We have been tossing around an idea that would code email text into a
PDF417 barcode where we can stuff 8K of data. Would appreciate comments.
You type your text and a proprietary program (The Program) converts the
text into a visible barcode that is, preferably, not viewed as an
attachment (just a PGP is not seen as an attachment). Send the email and
either once received, the recipient induces the program that would
automatically decode the barcode into standard, readable text or the
barcode would self-decode. In transit, the barcode would not be readable
since it was encoded with The Program and its trade secret internal
coding.
We would wish to stay away from .exe files since many networks, ISPs and
email providers refuse to allow them.
Inside the barcode could be stenographic images as well.
If the recipient wishes, he could print and scan the barcode or even "gun"
it while displayed on the screen. Or he could download a free viewer if he
did not wish to create barcode emails.
The advantage here is that 8K of text (~ 70, 115 character lines or 115 ,
70 character lines) would be in a portable document file. That file could
become a secure credential, resume, etc and transported around with ease
and inexpense or passed through email without a great amount of overhead.
Please, take your best shots here.
--
Drop the alphabet for email
In article <1tcuj3u8efuyj.pbttxql75bde.dlg@40tude.net>,
Ari Silversteinn <abcarisilverstein@yahoo.comxyz> wrote:
> We have been tossing around an idea that would code email text into a
> PDF417 barcode where we can stuff 8K of data. Would appreciate comments.
>
> You type your text and a proprietary program (The Program) converts the
> text into a visible barcode that is, preferably, not viewed as an
> attachment (just a PGP is not seen as an attachment). Send the email and
> either once received, the recipient induces the program that would
> automatically decode the barcode into standard, readable text or the
> barcode would self-decode. In transit, the barcode would not be readable
> since it was encoded with The Program and its trade secret internal
> coding.
What is the purpose of the exercise?
Is it encryption - then trade secrets are highly suspicious.
Or is it steganography?
Marc
--
Switzerland/Europe
<http://www.heusser.com>
remove CHEERS and from MERCIAL to get valid e-mail
Ari Silversteinn wrote:
>You type your text and a proprietary program (The Program) converts the
>text into a visible barcode [and sent by email]
Why ever would anyone want to do such a ridiculous thing?
What a crazy idea.
>In transit, the barcode would not be readable
>since it was encoded with The Program and its trade secret internal
>coding.
Trade secret? Whatever.
Sure smells like snake oil. I wouldn't touch this with a 16-foot pole.
>The advantage here is that 8K of text (~ 70, 115 character lines or 115 ,
>70 character lines) would be in a portable document file.
Portable? Haven't you heard of ASCII?
If you want to transport files printed on 2-D barcodes, the right way
to do this is (a) encrypt using a standard program (e.g., pgp -c) to
get a binary ciphertext (this step is where all the security lies); (b)
encode the ciphertext to a 2-D barcode using a standard public encoding
(this part is irrelevant to security). You can do all this today.
At least, that's the right thing to do if you care more about security
than a fancy-sounding business model. Or is this an attempt to get into
the Cryptogram Doghouse?
> In article <1tcuj3u8efuyj.pbttxql75bde.dlg@40tude.net>,
> Ari Silversteinn <abcarisilverstein@yahoo.comxyz> wrote:
>
>> We have been tossing around an idea that would code email text into a
>> PDF417 barcode where we can stuff 8K of data. Would appreciate comments.
>>
>> You type your text and a proprietary program (The Program) converts the
>> text into a visible barcode that is, preferably, not viewed as an
>> attachment (just a PGP is not seen as an attachment). Send the email and
>> either once received, the recipient induces the program that would
>> automatically decode the barcode into standard, readable text or the
>> barcode would self-decode. In transit, the barcode would not be readable
>> since it was encoded with The Program and its trade secret internal
>> coding.
On Mon, 25 Jul 2005 23:35:36 +0200, Marc Heusser wrote:
> What is the purpose of the exercise?
> Is it encryption - then trade secrets are highly suspicious.
> Or is it steganography?
>
> Marc
Thanks, Marc, rather than an exercise, think of it as a business and
consumer product for actual use. The encryption is not traditional in the
sense of AES or others. The Program takes data and recodes it in a form
that reduces, without compression, by assigning a character for a word. Say
it takes the word "dog" and assigns the character ^ to it (simplistic
definition). As to steno, yes, you could hide a direct image or have the
image digitized and then coded by the program.
I agree about trade secrets but this would be geared to businesses and
users who wouldn't understand the encryption issues regardless which is 99%
of the world's population! It also eliminates passphrases in the self
decode model or non self decode (they would be optional).
On Mon, 25 Jul 2005 21:48:14 +0000 (UTC), David Wagner wrote:
> Ari Silversteinn wrote:
>>You type your text and a proprietary program (The Program) converts the
>>text into a visible barcode [and sent by email]
>
> Why ever would anyone want to do such a ridiculous thing?
> What a crazy idea.
Thank you. Perception is reality and new things attract interest. There are
zillions of anonymous emails, unstable remailers, all kinds of encryption
that the general public has no clue how to use or what they do. Identity
theft is on the rise in heaps, there will be a need, ime/imo, to address
clever, eye catching ways to address emailing with data protection. Every
consumer sees barcodes every day at the store, on the back of his license
to drive, etc.
--
Drop the alphabet for email
In article <1tcuj3u8efuyj.pbttxql75bde.dlg@40tude.net>,
Ari Silversteinn <abcarisilverstein@yahoo.comxyz> wrote:
>We have been tossing around an idea that would code email text into a
>PDF417 barcode where we can stuff 8K of data. Would appreciate comments.
>
>You type your text and a proprietary program (The Program) converts the
>text into a visible barcode that is, preferably, not viewed as an
>attachment (just a PGP is not seen as an attachment). Send the email and
>either once received, the recipient induces the program that would
>automatically decode the barcode into standard, readable text or the
>barcode would self-decode. In transit, the barcode would not be readable
>since it was encoded with The Program and its trade secret internal
>coding.
Why a barcode? That makes no sense to me at all.
>Inside the barcode could be stenographic images as well.
These might be illegal if the stenographer is too
young...
>If the recipient wishes, he could print and scan the barcode or even "gun"
>it while displayed on the screen. Or he could download a free viewer if he
>did not wish to create barcode emails.
I don't think you could "gun" a barcode off a
screen. The colours on the screen have nothing to
do with its reflectivity (except for the new
display technology that uses
micro-electro-mechanical displays, see for example
<http://www.qualcomm.com/qmt/technology/index.html>).
>The advantage here is that 8K of text (~ 70, 115 character lines or 115 ,
>70 character lines) would be in a portable document file. That file could
>become a secure credential, resume, etc and transported around with ease
>and inexpense or passed through email without a great amount of overhead.
On 25 Jul 2005 15:17:12 -0700, Gregory G Rose wrote:
> I don't think you could "gun" a barcode off a
> screen. The colours on the screen have nothing to
> do with its reflectivity (except for the new
> display technology that uses
> micro-electro-mechanical displays,
Ari Silversteinn wrote:
>The Program takes data and recodes it in a form
>that reduces, without compression, by assigning a character for a word. Say
>it takes the word "dog" and assigns the character ^ to it (simplistic
>definition).
If you're trying to describe a simple substitution cipher, I hope you
realize that the security of such an approach is horribly flawed.
>It also eliminates passphrases in the self
>decode model or non self decode (they would be optional).
Sweet! Decryption without any secrets! An encryption algorithm where
the ciphertext is self-decrypting -- gee, I'm speechless. Why do I get
the impression someone here is missing the whole point of encryption?
On 25 Jul 2005 15:17:12 -0700, Gregory G Rose wrote:
> Why a barcode? That makes no sense to me at all.
Because I am in the barcode business! Why not?
>>Inside the barcode could be stenographic images as well.
>
> These might be illegal if the stenographer is too
> young...
Illegal in what sense? Is it illegal for a minor to encrypt a document?
>>If the recipient wishes, he could print and scan the barcode or even "gun"
>>it while displayed on the screen. Or he could download a free viewer if he
>>did not wish to create barcode emails.
>
> I don't think you could "gun" a barcode off a
> screen. The colours on the screen have nothing to
> do with its reflectivity (except for the new
> display technology that uses
> micro-electro-mechanical displays, see for example
> <http://www.qualcomm.com/qmt/technology/index.html>).
>
>>The advantage here is that 8K of text (~ 70, 115 character lines or 115 ,
>>70 character lines) would be in a portable document file. That file could
>>become a secure credential, resume, etc and transported around with ease
>>and inexpense or passed through email without a great amount of overhead.
>
> ... which would be somewhat bigger than 8k...
~ = approximately.
> And in what sense would it become "secure"?
>
> Greg.
In the sense that while in transit it could not be read.
--
Drop the alphabet for email
"Ari Silversteinn" <abcarisilverstein@yahoo.comxyz> wrote in
message news:1gt8ibsdjpv8j.1rqviy5p5otd1$.dlg@40tude.net.. .
> On 25 Jul 2005 15:17:12 -0700, Gregory G Rose wrote:
>
>
>>>Inside the barcode could be stenographic images as well.
>>
>> These might be illegal if the stenographer is too
>> young...
>
> Illegal in what sense? Is it illegal for a minor to
> encrypt a document?
>
Ari Silversteinn wrote:
>Perception is reality and new things attract interest.
Wow, you really are a snake-oil salesman. I've seen plenty of snake
oil before, but I've never seen anyone admit it with such pride. At
least you're honest about it. Congratulations, now I've seen everything
in this business...
On Mon, 25 Jul 2005 22:31:56 +0000 (UTC), David Wagner wrote:
> Ari Silversteinn wrote:
>>The Program takes data and recodes it in a form
>>that reduces, without compression, by assigning a character for a word. Say
>>it takes the word "dog" and assigns the character ^ to it (simplistic
>>definition).
>
> If you're trying to describe a simple substitution cipher, I hope you
> realize that the security of such an approach is horribly flawed.
Horribly flawed would be proportional to the adversary, this is not
designed for NSA quality attacks.
>>It also eliminates passphrases in the self
>>decode model or non self decode (they would be optional).
>
> Sweet! Decryption without any secrets! An encryption algorithm where
> the ciphertext is self-decrypting -- gee, I'm speechless. Why do I get
> the impression someone here is missing the whole point of encryption?
The point is that there is a market for low level "encryption" that is
easily understood by the general public who sees barcodes every day of
their lives. They really don't understand how a barcode is made or read,
necessarily, but they trust them. Remember, we are looking at a business
concept, saleability is key. I could care less if Bruce Sheiner likes the
concept or not. lol
Think outside of your box.
--
Drop the alphabet for email
On Mon, 25 Jul 2005 22:36:21 +0000 (UTC), David Wagner wrote:
> Ari Silversteinn wrote:
>>Perception is reality and new things attract interest.
>
> Wow, you really are a snake-oil salesman. I've seen plenty of snake
> oil before, but I've never seen anyone admit it with such pride. At
> least you're honest about it. Congratulations, now I've seen everything
> in this business...
What you have seen is the coding side of your business perhaps. You have
missed the salient points of who is going to use this, who is going to be
attracted to this and what level of so-called protection it presupposes.
Hell, David, most people who use high level encryption have passwords they
can be busted in seconds. That's the reality, not snake oil, open your mind
to something other than AES 256.
Simple folks that make up billions of people could care less about
encryption, it means nothing to them, they don't understand it, all they
want to know is that their data goes from point A to Point B, is not easily
read, and requires some action at Point B other than two eyeballs to read
it.
--
Drop the alphabet for email
On Mon, 25 Jul 2005 18:35:05 -0400, John E. Hadstate wrote:
>>> These might be illegal if the stenographer is too
>>> young...
>>
>> Illegal in what sense? Is it illegal for a minor to
>> encrypt a document?
>>
>
> "stenography" != "steganography"
Ari Silversteinn wrote:
>On Mon, 25 Jul 2005 22:31:56 +0000 (UTC), David Wagner wrote:
>> Sweet! Decryption without any secrets! An encryption algorithm where
>> the ciphertext is self-decrypting -- gee, I'm speechless. Why do I get
>> the impression someone here is missing the whole point of encryption?
>
>The point is that there is a market for low level "encryption" that is
>easily understood by the general public who sees barcodes every day of
>their lives.
What a load of bullshit. I doubt the general public is going to
understand that your scheme is TOTALLY INSECURE. (I'm not sure that
you understand this, either.) Wake up and smell the coffee: This is
not low-level "encryption". It is not even "encryption" at all, and you
are being dishonest and sleazy to suggest otherwise. Have you no shame?
No, don't answer that; I suppose I probably know the answer already.
>Remember, we are looking at a business concept, saleability is key.
No, you are looking at a business concept. I couldn't care less about
the saleability of your slimeball business concept. Here on sci.crypt,
we talk about the science. If you want to talk about how to defraud
your customers -- and yes, that is what your proposal would amount to --
then please take it elsewhere.
On 25 Jul 2005 15:17:12 -0700, Gregory G Rose wrote:
> I don't think you could "gun" a barcode off a
> screen. The colours on the screen have nothing to
> do with its reflectivity (except for the new
> display technology that uses
> micro-electro-mechanical displays,
You need to use a CCD barcode scanner, not a laser scanner. You also have
to play with the font size and get a size that is big enough."
"The reason a CCD scanner will work and a laser scanner will not is as
follows. A CCD scanner has a video camera that takes a picture of the
entire barcode. A laser scanner scans a beam of laser light across the
barcode and picks up light reflected by the white areas of the barcode. The
´white¡ areas of a barcode on a computer display are not reflecting light
but rather are emitting light. Therefore, a laser beam cannot be scanned
across the barcode and the laser scanner cannot pick up reflected light
from the ´white¡ areas. In fact, the laser light will be equally reflected
by the surface of the computer screen and the laser scanner will not detect
any barcode on the screen."
In article <797fjskvstbk$.nbrk403vycd7$.dlg@40tude.net>,
Ari Silversteinn <abcarisilverstein@yahoo.comxyz> wrote:
>On 25 Jul 2005 15:17:12 -0700, Gregory G Rose wrote:
>
>> I don't think you could "gun" a barcode off a
>> screen. The colours on the screen have nothing to
>> do with its reflectivity (except for the new
>> display technology that uses
>> micro-electro-mechanical displays,
>
>http://www.cellularworld.ie/newslett.../barcode.shtml
The article isn't there any more, but as soon as
you mentioned it, I thought "D'oh" -- of course it
would also work with LCD based screens. However,
it won't work with CRTs or Plasma, I don't think.
Ari Silversteinn wrote:
> On Mon, 25 Jul 2005 22:36:21 +0000 (UTC), David Wagner wrote:
>>Ari Silversteinn wrote:
>>
>>>Perception is reality and new things attract interest.
>>
>>Wow, you really are a snake-oil salesman. I've seen plenty of snake
>>oil before, but I've never seen anyone admit it with such pride. At
>>least you're honest about it. Congratulations, now I've seen everything
>>in this business...
>
> What you have seen is the coding side of your business perhaps. You have
> missed the salient points of who is going to use this, who is going to be
> attracted to this and what level of so-called protection it presupposes.
> Hell, David, most people who use high level encryption have passwords they
> can be busted in seconds. That's the reality, not snake oil, open your mind
> to something other than AES 256.
no, he's right, it's snake-oil...
you've made it quite clear that you're interested in selling the
'perception' of security rather than actual security...
--
"they threw a rope around yer neck to watch you dance the jig of death
then left ya for the starvin' crows, hoverin' like hungry whores
one flew down plucked out yer eye, the other he had in his sights
ya snarled at him, said leave me be - i need the bugger so i can see"
"Ari Silversteinn" <abcarisilverstein@yahoo.comxyz> wrote in
message news:1kjha1e4nrxeo$.iafsmkwz7g5a.dlg@40tude.net...
> On Mon, 25 Jul 2005 22:36:21 +0000 (UTC), David Wagner
> wrote:
>
>
> Simple folks that make up billions of people could care
> less about
> encryption, it means nothing to them, they don't
> understand it, all they
> want to know is that their data goes from point A to Point
> B, is not easily
> read, and requires some action at Point B other than two
> eyeballs to read
> it.
After your "trade secret decoder" has been reverse
engineered, what's to stop anyone who has a copy of the
secret decoder ring from reading the data at any point
between A and B. Your users can't change keys, because,
according to you, there are no keys. They can't change the
encoding without buying another encoder. Changing the
"trade secret" encoding means that you have to build support
into your decoders for both encodings. It quickly becomes a
tar-baby.
What are you really trying to achieve? That's not a
rhetorical question. Are you going for writer-to-reader
privacy? Are you going for transport privacy without
interaction from writers and readers?
I would think that one needs to identify and understand the
problem one is trying to solve before one designs a
solution. Putting the cart before the horse is asking for
trouble.
Ari Silversteinn <abcarisilverstein@yahoo.comxyz> wrote on Mon, 25 Jul 2005 17:08:11 -0400:
>
> You type your text and a proprietary program (The Program) converts the
> text into a visible barcode that is, preferably, not viewed as an
> attachment (just a PGP is not seen as an attachment).
Why? What purpose does turning a textual e-mail into an image
(of a barcode or whatever), then transmitting that, serve?
> Send the email and
> either once received, the recipient induces the program that would
> automatically decode the barcode into standard, readable text or the
> barcode would self-decode.
Self-decode? Does it use keys, or does it decode it itself?
>In transit, the barcode would not be readable
> since it was encoded with The Program and its trade secret internal
> coding.
What if the other person had a copy of "The Program"? What if
they reverse engineered the encoding (which doesn't sound hard
if there's no key).
> We would wish to stay away from .exe files since many networks, ISPs and
> email providers refuse to allow them.
Congratulations. That's the only sensible thing I've found in this post.
> Inside the barcode could be stenographic images as well.
>
> If the recipient wishes, he could print and scan the barcode or even "gun"
> it while displayed on the screen. Or he could download a free viewer if he
> did not wish to create barcode emails.
Why would they wish to print or "gun" this magical barcode?
> The advantage here is that 8K of text (~ 70, 115 character lines or 115 ,
> 70 character lines) would be in a portable document file. That file could
> become a secure credential, resume, etc and transported around with ease
> and inexpense or passed through email without a great amount of overhead.
How does turning text into a barcode help anything?
> Simple folks that make up billions of people could care less about
> encryption, it means nothing to them, they don't understand it, all they
> want to know is that their data goes from point A to Point B, is not easily
> read, and requires some action at Point B other than two eyeballs to read
> it.
Gregory G Rose wrote:
> In article <797fjskvstbk$.nbrk403vycd7$.dlg@40tude.net>,
> Ari Silversteinn <abcarisilverstein@yahoo.comxyz> wrote:
>
>>On 25 Jul 2005 15:17:12 -0700, Gregory G Rose wrote:
>>
>>
>>>I don't think you could "gun" a barcode off a
>>>screen. The colours on the screen have nothing to
>>>do with its reflectivity (except for the new
>>>display technology that uses
>>>micro-electro-mechanical displays,
>>
>>http://www.cellularworld.ie/newslett.../barcode.shtml
>
>
> The article isn't there any more, but as soon as
> you mentioned it, I thought "D'oh" -- of course it
> would also work with LCD based screens. However,
> it won't work with CRTs or Plasma, I don't think.
>
> Greg.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am thinking it would only work with reflective LCD screens and not
backlit screens.
In sci.crypt Ari Silversteinn <abcarisilverstein@yahoo.comxyz> wrote:
> In transit, the barcode would not be readable since it was encoded with
> The Program and its trade secret internal coding.
> Ari Silversteinn wrote:
>>The Program takes data and recodes it in a form
>>that reduces, without compression, by assigning a character for a
>>word. Say it takes the word "dog" and assigns the character ^ to it
>>(simplistic definition).
>
> If you're trying to describe a simple substitution cipher, I hope you
> realize that the security of such an approach is horribly flawed.
>
If he's using a character in place of a word, he's describing a code, not a
cipher.
Ari Silversteinn <abcarisilverstein@yahoo.comxyz> wrote in
news:1s33hf6jxl5jy.qruu69fs7g93$.dlg@40tude.net:
> The point is that there is a market for low level "encryption" that is
> easily understood by the general public who sees barcodes every day of
> their lives. They really don't understand how a barcode is made or read,
> necessarily, but they trust them. Remember, we are looking at a business
> concept, saleability is key.
It's a terrible idea. It wouldn't take much more effort to offer good
encryption such as AES.
> I could care less if Bruce Sheiner likes the
> concept or not. lol
>
> Think outside of your box.
>
Ari Silversteinn <abcarisilverstein@yahoo.comxyz> wrote in
news:1qvbhvy4se3qo.lfk3r5bkkzoe$.dlg@40tude.net:
> On Mon, 25 Jul 2005 21:48:14 +0000 (UTC), David Wagner wrote:
>
>> Ari Silversteinn wrote:
>>>You type your text and a proprietary program (The Program) converts
>>>the text into a visible barcode [and sent by email]
>>
>> Why ever would anyone want to do such a ridiculous thing?
>> What a crazy idea.
>
> Thank you. Perception is reality and new things attract interest.
Yes, new things attract interest, and you can bet that there would be a
crack for your scheme readily available on the Internet in almost no time
at all.
> There are zillions of anonymous emails, unstable remailers, all kinds
> of encryption that the general public has no clue how to use or what
> they do. Identity theft is on the rise in heaps, there will be a need,
> ime/imo, to address clever, eye catching ways to address emailing with
> data protection.
> Ari Silversteinn wrote:
>>Perception is reality and new things attract interest.
>
> Wow, you really are a snake-oil salesman. I've seen plenty of snake
> oil before, but I've never seen anyone admit it with such pride. At
> least you're honest about it. Congratulations, now I've seen everything
> in this business...
>
Don't you remember when the UBE snake oil hawker admitted, finally, to
knowing how to break his own encryption? (Well -- as I recall, he had to be
told how to break it.)
Ari Silversteinn <abcarisilverstein@yahoo.comxyz> wrote in
news:1kjha1e4nrxeo$.iafsmkwz7g5a.dlg@40tude.net:
> On Mon, 25 Jul 2005 22:36:21 +0000 (UTC), David Wagner wrote:
>
>> Ari Silversteinn wrote:
>>>Perception is reality and new things attract interest.
>>
>> Wow, you really are a snake-oil salesman. I've seen plenty of snake
>> oil before, but I've never seen anyone admit it with such pride. At
>> least you're honest about it. Congratulations, now I've seen
>> everything in this business...
>
> What you have seen is the coding side of your business perhaps. You
> have missed the salient points of who is going to use this, who is
> going to be attracted to this and what level of so-called protection
> it presupposes. Hell, David, most people who use high level encryption
> have passwords they can be busted in seconds.
Seconds? Are we getting a bit carried away? I have seen all sorts of weak
commercial encryption, but the schemes take minutes, at least to break.
:-)
I suppose you are talking about strong encryption where the user employs a
week password. Still, that's a fault of the user, and not a fault of the
cipher.
> That's the reality, not
> snake oil, open your mind to something other than AES 256.
AES 256 is solid. Why offer something weak?
>
> Simple folks that make up billions of people could care less about
> encryption, it means nothing to them, they don't understand it,
If they don't understand it and don't recognize, why not just give them
strong encryption any way?
> all
> they want to know is that their data goes from point A to Point B, is
> not easily read, and requires some action at Point B other than two
> eyeballs to read it.
If all they want is that their messages remain unread, you might as well
give them strong encryption to do with as they will.
"David Eather" <eather@tpg.com.au> wrote in message
news:42e59e0d@dnews.tpgi.com.au...
>
>> Simple folks that make up billions of people could care less about
>> encryption, it means nothing to them, they don't understand it,
>> all they
>> want to know is that their data goes from point A to Point B, is
>> not easily
>> read, and requires some action at Point B other than two eyeballs
>> to read
>> it.
>
> ?? What the....??
ROFL
--
"When you have to choose between a first-rate company with a
second-rate product and a second-rate company with a first-rate
product, it's never an ideal choice. " -Ed (www.overclockers.com)
Barcode Email 
Linear Mode
