USB pen drives and safe cryptosystems (looking for references)

Truncat ha escrito:
> I haven't got a clue as I said but I can comment about your webpage
> http://www.cita.es
> which looks horrible viewed with Opera9.01 browser you really need to
> redesign it if you
> expect to look like a serious company.

Thanks for the advice. Maybe I do not want to look so serious. My
company is useful for bills and advertising, and www.cita.es is good
enough for my approach. Anyhow, I always appreciate good advices.

> Your other page: http:/www.cita.es/descifrar/ says:
> "La "ESPIOLOGÍA" o estudio del espionaje es una ciencia empírica y
> multidisciplinar"
>
> Spanish is my native language and never in my life heard of the term
> "espiologia" but
> then I admit I am not too educated so I searched in
> http://en.wikipedia.org and not a single
> mention. I do not have the time to read all of course, but at first glance
> for an average
> persorn without knowledge of computers the website looks written in
> Chinese very hard to navigate
> and far too much to reading.

I wrote more about that idea at http://www.cita.es/contraespionaje
and it is also in the background of http://www.cita.es/secretos

> Ok, it is a negative review, sorry about that, but it is better than lying
> to you I hope.

No problem. I repeat that I appreciate any critical approach to
www.cita.es

miguel, www.cita.es/conmigo

Miguel A. Gallardo en http://www.cita.es

TC ha escrito:> Miguel, get a professional web designer to redesign
your site. There is
> no way that your current site will attract professonal clients. They'll
> take one look at your home page - and never come back.

Maybe. I do not want to come back anybody that is not able to search in
google:

whatever_you_want site:cita.es

I have too much traffic so it is not a problem for me to attract
clients.

Here I am just looking for USB pen drives hard&soft protections and if
possible, any magic trick (yes, I am also interested in illusionism for
USB and I am working in some special effects with magic that I must to
keep confidencial). Illusionism and cryptology are 2 very complementary
approaches to pen drives in my honest opinion.

miguel, www.cita.es/conmigo

Miguel A. Gallardo en http://www.cita.es

9ust4v0 ha escrito:
> Hi all. I'm new on this group so i want to introduce myself. My name is
> Gustavo, and I'm also a native spanish speaker, but I can communicate
> in english just fine.

Bien, bien.

> It's true that Miguel's page looks bad and maybe he isn't an encryption
> expert, technically speaking; but sometimes (just sometimes) there are
> things more important than that, like knowing what, when and how to
> encrypt.

I am not important, and I prefer to speak here about ideas, technology
and magic for pen drives than on www.cita.es

> Speaking of cryptosystems on usb pen:
> I think the problem is, if you use any encryption program (I recommend
> truecrypt, allows many encryption algorythms fast and easy) in windows,
> the on-the-fly un-encrypted files (and maybe your password too if you
> configure it wrong) stays on memory, temp and page files (maybe other
> files too, but i'm not sure about that). So you would need another
> program to securely delete/defrag this files.

I respect that approach, but is not the only one to protect an USB pen
drive. I would like to make a catalogue of hard&soft options.

> If everything else goes wrong and you really need to keep things
> confidential, just degauss your hd after you use the pen drive (I'm
> kidding, don't do that, Miguel).

Sorry, but I do not understand what you mean exactly. I shall
appreciate an explanation that I can understand in English and/or in
Spanish.

> Hope you keep researching on cryptosystems.

I shall do my best, for sure.

miguel, www.cita.es/conmigo

Miguel A. Gallardo en http://www.cita.es

Joseph Ashwood ha escrito:
> When attempting to sell services as a cryptography expert, especially to a
> court of law, it has little to do with anything except being a cryptography
> expert.

I respect your opinion. However, I think that a criminology
understanding, a forensic interest&experience, and a deep democratic
feeling helps to accept hard critics. Honestly, I must to admit that
many lawyers agree with you and would like me to know only about
cryptography, but I keep my mind as open as I can even if I respect
your right to close yours one, if you want to do so.

miguel, www.cita.es/conmigo

Miguel A. Gallardo en http://www.cita.es

Truncat ha escrito:

> LOL, I just visited again the webpage of cita.es and saw this on the
> frontpage:
>
> "Nota: A veces, los mensajes se pierden, muy a nuestro pesar (recibimos
> varios miles cada semana, y es francamente difícil diferenciarlos del SPAM
> que nos invade). Si no se recibe respuesta, por favor llámenos por
> teléfono (hay contestador en el Tel.: 914743809)"
>
>
> It basically says: "Note:Sometimes we lose the emails you send to us
> because we receive thousands of them everyweek and we can not
> differenciate them from SPAM. If we do not reply please call us on phone
> number: 914*****
>
> He maybe a cryptographic expert but it seems he hasnt got a clue about how
> to stop SPAM, go and tell the judge in that important fraud case that the
> emails from the prosecution got lost because you couldn't differenciate
> them from SPAM.

Maybe you are much better than me selecting relevant messages, or you
use a wonderful tool to do it. I admit that I deleted interesting
messages and I apologice for it while asking to repeat anyone unreplied
or just to call me to check it on-line.

I respect anybody else policy, but at the moment, that what I do.

miguel, www.cita.es/conmigo

Miguel A. Gallardo en http://www.cita.es

Unruh ha escrito:
> No, I think it does exactly what he wants. It is cleary a scam outfit. He
> has pages of text in one point type designed to get himself onto web
> crawler's pages. anyone who is so incompetent and duplicitous should not be
> taken seriously.

I an not sure what you mean with "scam outfit". I just wanted to keep a
link from www.cita.es to the most important pages and I admit that I
have no time and/or tools to keep www.cita.es alive in Google. But
there is no scam and no fraud at all. You can visit it your you can ask
at Google for site:cita.es and of course you can ignore it. Where is
the ethical problem with my source?

> That this is not a mistake, here is code from the page source.
>
> <small><small><small><small><small><small><small>< small><small><small><small><small><a
> href="http://www.cita.es/descubrimiento">http://www.cita.es/descubrimiento</a><br>
> <a
> href="http://www.cita.es/descubrimiento/y/revelacion/de/secretos">http://www.cita.es/descubrimiento/y/revelacion/de/secretos</a><br>
> <a
> href="http://www.cita.es/descubrimiento/y/revelacion">http://www.cita.es/descubrimiento/y/revelacion</a><br>
> <a href="http://www.cita.es/secreto">http://www.cita.es/secreto</a><br>
> <a
> href="http://www.cita.es/secretos">http://www.cita.es/secretos</a></small></small></small></small></small></small></small></small></small></small></small></small><br>

Miguel A. Gallardo en http://www.cita.es

"GEO" ha escrito:
> I don't know about the cryptography claims, and his page looks OK in
> my old Netscape 4.08 browser, but also being a native Spanish speaker
> (Latin-America) I would agree with this comment. From reading the page
> I would say that someone that makes so many claims of studies,
> diplomas and a succesful career (all documented in his own pages),
> while at the same time works so hard to advertise himself looks
> suspicious, to say the least.

1. I use an old Netscape-Mozilla composer, so I understand it looks OK
in your browser
2. I do not claim anything that I did not studied, and I am still
studing many things.
3. I accept to look suspicious, at least as a member of the Spanish
Magician Association and also as a criminologist workking on forensic
technologies (always learning for better approaches to difficult
evidences).

> PS:
> 'NEGOCIAR COMPLEX PROFESSIONAL NEGOTIATIONS'
> A Curriculum in Spanglish?

Maybe. I learned a lot while teaching http://www.cita.es/negociar
and now everyday as a http://www.cita.es/commercial/agent

But I do not understand why is so important my image or my titles in
order to speak about USB pen drives and state-of-the-art cryptosystems.
Maybe it could be better an humouristical approach than an hard
technology one, but I am open to think as a magician or a cryptologist
trainee in both point of views.

miguel, www.cita.es/conmigo

Miguel A. Gallardo en http://www.cita.es

Various contradictions on your shitty site have been noted. Personally,
the one that truly scandalizes me is the correlation between Magic and
illusionism. After checking on Wikipedia, you might be not as wrong as
you should be - to the mainstream. The confusion between stage magic
and sorcery is quite widespread. But still... Can't you feel that
sorcery makes AES-2048 so... easy to factor? Ask the competent ones.
Ask JSH.

Kind regards
Ludovic

Ludovic Joly

"Miguel A. Gallardo en http://www.cita.es" <>
wrote in message
news: oups.com...
> Joseph Ashwood ha escrito:
>
>> "Miguel A. Gallardo en http://www.cita.es" <>
>> wrote in message
>> news: ups.com...
>> [snip pointless.]
>>
>> > I explaned cryptography invited byt the Army and the Diplomacy in China
>> > (1994), also in Argentina 1995, and in Honk Kong as you can read at
>> > http://www.cita.es/HK
>>
>> Umm, yeah, this once again shows how little you know, that page is
>> entirely
>> about gem stones, which has nothing to do with cryptography.
>
> I shall be pleased to explain as much as I can the basic idea of
> "object oriented cryptography" applied to very expensive objects like
> gemstones shortly explained at http://www.cita.es/branding

This I just have to hear. How does pure information relate to physical
objects?

I can see tagging objects, but cryptographic properties are irrelevant at
that level (the various fingerprinting methods for gem stones would be
superior). Cryptography does not solve any problem related to properties of
gemstone, for example a short amount of time on a grinding stone will have
little to no effect on cut, brilliance, refraction, and defraction
properties, but it will dramatically affect the fingerprint, and will
radically change any cryptographic properties associated with it.

>> > and shortly at http://www.cita.es/branding for
>> > "object oriented cryptography" home made in Spain.
>>
>> At this point you seem to be extremely confused about the difference
>> between
>> physical security measures and information security measures. They are
>> extremely different areas, and by claiming it is cryptographic very
>> quickly
>> proves that you do not even grasp the most basic concepts.
>
> I do not know how to prove that anybody does not know anything. I can
> confirm and evidence whatever is known by whoever, and to prove
> whatever whoever does not know is a diabolical proof of negative facts.
> I respect the bad opinion of anybody about me, my thoughts, my words,
> or my website pages, but I disagree with any supposed proof of anything
> that I do not know, because I have the hope to learn.

I have no problem with you learning, but you began this conversation by
claiming to be an expert. Even a couple of paragraphs ago, you once again
claimed to be an expert. If you want to learn there is a great deal of
knowledge in a few of the groups you posted to (we really should start
trimming it, I doubt microsoft.public.security or comp.security.misc has any
interest in debates about your claim of expertness), if you are already an
expert then you certainly don't prove it very well.

>> > I shall appreciate any comment or reference that let me to
>> > improve my knowledge on "USB pendrive applied Cryptology" (By the way,
>> > I think that Bruce Schneier must have new ideas about it).
>>
>> On that front I would gladly have supplied things, but the bottom line is
>> that you claimed to be a consultant, but you have demonstrated a complete
>> lack of knowledge or even the ability to grasp the core concepts.
>
> OK. I am a very bad consultant for you, and you think that I have
> demonstrated a complete lack of knowledge on everything.
>
> Now I know that you want to look like an expert just devaluating me.

Actually a large part of what I'm doing is working to protect the legal
system. Testimony from an expert that is far from expert tends to lead to
major issues. Since you made overtures towards being used as an expert
witness your lack of knowledge of the subject is of extreme importance.

Since you and I are in no way competitors, devaluing you would be for no
purpose.

> Can you give me 3 names of good cryptologists

Shannon, Feistel, Vigenere. None of which will likely be of use to you, as
I've specifically chosen them to be of little use to you, even though they
are exceedingly applicable.

> and 3 books useful for
> USB pen drives protection?

Safecracking for the Computer Scientist
Between Silk and Cyanide
Rethinking Public Key Infrastructures and Digital Certificates

Again, don't think these will help you much, understanding their application
to pen drives will be difficult.

More to the point. Can you?
Joe

Joseph Ashwood

"Miguel A. Gallardo en http://www.cita.es" <>
wrote in message
news: oups.com...
> Illusionism and cryptology are 2 very complementary
> approaches to pen drives in my honest opinion.

Now we're getting somewhere. It seems you have never been actually
introduced to cryptography. Well then I'll revise my earlier statement of
the three important cryptologists, remove Feistel and add Kerckhoffs. If you
actually understand Kerckhoffs principles you will very quickly see that
illusionism/magic/mysticism/anything else that has at points in history been
linked has nothing to do with cryptography. To summarize:
1. The system must be practically, if not mathematically, indecipherable;
2. It must not be required to be secret, and it must be able to fall into
the hands of the enemy without inconvenience;
3. Its key must be communicable and retainable without the help of written
notes, and changeable or modifiable at the will of the correspondents;
4. It must be applicable to telegraphic correspondence;
5. It must be portable, and its usage and function must not require the
concourse of several people;
6. Finally, it is necessary, given the circumstances that command its
application, that the system be easy to use, requiring neither mental strain
nor the knowledge of a long series of rules to observe

You will find that in particular magic/illusionism breaks 1, 2, 3, 4, and 6,
and that some examples break 5 as well.

You have once again demonstrated that you don't have the foundation
knowledge necessary, it is necessary for you to read up on the implications
of Kerckhoffs principles, on Shannon's work, and on Viginere's effects even
today simply in order to understand your own question.
Joe

Joseph Ashwood