Malign SSL server attacks
I am not familiar enough with the protocol to answer this question: is it possible for an evil SSL server to send packets such that it ends up with an arbitrary signature from a client? I'm trying to emphasize the importange of keyUsage bits. :) Thanks.
NSA wants it all
--- begin forwarded text From: [EMAIL PROTECTED] Date: Tue, 17 Oct 2000 13:06:30 -0400 (EDT) To: [EMAIL PROTECTED] Subject: NSA wants it all Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] http://foxnews.com/vtech/101700/nsa_fox.sml [snipped] # #War of the Web #NSA prepares the U.S. for battle online #Tuesday, October 17, 2000 # #The U.S. National Security Agency wants to do battle in cyberspace. # #"Information is now a place," Air Force Lt. Gen. Michael Hayden told #a major computer security conference in Baltimore on Monday. "It is #a place where we must ensure American security as surely as land, sea, #air and space." # #And the NSA - the military agency responsible for intercepting #communications worldwide - doesn't just care about defense. # #Ultimately the NSA must become the "security statement" of the U.S. #telecommunications and computer industries, just as he views the Air #Force as the "military statement" of the aviation industry, he said. #"How else does our society develop the tools we need to do what it #is that our agency has been charged to do?" --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
NSA Releases Reorg Reports
--- begin forwarded text Date: Tue, 17 Oct 2000 14:13:15 -0400 To: [EMAIL PROTECTED] From: John Young [EMAIL PROTECTED] Subject: NSA Releases Reorg Reports Sender: [EMAIL PROTECTED] Reply-To: John Young [EMAIL PROTECTED] NSA released today on its Web site two reports on its reorganization, one by an external team of 27 page, another of 76 pages by an internal team. Both are big PDF files. We have converted the first to HTML: http://cryptome.org/nsa-reorg-et.htm (77KB) Here is an excerpt: "We interviewed about one hundred people in the Agency, including most senior leaders, and asked very specific questions about the way people operate and the embedded culture. We learned the Agency is a very bureaucratic government organization, and that most of the behavior patterns were established during the 1970s and 1980s when there was plenty of money to execute its mission. NSA appears to operate like an entitlement program. Most people in the Agency are highly motivated and work very hard, but a portion does not. We also found a leadership culture that appears most interested in focusing on their positions and protecting their people's jobs at the expense of accomplishing the mission. Most of the people at NSA are hired night out of college and spend their entire lives in the Agency. Regardless of their work performance and their job responsibility, the Agency promotes people roughly at the same rate. The institution encouraged people to get deeply involved in the promotion process, to the point that civilian personnel wrote their own promotion reports, and supervisors endorsed the reports even if they did not agree, mostly to prevent animosity. However, the most critical aspect of the people and culture in the institution was the mindset related to lack of empowerment and accountability. NSA's present culture overemphasizes loyalty to a particular function and its associated senior leadership, instead of full and frank discussions of problems, issues and concerns. This has created a culture that discourages sending bad news up the chain of command. The staff knows NSA is falling behind and is not properly addressing the inherent problems of the emerging global network, and the present management infrastructure does not appear to be supporting the required changes. In addition, we are concerned the present mindset fostered a society where people were afraid to express their own thoughts. Even though people spoke to us with true candor, they always wanted to avoid attribution because of the perception that the information was going to be used against them." From: External Team Report: a Management Review for the Director, NSA, October 22, 2000 http://www.nsa.gov/releases/nsa_external_team_report.pdf (2.7MB) Second report: http://www.nsa.gov/releases/nsa_new_enterprise_team_recommendations.pdf (6.4MB) --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Stolen German Code Machine Turns Up - in BBC Mailroom
http://ap.tbo.com/ap/breaking/MGA5JU6YFEC.html Oct 17, 2000 - 03:02 PM LONDON (AP) - The mystery of the Enigma continues. After disappearing from a museum on April Fool's Day, a World War II-era encryption machine turned up Tuesday - in the mailroom of the British Broadcasting Corp. The German Enigma machine was in a package addressed to Jeremy Paxman, who anchors the nightly "Newsnight" program, the BBC said. Paxman said the parcel, sent from the central England city of Birmingham, apparently had been in the "Newsnight" office for several days. "As soon as I opened it, I realized what it was. I haven't a clue why they sent it to me," Paxman said. An Enigma machine, the device the Nazis used to encrypt top-secret messages during World War II, was stolen from the Bletchley Park Museum, 50 miles northwest of London, on April Fool's Day. "We've been talking to Bletchley Park and it seems to be authentic. It has the G312 serial mark that the stolen one has," said "Newsnight" spokesman Mark Ogle. The museum is in the building occupied by a top-secret wartime team of code-breakers who cracked the Enigma cipher. Last month, the museum received a letter demanding $36,000 by Oct. 6 for the safe return of the machine. The writer, who threatened to destroy the WWII relic otherwise, claimed to be acting for a third party who bought the Enigma unwittingly. There was no immediate word whether the museum had paid the ransom demanded by the letter writer, who signed himself "The Master." Museum director Christine Large received an early-morning phone call earlier this month from a person claiming to be the writer. She reported that they "had reached a businesslike agreement." More than 70 Enigma machines are known to exist, according to a list compiled by data-security researcher David Hamer. Bletchley Park's Enigma is a rare and especially complex model used by Abwehr, German military intelligence. The only other one on public display is at the National Security Agency's National Cryptologic Museum in Fort Meade, Md. *==* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC C4I.org - Computer Security, Intelligence - http://www.c4i.org *==*
[Mojonation-devel] New mojonation-ports list
--- begin forwarded text To: [EMAIL PROTECTED] From: Jim McCoy [EMAIL PROTECTED] Subject: [Mojonation-devel] New mojonation-ports list Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] List-Id: For developers hacking Mojo Nation code mojonation-devel.lists.sourceforge.net Date: Tue, 17 Oct 2000 12:06:12 -0700 We have created a new mojonation-ports list (hosted @ SourceForge, so mailto:[EMAIL PROTECTED] for subscribe requests) which will be used to discuss and coordinate efforts at porting Mojo Nation to new platforms. This will serve as a place for people working on ports to coordinate their effort and where questions about specific ports can be answered. jim mccoy AZI/Mojo Nation ___ Mojonation-devel mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/mailman/listinfo/mojonation-devel --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: Non-Repudiation in the Digital Environment (was Re: First Monday August 2000)
Other choices? Identity Theft Identity Pollution Identity Vandalism Identity Assault Identity Misappropriation (Slander in the First Person :) Would it matter if we substitute "reputation" for "identity". Is my identity (to others) any different than the reputation with which it is associated? Call it what you will. If institutions that once recognized me fail now to do so, I have lost something-in-general. Name that something-in-general. Well, you have not lost it nor has it has been "stolen". You are simply barred from using it. This is the result of impersonation, since now the other person is the one that has access to it. This is a curious viewpoint. If someone makes off with my car, according to the DMV the car is still owned by me. Thus, it has not been stolen, I am simply barred from using it while the other person has access to it. (And if it has a hidden tracking device, it has not even been "lost".) The use of "identity theft" instead of impersonation is thus utterly misleading, even though lawyers and lawmakers are the ones perpetrating such use. No legally relevant conclusions can be drawn from the misuse of the technical term "theft" in the soundbite. In comparison, defining non-repudiation in terms of protocol messages and only for protocol messages is, at most, a solipsistic endeavor. However, it is IMO a most useful one so that others, including lawyers and lawmakers, are prevented from using it in a perverted way just because RFCs are written in English. I appreciate your comments, but I still feel that "impersonation" is too general a term, and lacks important implications of the term "identity theft". It is one crime to impersonate an officer. The crime is not one that some officer finds their personal identity subverted or nullified. The term is often used when an "impersonal role" is assumed. In some venues, impersonation can be flattering. If I use a sledgehammer to smash a car's windshield, or someone's forehead, I am not charged in both cases with "sledgehammering". The name of the crime reflects the result more generally than the means employed, in this case either "destruction of private property" or "homicide". Granted that "theft" is most often associated with the physical removal of property. But the import of the term is both that (1) the legitimate owner finds they no longer have the use of the item, and (2) the "thief" profits by the misappropriation, as if they were the owner-possessor. It may not be a complete match, but "identity theft" is well characterized by points (1) and (2) above. That the "theft" is accomplished through the mechanism of impersonation seems at most a related issue. You might well point out that, unlike an ordinary theft, what was "taken" here cannot be simply returned. If, instead of impersonation, I were to access and modify records and accounts in your name, add police records, medical problems, and credit anomalies, what term would be appropriate for the crime? I consider perhaps "character assassination" to come rather close. Unlike a "theft", the perpetrator is not "assuming" the role corresponding to the now-polluted data. (Note: "Impersonation" also conveys no direct sense that, once the impersonation is halted, the significant damage remains. But this is true of "identity theft" as well. "Identity assault" captures this, but not the misappropriated use.) Sound-bites (memes) will only persist if they have utility. Time will tell. ___tony___ Tony Bartoletti 925-422-3881 [EMAIL PROTECTED] Information Operations, Warfare and Assurance Center Lawrence Livermore National Laboratory Livermore, CA 94551-9900
Unified Cryptologic Architecture
The bibliography of an NSA reorganization report released today lists several entries under "Unified Cryptologic Architecture" as well as a "U.S. Cryptologic Strategy - Preparing for the 21st Century." There is also a citation of "SINEWS - GCHQ Modernization and Change Program." We would appreciate leads or pointers for getting these documents. The two reorganization reports are on the NSA web site in big PDF files. We offer HTML versions: http://cryptome.org/nsa-reorg-et.htm http://cryptome.org/nsa-reorg-net.htm The first is by an external study team, the second by an internal team. Strong criticism in both.
Re: Non-Repudiation in the Digital Environment (was Re: First Monday August 2000)
Tony, Your examples were so bad! ;-) of course, I meant "good" as in that new IBM commercial where the IBM guy says that the IBM laptop is "bad" ;-) I appreciate your comments and, yes, very often society uses contrary words to mean another thing. But if we step aside a bit from the usefulness or not of dumbed down soundbites or current slang in technical documents that should be precise, I see this "identity theft" discussion mainly as a counterexample to those that like to require a legal context to every word -- whereas we do not even have a worldwide legal context. As we saw, lawyers and lawmakers are oftentimes the first ones to use the term "identifty theft" -- which simply is not a theft, it is impersonation. Of course, I continue to hope that we in crypto don't have to use "identity theft" as well. But, should they can continue to use it? Some lawyers don't think so, including Mac Norton in this list who wrote: Speaking as a lawyer, one of "they,", they should not continue to use it. Identity theft might be accomplishable in some scenario, one in which I somehow induced amnesia in you, for example, but otherwise the use of the term to cover what you rightly point is simply impersonation, does a disservice to my profession as well as yours. I also think that using "identity theft" for what actually is impersonation is a disservice to our profession. In the same way that I think we need to make sure lay people understand that non-repudiation in the technical realm is not an absolute authentication or undeniable proof. If we can only this, deny that non-repudiation means undeniable proof, it will be already very useful. Then, we may be able to apply the concept of non-repudiation as we feel the need for it in protocols -- and note that we did not invent it, rather we discovered it. Authentication is not sufficient to describe validity. Cheers, Ed Gerck
RE: Malign SSL server attacks
I am not familiar enough with the protocol to answer this question: is it possible for an evil SSL server to send packets such that it ends up with an arbitrary signature from a client? I'm trying to emphasize the importange of keyUsage bits. :) This is not possible without unreasonable computational power or breaking algorithms; the client makes a contribution to the message which is signed. - Tim
Re: Malign SSL server attacks
On Tue, Oct 17, 2000 at 12:02:35PM -0400, [EMAIL PROTECTED] wrote: I am not familiar enough with the protocol to answer this question: is it possible for an evil SSL server to send packets such that it ends up with an arbitrary signature from a client? I'm trying to emphasize the importange of keyUsage bits. :) The only time the client signs something is when the server requests client auth. In TLS, the client signs MD5 and/or SHA1 hashes of the TLS handshake messages that have passed between the client and server at that point in the protocol. In SSLv3, it signs an MD5 and/or SHA1 HMAC-like (nested hash with pads) of the same handshake messages. So it looks like the anwer is no. -- Eric Murray http://www.lne.com/ericm ericm at lne.com PGP keyid:E03F65E5 Consulting Security Architect
Re: Malign SSL server attacks
The only time the client signs something is when the server requests client auth. In TLS, the client signs MD5 and/or SHA1 hashes of the TLS handshake messages that have passed between the client and server at that point in the protocol. In SSLv3, it signs an MD5 and/or SHA1 HMAC-like (nested hash with pads) of the same handshake messages. Thanks for the detailed reply. So the question now becomes to what extent can the badguy control the hash, by sending fixed nonce data, silly no-op packets, etc... Hmm.