Cryptography-Digest Digest #708, Volume #10 Thu, 9 Dec 99 04:13:01 EST
Contents:
Shamir announces 1 sec break of GSM A5/1 (JTong1995)
Re: NSA should do a cryptoanalysis of AES (Johnny Bravo)
Re: Synchronised random number generation for one-time pads (John Savard)
Re: NSA future role? (Jerry Coffin)
Re: If you're in Australia, the government has the ability to modify your files. >>
4.Dec.1999 ("fuck echelon")
Re: If you're in Australia, the government has the ability to modify ("Douglas A.
Gwyn")
Re: If you're in Australia, the government has the ability to modify ("Douglas A.
Gwyn")
Re: NSA future role? ("Douglas A. Gwyn")
Re: NSA future role? (David Wagner)
Re: Shamir announces 1 sec break of GSM A5/1 (Gurripato)
Re: If you're in Australia, the government has the ability to modify your files.
>> 4.Dec.1999 (Gurripato)
Re: Cell Phone Crypto Penetrated >> 6.Dec.1999 >> Biryukov & Shamir describe in
a paper ... (Gurripato)
Re: If you're in Australia, the government has the ability to modify your files.
>> 4.Dec.1999 ("H.J. Gould")
Digitally signing an article in a paper journal (KloroX)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (JTong1995)
Subject: Shamir announces 1 sec break of GSM A5/1
Date: 09 Dec 1999 05:37:45 GMT
Cell Phone Crypto Penetrated
by Declan McCullagh
10:55 a.m. 6.Dec.1999 PST
Israeli researchers have discovered design flaws that allow the
descrambling of supposedly private conversations carried by hundreds of
millions of wireless phones.
Alex Biryukov and Adi Shamir describe in a paper to be published this week
how a PC with 128 MB RAM and large hard drives can penetrate the security
of a phone call or data transmission in less than one second.
More Infostructure in Wired News
Read more about Gadgets and Gizmos
Check back with Wired News for continuing coverage
Read more Politics -- from Wired News
Read more Technology -- from Wired News
The flawed algorithm appears in digital GSM phones made by companies such
as Motorola, Ericsson, and Siemens, and used by well over 100 million
customers in Europe and the United States. Recent estimates say there are
over 230 million users worldwide who account for 65 percent of the digital
wireless market.
Although the paper describes how the GSM scrambling algorithm can be
deciphered if a call is intercepted, plucking a transmission from the air
is not yet practical for individuals to do.
James Moran, the fraud and security director of the GSM Association in
Dublin, says that "nowhere in the world has it been demonstrated --an
ability to intercept a call on the GSM network. That's a fact.... To our
knowledge there's no hardware capable of intercepting."
The GSM Association, an industry group, <AHREF="HTTP: annual_page25.html?
about www.gsm.orgtouts the standards as "designed to conform to the most
stringent standards of security possible from the outset [and] unchallenged
as the world's most secure public digital wireless system."
Not any more.
Shamir says the paper he co-authored with a Weizmann Institute of Science
colleague in Rehovot, Israel, describes a successful attack on the A5/1
algorithm, which is used for GSM voice and data confidentiality. It builds
on the results of previous attempts to attack the cipher.
"It's quite a complex idea, in which we fight on many fronts to accumulate
several small improvements which together make a big difference, so the
paper is not easy to read or write," Shamir, a co-inventor of the RSA
public key crypto system in 1977, said in an email to Wired News.
A group of Silicon Valley cypherpunks has organized previous efforts to
highlight what they view as the poor security of GSM encryption standards.
In April 1998 they reported that it was possible to clone a GSM phone,
which the US Cellular Telecommunications Industry Association dismissed as
more theoretical than practical. The North American GSM Alliance similarly
dismissed cloning as a serious threat in a statement.
Earlier this year, the group, which includes Marc Briceno, Ian Goldberg,
and David Wagner, described how to penetrate the less-secure GSM A5/2
algorithm used in some Pacific rim countries in less than a second. In May
1999 they released the source code to A5/1, which the Weizmann Institute
computer scientists used in their analysis of the cipher.
"Because of Biryukov and Shamir's real-time attack against A5/1 and our
group's 15 millisecond attack against A5/2, all the GSM voice privacy
ciphers used worldwide can be broken by an attacker with just a single PC
and some radio hardware," Briceno said.
"Since the voice privacy encryption is performed by the handset, only
replacing the handset would address the flaws found in the recent attacks,"
he said.
The GSM Alliance's Moran said he needed time to review the paper, which has
not yet been released. But he said it would be a topic of a discussion at
the next GSM security working group meeting on 16 December.
Previously the GSM encryption algorithms have come under fire for being
developed in secret away from public scrutiny -- but most experts say high
security can only come from published code.
Moran said "it wasn't the attitude at the time to publish algorithms" when
the A5 ciphers was developed in 1989, but current ones being created will
be published for peer review.
Jeffrey Tong [EMAIL PROTECTED]<Jeffrey Tong>
PGP 5 Key available for download at WWW.PGP.COM Key ID: BFF6BFC1
Fingerprint: 6B29 1A18 A89A CB54 90B9 BEA3 E3F0 7FFE BFF6 BFC1
------------------------------
From: [EMAIL PROTECTED] (Johnny Bravo)
Subject: Re: NSA should do a cryptoanalysis of AES
Date: Thu, 09 Dec 1999 01:02:37 GMT
On Wed, 08 Dec 1999 23:14:58 GMT, [EMAIL PROTECTED]
(SCOTT19U.ZIP_GUY) wrote:
> Since we are being hypathetical. lets assume our Jewish
>friends have captured 3 Moslem terroists. And that Isreally
>intellagnce knows that 3 three have encrypted the message
>Such that the first one encrypted the message.
This is where the entire scenario falls apart. They just torture
the plaintext out of this guy, bypassing the encryption entirely.
Johnny Bravo
------------------------------
From: [EMAIL PROTECTED] (John Savard)
Subject: Re: Synchronised random number generation for one-time pads
Date: Thu, 09 Dec 1999 06:02:00 GMT
On Tue, 7 Dec 1999 22:22:02 -0000, "Charles Meigh"
<[EMAIL PROTECTED]> wrote:
>Would it be practicable to set up a system that creates the random numbers
>for the key from some globally consistent, 'natural' source like, say,
>cosmic radiation readings; the sender and receiver obviously having had
>exchanged brief, secure messages agreeing on exactly when to take these
>key-generating readings? You could then (if i'm thinking right) create as
>many completely secure one-time pads as you like, without the overhead of
>distributing vast amounts of data first, just your synchronising messages.
The pads wouldn't be "completely secure", since the natural source
could be recorded by an attacker, your brief, secure messages could be
decrypted...so it isn't the absolutely perfect case of a one-time-pad.
It's generally believed this principle is more trouble than it is
worth, though, and doesn't really gain anything; the algorithm of
"when to take these key-generating readings" is the key to security,
and an equivalently complicated algorithm could just be used for plain
encryption.
------------------------------
From: [EMAIL PROTECTED] (Jerry Coffin)
Subject: Re: NSA future role?
Date: Wed, 8 Dec 1999 23:23:29 -0700
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
[ ... ]
> If you walk into a decent university library you can find all
> you need to build a good encryption algorithm.
>
> True or false?
False. I'm not sure there's _any_ book around that really details how
to build a good encryption algorithm. There are quite a few that
cover quite a few existing encryption algorithms and protocols, so
with careful study you could build a good cryptographic _product_, but
a new and different algorithm is an entirely different matter from
putting existing algorithms together into a product.
In reality, I don't think that designing cryptographic algorithms has
been reduced to an engineering level yet -- I.e. even very smart
people who know a lot about cryptography still create designs that are
anywhere from mildly to fatally flawed on a fairly regular basis.
--
Later,
Jerry.
The universe is a figment of its own imagination.
------------------------------
From: "fuck echelon" <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy
Subject: Re: If you're in Australia, the government has the ability to modify your
files. >> 4.Dec.1999
Date: Thu, 9 Dec 1999 01:48:51 -0500
Yes, tempest attacks are probably, at a minimum, beyond the technical
abilities of a local police department. A sniffer wouldn't apply to an
offline computer. I may be easy to hide a bug transmitter, say, in the power
supply (or to transmit over the household current. However, it would be
difficult to get the data from the mainboard to the transmitter without
either some technical sophistication or a modification noticeable to sameone
who knws the guts of their machine.
(BTW, the easy way to assure software is unmodified is to wipe the hard
drive and install a new good copy).
But neither are likely your main problem. If you've done something to
attract the attention of the local police, they'll use the easier methods of
either breaking into your home covertly, or through use of a warrant (or
whatever the legal process is in your country).
<amadeus @DELETE_THIS.netcomuk.co.uk (Jim Dunnett)> wrote in message
news:[EMAIL PROTECTED]...
> On Wed, 08 Dec 1999 17:37:38 GMT, [EMAIL PROTECTED] (Scott Nelson)
wrote:
>
> >On Wed, 8 Dec 1999 01:02:47 -0500, "fuck echelon" <[EMAIL PROTECTED]> wrote:
> >[edited]
> >>Scott Nelson <[EMAIL PROTECTED]> wrote
> >>> Planting a bug inside a suspects house in a way that makes it
> >>> unlikely to be detected is fairly easy with modern technology.
> >>> I wonder though, if it's possible to modify a computer
> >>> in a way that's not easily detectable to the suspect.
> >>> Unless you actually modify the hardware, it seems like
> >>> it would leave a lot of obvious traces. And the obvious
> >>> corollary question is, how hard would it be to insure that
> >>> ones computer software is actually intact, and unmodified.
> >>
> >>A bug isn't needed, a tempest attack or a boot would work for most
purposes.
> >>
> >Yes.
> >Is there a cheap way to do it?
> >Something a local police department might be able to do.
>
> Tempest attacks are very expensive. Planting a sniffer is a bit
> risky if they're discovered doing it. I know what I'd do to anyone
> I found tampering with my computers ... whoever he may be!
>
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: If you're in Australia, the government has the ability to modify
Date: Thu, 09 Dec 1999 07:10:47 GMT
Steve K wrote:
> Unless he is carrying a badge. Or a gavel. Then, attempting real
> resistance will get you summarily shot, and properly so. Something
> about national sovreignty, if I remember my political science
> defnintions.
It has nothing to do with national sovereignty!
The government is authorized, or at least able with impunity,
to use force to achieve its ends. That's why it is important
for the citizenry to keep a tight rein over the government.
Apparently in the UK and Australia the citizens have surrendered;
other evidence for that is that they let the agents of the
government disarm them (with a consequent, predictable leap
in the violent crime rate, especially home invasions). Sheep.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Crossposted-To: alt.privacy
Subject: Re: If you're in Australia, the government has the ability to modify
Date: Thu, 09 Dec 1999 07:12:10 GMT
Greg wrote:
> News flash: (for those of you who missed it)
> If you have Microsoft Windows and Internet Explorer, your
> government has the ability to modify your files. The bugs
> that are in these fine pieces of software allow the governments
> of the world to do lots of shit with the files on your hard disk.
> Don't worry about the law- they certainly don't.
It would be nice if you could get your facts straight.
Presumably you're talking about the so-called "NSAkey".
If so, you've completely mischaracterized it.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NSA future role?
Date: Thu, 09 Dec 1999 07:19:50 GMT
Jim Dunnett wrote:
> Quite so. And wasn't one of the cockups caused by America's insistence
> on using obsolete feet and inches instead of the metric system, or
> something like that?
The way *I* saw the screw-up, it was NASA staff using the Metric
System despite the official US standard being the English System.
But more to the point, the NASA staff apparently used data without
bothering to understand what it measured first. That could have
had similar consequences even if the data had been delivered in
Metric units; consider mm vs. cm.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: NSA future role?
Date: 8 Dec 1999 23:44:05 -0800
In article <[EMAIL PROTECTED]>, CLSV <[EMAIL PROTECTED]> wrote:
> If you walk into a decent university library you can find all
> you need to build a good encryption algorithm.
>
> True or false?
Do you mean implement an existing algorithm, or design a new one?
Implementation is easy, if you can program; design is hard to get
right, even if you've already got a strong math & crypto background.
------------------------------
From: [EMAIL PROTECTED]=NOSPAM (Gurripato)
Subject: Re: Shamir announces 1 sec break of GSM A5/1
Date: Thu, 09 Dec 1999 07:51:27 GMT
On 09 Dec 1999 05:37:45 GMT, [EMAIL PROTECTED] (JTong1995) wrote:
>Cell Phone Crypto Penetrated
>by Declan McCullagh
>10:55 a.m. 6.Dec.1999 PST
>James Moran, the fraud and security director of the GSM Association in
>Dublin, says that "nowhere in the world has it been demonstrated --an
>ability to intercept a call on the GSM network. That's a fact....
Another proof is that, in many countries, that demonstration
would break the law, so researchers are forbidden from proving it.
Absence of proof does not imply proof of absence.
>To our knowledge there's no hardware capable of intercepting."
Guess the NSA didnīt invite them to their annual
see-all-our-surveillance-hardware, hmm?
------------------------------
From: [EMAIL PROTECTED]=NOSPAM (Gurripato)
Subject: Re: If you're in Australia, the government has the ability to modify your
files. >> 4.Dec.1999
Date: Thu, 09 Dec 1999 07:52:54 GMT
On Thu, 09 Dec 1999 07:10:47 GMT, "Douglas A. Gwyn" <[EMAIL PROTECTED]>
wrote:
>It has nothing to do with national sovereignty!
>The government is authorized, or at least able with impunity,
>to use force to achieve its ends. That's why it is important
>for the citizenry to keep a tight rein over the government.
>Apparently in the UK and Australia the citizens have surrendered;
Guess Aussies are too young (as a nation) to realize that
governments are not necessarily devoted to the peopleīs benefit. But
the british? They should know better.
------------------------------
From: [EMAIL PROTECTED]=NOSPAM (Gurripato)
Crossposted-To: alt.privacy
Subject: Re: Cell Phone Crypto Penetrated >> 6.Dec.1999 >> Biryukov & Shamir describe
in a paper ...
Date: Thu, 09 Dec 1999 07:47:53 GMT
On Wed, 08 Dec 1999 16:20:40 -0500, Paul Koning <[EMAIL PROTECTED]>
wrote:
>Jim Dunnett wrote:
>>
.
>> >Alex Biryukov and Adi Shamir describe in a paper to be published this week how a
>> >PC with 128 MB RAM and large hard drives can penetrate the security of a phone
>> >call or data transmission in less than one second.
>
>Is this a real-life confirmation of the already well known fact
>that the digital cellphone cipher is lousy? At least I remember
>reading about the flaws of those ciphers quite some time ago.
>
>It doesn't sound like the "designers" of that stuff have learned
>any lessons either, from the stories about recent revisions...
>
> paul
Rather, it sounds like the usual donīt-make-waves scheme:
a) Big Company makes a software product
b) Engineers at BC realizes they screwed it
c) Accountanta at BC find out the cost of repairing the screw
d) Big Boss reminds engineers how easily it is to go
unemployed
e) Engineers keep silence, and hope nobody notices
f) Some smart guy finds out b)
g) Big Company denies or minimizes risks
h) Consumers believe g)
Conclusion: just shut up.
------------------------------
Reply-To: "H.J. Gould" <[EMAIL PROTECTED]>
From: "H.J. Gould" <[EMAIL PROTECTED]>
Subject: Re: If you're in Australia, the government has the ability to modify your
files. >> 4.Dec.1999
Date: Thu, 09 Dec 1999 08:45:16 GMT
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Steve K wrote:
> > Unless he is carrying a badge. Or a gavel. Then, attempting real
> > resistance will get you summarily shot, and properly so. Something
> > about national sovreignty, if I remember my political science
> > defnintions.
>
> It has nothing to do with national sovereignty!
> The government is authorized, or at least able with impunity,
> to use force to achieve its ends. That's why it is important
> for the citizenry to keep a tight rein over the government.
> Apparently in the UK and Australia the citizens have surrendered;
> other evidence for that is that they let the agents of the
> government disarm them (with a consequent, predictable leap
> in the violent crime rate, especially home invasions). Sheep.
--
I would love to see you substantiate the claim that in those countries where
the possesion of firearms is legal the violent crime rate is lower. As far
as I know the rate of violent crimes in the US is at least as high as any
other country in the world.
However I will agree with you that in a lot of european countries (including
the Netherlands) the people as a whole do seem to have surrendered there
right to keep a tight check on their government. Given the history of
European governments this is definitely a worrying fact.
The fact remains however that, as you yourself so rightly stated, the
goverenment is able to achieve its ends by the use of force WITH PRAGMATIC
IMPUNITY. This however is also the case in the US, the right to bear
firearms not withstanding.
------------------------------
From: KloroX <[EMAIL PROTECTED]>
Subject: Digitally signing an article in a paper journal
Date: Thu, 09 Dec 1999 10:06:38 +0100
Reply-To: [EMAIL PROTECTED] (this is spam bait)
I have the following problem. I shall publish one or more articles in
scientific journals which are printed on paper (i.e. no digital
storage is used for the medium). For reasons which I am not discussing
here, I cannot use my real name as author at present, but I wish to
use a pseudonym and be able to demonstrate publicly my (real) identity
as the author of the article(s) at a later date.
It is not possible to sign the entire article, because the contents of
the text may be changed slightly by editors (but enough to invalidate
a digital signature) without consulting me. The most that an editor
would probably allow is a paragraph of under ten printed lines added
somewhere in the "Acknowledgements" section of the article. We may
assume that the text in this paragraph will not be altered by the
editors.
I thought of using a sentence like "The author of this article
entitled [...] reserves the right of making his real identity known at
a later date", and placing a dugutal signature on this sentence, in a
format that can be printed on paper without difficulty.
There may be a lag of several years between the time of publication
and the disclosure of my identity, and the method for verifying the
signature should be faily standard (e.g., using a PGP key). How should
I proceed in practice? Are there aspects to this problem which may
present difficulties?
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
