intercept-xks_logos_embedded_in_docs.pdf by Elsa Cristina David on Scribd

JAP Backdoor ....

From: goncalo.costa at kpnqwest.pt (Goncalo Costa)
Subject: JAP back doored

>
> Don't be a smart ass.
>

Well, good morning to you too !

> Your arguments have nothing to do with the argument at hand which is quite
> simple: Governments should have no right to force developers to trojanize
> their applications and keep silent about it.
>

Governments have a lot of powers they should not have but German government
had nothing to do with this.

I hope you can tell the difference between a government eavesdropping on
someone and a judge/court order to eavesdrop on a suspect to gather evidence
against him.

> There have been some notes come out of this:

1> Germany has now removed this legal action, which is great

I think you should stop for a minute and try to learn the difference between
Germany (country), the German state, the German government and the German
judicial system.

"Germany" did nothing.

If you want to talk about the German government you could talk about
http://www.gnupg.org/aegypten

> 2> They intended to only watch traffic to a single German server

It seems you did not follow some posts on this list. I believe someone from
Germany explained the why and how of this JAP backdoor, and mentioned that.

3> The developers may not
> have been so forced into doing this, as much as willing -- I rather doubt
> this, especially since the order was rescinded, but their culpability does
> factor into this

So you mean these guys offering a free public anonymizing service are to
blame for complying with a court order ? I'm sure you would rather go to
jail. Where's the free public anonymizing service you're providing to the
Internet ? I'd like to use it. I'm sure I can trust you to keep my id safe.

4> I, personally, admit I would not care if they did this
> for a very serious reason such as for pedophiles or terrorists... I think a
> lot of people outraged would have to agree with this... However, I am sure
> a lot would not
>

(I believe the same person also wrote) it was a pedophilia case.

> As for the US government, this is utterly unimportant. I was playing around
> even to begin to mess with that. Yes, I am unaware of the US actively
> trojanizing applications by forcing the developers to do this.

Lotus Notes NSA backdoor ?
We're not talking about a court order here.
And Notes was not free software - its customers paid for it.
Nor it was open source software as is the case with JAP.

> So are you.
> This is illegal. You wouldn't like it if it was the US doing this. So, what
> are your real motives here?
>

Besides money that is ? :-)

http://lists.openwall.net/full-disclosure/2003/08/28/6

we need this cookie ...I'll see it better tomorrow

package org.apache.directory.server.ntp.messages;
  
  
  import java.util.Arrays;
  import java.util.Collections;
  import java.util.List;
  
  
  /**
   * Reference Identifier: This is a 32-bit bitstring identifying the
   * particular reference source. In the case of NTP Version 3 or Version
   * 4 stratum-0 (unspecified) or stratum-1 (primary) servers, this is a
   * four-character ASCII string, left justified and zero padded to 32
   * bits. In NTP Version 3 secondary servers, this is the 32-bit IPv4
   * address of the reference source. In NTP Version 4 secondary servers,
   * this is the low order 32 bits of the latest transmit timestamp of the
   * reference source. NTP primary (stratum 1) servers should set this
   * field to a code identifying the external reference source according
   * to the following list. If the external reference is one of those
   * listed, the associated code should be used. Codes for sources not
   * listed can be contrived as appropriate.

http://directory.apache.org/apacheds/gen-docs/2.0.0-M9/xref/org/apache/directory/server/ntp/messages/ReferenceIdentifier.html

Elsa David this chit works on every fuckin' frequency Hacker Anonymous Việt Nam

Deciphering a key from XOR encrypted cypher using boolean logic

following the white rabbit direct to cables i have this hotdog ..because xor is the base of all hardware encryption 

Elsa David of course i know we're talking about optic tronics

If K$K$ is random and you only know A$A$ or B$B$ (but not both) then, no, there is no way to infer anything about the key - this is the (in)famous one-time-pad.

If you know A$A$ and B$B$, then you can recover K$K$ very easily. Exclusive-or has those properties:

• ∀n$\mathrm{\forall }n$,     n⊕n=0$n\oplus n=0$
• ∀n$\mathrm{\forall }n$,     n⊕0=n$n\oplus 0=n$ (identity element)
• ∀a,b$\mathrm{\forall }a,b$,     a⊕b=b⊕a$a\oplus b=b\oplus a$ (commutativity)
• ∀a,b,c$\mathrm{\forall }a,b,c$,     a⊕b⊕c=(a⊕b)⊕c=a⊕(b⊕c)$a\oplus b\oplus c=(a\oplus b)\oplus c=a\oplus (b\oplus c)$ (associativity)

So we can do the following:

B=A⊕K   ⇒   A⊕B=A⊕(A⊕K)=(A⊕A)⊕K=0⊕K=K$B=A\oplus K\Rightarrow A\oplus B=A\oplus (A\oplus K)=(A\oplus A)\oplus K=0\oplus K=K$

So A⊕B=K$A\oplus B=K$

Viewed differently, the exclusive-or operator is invertible:

⊕01001110$\begin{array}{|ccc|}\hline \oplus & 0& 1\\ 0& 0& 1\\ 1& 1& 0\\ \hline\end{array}$

A0011B0101⊕0110$\begin{array}{|ccc|}\hline A& B& \oplus \\ 0& 0& 0\\ 0& 1& 1\\ 1& 0& 1\\ 1& 1& 0\\ \hline\end{array}$

And since the truth table is symmetric, the exclusive-or operation just happens to be its own inverse, i.e. x⊕−1y=x⊕y$x{\oplus }^{-1}y=x\oplus y$. So if we take our original equation:

A⊕K=B$A\oplus K=B$

We can represent it as follows:

K⊕A=B$K\oplus A=B$

And we can then undo (invert) the exclusive-or by A:

K⊕A⊕−1A=B⊕−1A   ⇒   K=B⊕−1A$K\oplus A{\oplus }^{-1}A=B{\oplus }^{-1}A\Rightarrow K=B{\oplus }^{-1}A$

And as we found above, this is identical to:

K=B⊕A=A⊕B$K=B\oplus A=A\oplus B$

As found at the beginning.

However, this is assuming A, B and K are all the same length. If K is smaller than A and B, then it means that K will be used multiple times (repeated over the length of the plaintext, presumably). This repetition can be exploited to successfully recover K from only B provided there is enough repetition and there is enough ciphertext to work with - see Vigenere cipher.