fcd@reader20.nntp.hccnet.nl>:

>
> BiKiKii Admin wrote:
>
><snip>
> 
>
> They found an attack in 2^69 rounds instead of the full 2^80 which is to
> be expected in SHA-1, didn't they?

As I understand it, a documented method exists for generating a hash
collision in 2^69 rounds instead of the brute-force 2^80.  That's
serious from a crypto point of view as it proves that there are
weaknesses in SHA-1.  Only slight weaknesses at the moment, but it's the
old "bad apple on the top of the barrel" analogy.

Looking at it from the context of a PGP type signature; an attacker
could potentially generate (in around 2^69 attempts) a message with a
valid signature.  He would need a very large amount of CPU time
and would end up with a message that made no sense whatsoever, but it
would authenticate.  I guess it's down to the individual to assess the
degree of risk they perceive that to be.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

 iQEVAwUBQnJW+moLu9HNUqmMAQrjMwgAjmn31iQ2
qtIz730mm7v3TjImdSg5Qyez
 cGm4tOTCzx7JHKFk7Z2A3d0O0cd7Cv4DLuH+pe57
n+J/Th23R6722l1Nw6ABNMOI
 ihRFeLkdn2tNme63I5lTRN204uMIsrusq5L7A6ZU
yuRL7MFHxWFilY58eegcIeJF
9cFaRwOOWfKQozYvzvKU8jQBbqLCHd/nf3VQvpkJDU7Sv3mKk9Ymz/i+vaI+tDSf
MwipSlTw/ Wz4ExybnNkJLViLSaDNzj9OzTfX8f3cSrmHWdF5y
Q9zv0q2iCiGaVn5
UX/ OeIS+BL3isSHtDL9gUWkjNggizLaJgtuMej83qKq
dt9Og1VaSFQ==
=H+uJ
-----END PGP SIGNATURE-----

--
pub  1024D/8ED57743 2003-07-08 Bananasplit Operator
Key fingerprint = 796F 67E0 E890 A0BB BDAE  EBB4 94A6 7A09 8ED5 7743
uid                            Admin <admin.bananasplit.info>

[ Post a follow-up to this message ]

-----BEGIN PGP SIGNED MESSAGE-----

On 29 Apr 2005, herehere@aussiemail.com.au wrote:
>BiKiKii Admin wrote: 
>
>I am using DSS NYM keys; what Algorythms should I use?
>

Match the ciphers used by the Nymserver's key.

Example:
AES-256,AES-192,AES-128,CAST,TripleDES

IDEA is not necessary. If used should be not be a highly ranked
preferred as some pseudonym servers do not support the cipher.
 
>
>I am useing DSS NYM keys; what Hashing Algorythm should I use?
>

Your choice - use RIPEMD160.
 
>

Re: SHA1...
It is only protecting the authentication of your nym messages so the
"attack" is not a "real" issue.

>Are there any issues with using DSS keys?  I use DSS Nymservers and
>remailers in my reply-block and headers.
>

Yes - related to pseudonym servers which do not support the IDEA cipher.

See Machine Information section of
[STATS] Version-1 Cypherpunk Remailers  (BiKiKii)
which are posted here.



Ciao!

BiKiKii

-----BEGIN PGP SIGNATURE-----
Version: N/A

iQEVAwUBQnJYs/Rwi/QFFzi5AQE/rQf/XzGtLUtwWOMdMFL+n2Gso1GbUBy9kYyr
0c7jA8/yrv0YdyUF8ikKYSTZTaJibW5LN53xTBP6Qr/iNI4hEQ5UZo1/05npkRHP
 gkSTaCIspvKusHvA2cywZ6KjKRKGA1O93RiBG6GL
CXzEsvCxaojYbT10ripXbr5V
Dn/oE9YFd7zfg/ B7kRToIKE0JfeSMqLbkrxKz0NCPzW7KvbigU8k62
qT8sfDglmB
 7KhqLPAq9pWHHpLfjqBkuilKOOw4dW2bIcslRaCR
6ANBUft2MmbJT1q5yS51Fkwv
 qmraRi4KO4Rs23IXajLre5RT16UjE6UDkMQDKQAj
5pgQQx+NCLvnjQ==
=9xi6
-----END PGP SIGNATURE-----

[ Post a follow-up to this message ]

http://www.win.tue.nl/~bdeweger/CollidingCertificates/

MD5 Collision are an issue, don't fool yourself.  Let MD5 die already.

JLC

In sci.crypt MikeyD <m_donaghy50@hotmail.com> wrote:
> MD5 is full strength though it's thought some of the weaknesses in MD4 mig
ht
> apply, but as you say it's not really enough to be secure. Personally I
> have more confidence in MD5 than SHA-1 though. To my mind SHA-1 is like a
> bridge with a crack in it. It might be made to take a hundred times your
> weight and the engineer says it can still handle 20 times as much, but I
> wouldn't be confident to walk over it. The problem is not the effectivenes
s
> of the current attack, it's that there is an attack at all.

--

[ Post a follow-up to this message ]

-----BEGIN PGP SIGNED MESSAGE-----

Zax wrote:
> ["Followup-To:" header set to alt.privacy.anon-server.]

Fair, I just wanted some professional opinions from sci.crypt (and ASP
because this issue applies more to PGP than it does to Mixmaster).
That's all.. Hope nobody got upset by not setting up a line on top of
the message that I had in fact X-Posted.. I know it is being misused by
trolls.. I also know that this group just hasn't got the expertise to
address this specific question correctly.. ASP might, SC sure does (but
APAS seems to be loathed by most (some) sci.crypt posters..)

> On Fri, 29 Apr 2005 16:19:29 +0200, Thomas J. Boschloo wrote in
> Message-Id: <4272501b$0$776$3a628fcd@reader20.nntp.hccnet.nl>:
>
> 
>
>
> As I understand it, a documented method exists for generating a hash
> collision in 2^69 rounds instead of the brute-force 2^80.  That's
> serious from a crypto point of view as it proves that there are
> weaknesses in SHA-1.  Only slight weaknesses at the moment, but it's the
> old "bad apple on the top of the barrel" analogy.
>
> Looking at it from the context of a PGP type signature; an attacker
> could potentially generate (in around 2^69 attempts) a message with a
> valid signature.  He would need a very large amount of CPU time
> and would end up with a message that made no sense whatsoever, but it
> would authenticate.  I guess it's down to the individual to assess the
> degree of risk they perceive that to be.

It is like the birthday attack as I understand it. If you have a class
of e.g. 30 pupils the chances of multiple pupils having the same
birthday is not (30/365)^30 as you might suspect at first (I can't come
up with the wrong formula right now unfortunately). It is in fact much
higher. If you take a class of roughly sqrt(365) you will have about a
50% chance that no pupil has the same birthday..

I restate that it will probably take 2^138 attempts to forge a selected
(sha-1 signed) message..

hth,
Thomas
- --
"Nothing is true. Everything is permitted" - W.S. Burroughs, Naked Lunch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

 iQB5AwUBQnJs9wEP2l8iXKAJAQEGWwMbBQvZIlyG
UzYj5Zw0K4ugc/z3ofpGSA3M
sPkqf+WzrHW/ vU0scfAUkjrSOvHwpODYM2oj37ArPP87kw1up7vp
84RWoM/1bZkc
P/5HHP1N1NLBLlYZ7uxbc6eJQEsNbI4krkLsIA==
=rLsT
-----END PGP SIGNATURE-----

[ Post a follow-up to this message ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Fri, 29 Apr 2005 19:20:55 +0200, Thomas J. Boschloo wrote in
Message-Id: <42726d22$0$148$3a628fcd@reader2.nntp.hccnet.nl>:

>
> Zax wrote: 
>
> Fair, I just wanted some professional opinions from sci.crypt (and ASP
> because this issue applies more to PGP than it does to Mixmaster).
> That's all.. Hope nobody got upset by not setting up a line on top of
> the message that I had in fact X-Posted.. I know it is being misused by
> trolls.. I also know that this group just hasn't got the expertise to
> address this specific question correctly.. ASP might, SC sure does (but
> APAS seems to be loathed by most (some) sci.crypt posters..)

Hi Thomas,

I wasn't criticising you for x-posting your message, nothing wrong with
widening the audience when it's on-topic.   My newsreader prepends
that to a posting when I've set a Followup-To header.  Good netiquette
dictates that a Followup-To header should always be applied when
responding to x-posted articles.  If responders wish to keep other
groups in the thread, they can reinsert them.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iQEVAwUBQnJ4F2oLu9HNUqmMAQr33Qf+PTOlpT/gQI82Ng2wbFHt9lWwovym2Avn
 zEDkJQKDzYG8cUELGPRF4KrOjIseOEMUo92Bvc5D
lqoc/SyeOLOn/S2+enMcuW+F
 hneOQv1LTtvLyA0czOL1A4ojTsrzctRKI3HDCcWl
hyrCkaJnCDZmrvm140fGyhKJ
0YVxZ7vXbnl11ktNh43B0i27/WNbJWERqCt9sUosoWya47aS3w2e+kN6m6FMaavq
 +Iwz1ZzXzSD5izk1HLkwFDcXDrBTSrN7ydqBGywk
tVto4ereUKXUZn4jMFwiSKGl
 F8Y4AsuaERIrOnJTmzpxpjH1rHVlaYDlvj5S5psW
yJRdTk3pnY+iVg==
=k2pi
-----END PGP SIGNATURE-----

--
pub  1024D/8ED57743 2003-07-08 Bananasplit Operator
Key fingerprint = 796F 67E0 E890 A0BB BDAE  EBB4 94A6 7A09 8ED5 7743
uid                            Admin <admin.bananasplit.info>

[ Post a follow-up to this message ]