my padlock
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://world.std.com/~cme/html/padlock.html It's self-explanatory. -BEGIN PGP SIGNATURE- Version: PGP 6.5.2 iQA/AwUBOnSoNXPxfjyW5ytxEQLviwCfahPcp0FGP+1UB4cs0J6MlN2Em20AoMhq CHIn1FgxwKhGz8LR9S6WzSkF =/Izn -END PGP SIGNATURE- +--+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | |PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+
Re: electronic ballots
At 01:03 PM 1/25/01 -0500, William Allen Simpson wrote: -BEGIN PGP SIGNED MESSAGE- I've been working with Congresswoman Lynn Rivers on language for electronic ballots. My intent is to specify the security sensitive information, and encourage widespread implementation in a competitive environment. We'd like feedback. Fun topic. Some comments: You should list the desirable properties of a voting system and then the threats to those properties. Put it on the table for everyone to see; you're gonna have to educate them in security analysis. A list of goals might look like: One man, one vote Need no skills (eg literacy), just claim Right, state address, sign name No coercion Anonymity in voting One-time Commit (can't change your mind) (NB Absentee balloters from home will be subject to domestic coercion, but there's little you can do if the spouse is that controlling.) You introduce lots of extra tracking numbers, which is a threat to anonymity. Perhaps it is to defend the one-man-one-vote desirable property against double-voting attacks, but are those congresscritters aware of this tradeoff? Suggestion: You should also sketch a system, and maybe a 'use case'. Is the goal to let absentee voters use a PC from home? Or to use State PCs transparently? Or to use State PCs as an excuse to change election procedures? (I don't mean to be hostile here.) In fact, what do you expect to gain? Faster results for CNN? That is said to skew elections. More accuracy? Derived from what? In fact, you may lose: The user interface may be worse --displays lack paper's contrast, and pressing lettered keys or using a mouse is beyond some voters. It can be better ---using the 'radio button' concept to exclude voting for more than one--- but it takes careful design and experiment. Its not clear to me if dig certs are being used in your plans to authenticate voters to voting machines; or to authenticate voting-machines to state databases. Or both. In my state, we use handsignatures, only, to authenticate voters. How do you convince Joe Sixpack that the magic numbers he uses, and which are linked to his person/residence, aren't linked to his vote? When you put cards in a box you achieve quasi-anonymity "that you can see". How do you do this with opaque computers? How do you avoid a 'traffic analysis'-like attack where you monitor both the votes sent out to state DB servers and who comes out of the booth? This would only work on slow polling places, but would let you link people to their votes. A solution is to batch. Maybe not worth worrying about, but never a problem before networked computer voting machines. At which points in the system would a hacked-keyboard (like the keystroke recording things that go in-line, but one that changes votes) be detected? (D) UNIFORMITY -- Display of candidates shall be substantially similar for each race within a state. On each display, the names of candidates may be randomly ordered within each race. Randomly for each voter? Random by county? Random by race (so that in Presidents you see Lib/Demo/Repub but when voting for Governor you see Repub/Lib/Demo)? Election software shall prevent overvote and undervote, and shall allow the voter to correct such conditions. Voters unwilling to indicate a choice may select "no vote". Where "none of the above" or its equivalent is a valid choice, "no vote" shall be a separately distinguished choice. How about voters not willing to vote for anything in that race, *including* 'no vote'? Is "no vote" a radio-button default? (E) VERIFIABILITY -- The record shall not include any other personally identifiable voter information. Yeah, why should it, the Government has the lookup table. No difference, if the Government is the source of the threat to anonymity. Isn't this part of the threat model? SEC. xx20. POLLING SECURITY REQUIREMENTS (A) AUTHENTICATION -- Transactions registering voter choices shall be authenticated by a digital certificate. A one-time certificate which comes from a machine that's about to take your vote? What is the point? Another question: where is your time base from? GPS? The internet time servers? This matters if/when the computers use their notion of time to shut voting off. I don't understand your absentee ballot procedure, except that legacy paper is still supported via human data entry. What happens if someone forgets a PIN? To vote absentee in Calif all you need is a stamp and the ability to write your signature. Increasing the complexity will deter people. (Where did that separate letter with the PIN go?) (C) DUPLICATES -- When more than one authentic vote by the same absentee voter is detected, the last such vote shall supercede any earlier vote. An absentee voter appearing at the regular polling place shall supercede any earlier vote. Duplicate votes are not handled the way you
Re: electronic ballots
On Thu, Jan 25, 2001 at 01:03:49PM -0500, William Allen Simpson wrote: I've been working with Congresswoman Lynn Rivers on language for electronic ballots. My intent is to specify the security sensitive information, and encourage widespread implementation in a competitive environment. We'd like feedback. First the basics: 1. An electronic election system need only be as good as the current system. While perfection remains the goal, the minimum criteria is that it be no worse. 2. There needs to be an absolute disconnect between the voter and the vote. Some kind of voting certificate should allow a vote but make it difficult to determine how someone voted. 3. The concept of the polling place needs to be re-examined. If a voter can vote from anywhere at anytime then the problem becomes one of counting the last vote. A vote signed by an authorized observer would supercede any following ones that were not observed. It seems that something like a smartcard would be the best scheme. The card would have to be able to encrypt the vote and sign it. An observer would need an additional card to sign votes. This would allow a voter to vote from almost anywhere and coercion could be defeated by going to another place and voting in front of an observer. Obviously if the smartcard contained a signing key with no way to relate it to the external number of the card, there would be some room for fraud with lost or stolen cards. Replacing these voter certificates at regular intervals would minimize that. Even a system relying on software and floppy disks might be as good as the way we have now. Current systems count on most of the people being honest anyway. -- - | 73,E-mail | [EMAIL PROTECTED] | | Lyn Kennedywebpage | http://webusers.anet-dfw.com/~lrkn/ | | K5QWB pony express = P.O. Box 5133, Ovilla, TX, USA 75154| ---Livin' on an information dirt road a few miles off the superhighway---
SDMI watermarks
Now that Princeton has given in to the SDMI's lawyers, two French cryptographers are publishing independent results on removing the watermarks. Their technical report is worth reading: http://www.julienstern.org/sdmi/
DeCSS ruling in DVD case must be reversed, eight amicus briefs say
Eight different coalitions -- from cryptographers to journalist groups -- are filing amicus briefs in the DVD/DeCSS case. The briefs -- an unusually high number -- urge that the Second Circuit Court of Appeals overturn the district court's ruling of last August. Wired News article on the briefs being filed today: http://www.wired.com/news/politics/0,1283,41441,00.html The journalist/media brief, which focuses on the right to link: http://www.politechbot.com/docs/linking-amicus.012601.html The computer scientists' brief (the only one filed earlier in the week): http://cryptome.org/mpaa-v-2600-bac.htm Photos from trial, protests, anti-DMCA march: http://www.mccullagh.org/theme/dvd-2600-trial.html http://www.mccullagh.org/theme/2600.html http://www.mccullagh.org/theme/dmca-protest.html http://www.mccullagh.org/image/950-5/tshirt-cssscramble.html Other briefs include one by the ACLU, one by the ACM, one by law professors, and one by Ernest Miller, Siva Vaidhyanathan et al. that says "to be governed by the District Court's version of the DMCA is to be stripped of the right to make the valuable fair uses of copyrighted materials upon which new contributions to the field are so often based." Judge Lewis Kaplan's ruling last August: http://www.wired.com/news/politics/0,1283,38287,00.html EFF is funding 2600 magazine's defense and appeal. The appeal brief to the circuit court, filed last Friday, is here: http://www.eff.org/IP/Video/MPAA_DVD_cases/20010119_ny_eff_appeal_pressrel.html http://www.eff.org/IP/Video/MPAA_DVD_cases/20010119_ny_eff_appeal_brief.html Brief of MPAA member companies is due February 19. Their amici must file a week later. Some of the briefs, including ones I've perused, are still in draft form. EFF promises to have all of them online shortly. ACLU says their brief -- still in draft form -- will be up on their site by noon. -Declan
Leo Marks
--- begin forwarded text Reply-To: [EMAIL PROTECTED] From: "Chris Ogden" [EMAIL PROTECTED] To: "Robert Hettinga" [EMAIL PROTECTED] Subject: Leo Marks Date: Fri, 26 Jan 2001 10:26:29 - MONDAY JANUARY 22 2001 Obituary Leo Marks Codebreaker who saved agents lives by improving the security of wartime ciphers AS A YOUNG man Leo Marks played a critical, if contentious, role in the wartime Special Operations Executive. He then moved into film. Marks was born into a devout Jewish family: his father was the bookseller later immortalised by Leos friend Helen Hanff at 84 Charing Cross Road. Leo, a bright only child, began his codebreaking experience at the age of eight, by cracking the price codes in his fathers and his uncles shops. Schooled at St Pauls, he showed great if erratic promise, and on leaving school helped his father sell antiquarian books. Coding was already a hobby, and he bombarded several government departments with suggestions for new systems. Early in 1942 he was sent to a course at Bedford of formal instruction on cipher and decipher, with a score of companions. They all satisfied their examiners and disappeared to Bletchley. He, wayward as always, appeared to have failed, and found himself directed (on a months trial) to SOE to take charge of its agents ciphers. It was impressed on him from the start that he was in a secret service: his family thought he was in the Ministry of Supply. He survived his months trial, and settled down to reconstruct a cipher system that he could see was fundamentally flawed. Agents ciphers each hinged on a separate poem or brief passage of memorable prose (such as a phrase from the Lords Prayer). No one else seemed to have noticed that the enemy might know the poem, or the prose passage, and so be able to break the cipher with ease. As a start, he took to composing agents poems himself. He lived with his parents in a block of flats on the Edgware Road, where the current executive head of SOE, Sir Charles Hambro, also had a flat. Marks cherished a hopeless passion for a daughter of Hambro, and when she was killed in an air crash in Canada wrote a brief dirge. This he later gave to a woman agent he was briefing, Violette Szabo. It went public when it was included in a best-selling life of her, and has since become a very popular poem. It begins: The life that I have Is all that I have And the life that I have Is yours. After 18 months effort, he managed to convince his seniors that they had made a catastrophic mistake in using poem codes at all. He reinvented one-time pad, not knowing that the Foreign Office had been using it all through the war. This gave agents a much safer cipher base. He also vastly improved their inefficient systems of security checks. All this he set out, long after the event, in Between Silk and Cyanide (1998), a six-hundred-pager on life inside SOEs headquarters which is startlingly at variance with the more robust accounts of such writers as Bickham SweetEscott or John Beevor. It presents a view from below, by a Jewish civilian junior staff officer who believed himself despised because he was Jewish, and knew himself to be cleverer than most or perhaps all of those with whom he had to deal. He certainly saved a great many lives by improving wireless operators security. He had grave doubts about operations into Holland, which he feared had been compromised. All the messages reaching SOE by wireless from Holland arrived without being mutilated in transit a stark contrast with the traffic from everywhere else in north-west Europe. In 1989 he recounted, at a conference attended by Prince Bernhard, how he had established that his suspicions were well founded. He arranged for a British operator to send HH at the end of a routine message; this provoked an instant HH in reply from Holland. This was standard Nazi operators drill: HH stood for Heil Hitler. But it took months to convince the operational staff of the danger. He also had incessant troubles with the Free French, who persevered in using a code he reckoned an intelligent schoolboy could break in an afternoon. With the help of Yeo-Thomas, GC, he persuaded even them to change. At the end of the war Marks was moved, for a transient and embarrassed few months, into the signals branch of the secret intelligence service, but was then released. He abandoned the book trade to become a film impresario, and spent more than fifty years in the tumultuous world of the cinema. Many harrowing experiences of his SOE years continued to haunt him. He condensed them into the script of a 1960s film, which Michael Powell directed, called Peeping Tom. The critics all denounced it as criminal porn, and Powells career suffered. It was recently revived, for a more tolerant age, on television. At the turn of the century, Markss life began to crumble. A childless marriage of more than forty years with Elena Gaussen Marks, the painter, suddenly dissolved in acrimony. A
Re: electronic ballots
At 1:03 PM -0500 1/25/2001, William Allen Simpson wrote:
-BEGIN PGP SIGNED MESSAGE-
I've been working with Congresswoman Lynn Rivers on language for
electronic ballots. My intent is to specify the security sensitive
information, and encourage widespread implementation in a competitive
environment. We'd like feedback.
While it is good that you are taking the time to work with Congress
on this, I have a number of problems with what you have proposed.
I've indicated a few specifics below but here are some general
objections.
First, and most important, it is far from a given that public key
cryptography can be used to build a better voting system than the
best paper systems that are presently in use (even assuming as true
the unproven mathematical foundations of the technology). There is
much more room for undetectable shenanigans in an electronic system
than in a paper system. Political leaders should understand that it
is not just a question of issuing the right RFP. In particular, it
is premature to start drafting a law.
Second, I find it unsatisfactory to review a proposed cryptosystem
design presented in legal language. At the very least, a careful
system design document, preferably with pseudo code, and a detailed
threat model should be presented. A working model would be better.
You should separate the performance criteria a voting system must
meet from the technical design.
It is not enough that a voting system be secure, or that it be
reviewed by experts. It's security must be evident to the average
voter. Otherwise it is possible to intimidate voters even if the
system isn't breakable. ("The boss has computer experts working for
him so you better vote for his candidate if you want to keep your
job.")
Finally, there are those unproven mathematical foundations. Assuming
them true may be acceptable for message privacy or financial
transactions of modest size, but basing our entire political system
is another matter.
Unlike last year's so-called "electronic signatures act", this one
specifies real digital signatures, with definitions culled from the
usual Menezes et alia Handbook.
I would much rather you specify specific technologies, such as FIPS
standards (SHA1, SHA2, AES, (it will be out soon enough), DSA, and
P.1363. You can always add "or demonstrated equivalent" (though I
wouldn't). The Handbook definitions are far too loose in legal hands.
System security analysis is very dependent on the exact algorithms
used, bit lengths, protocol etc., so I wouldn't want every vendor
making these choices. That would complicate security review
enormously. Plus, in my experience even demonstrated weakness are
pooh-poohed by vendors.
Here's what it looks like so far (draft #1.2).
Summary:
Minimal requirements for conducting electronic elections. Technology and
vendor neutral. Promotes interoperability, robustness, uniformity, and
verifiability. Easily integrated into existing equipment and practices.
Handle duplicate votes and/or denial of service through submission of
bogus votes. Permit multiple persons to use the same machinery. Inhibit
persons with access to the machine from fraud. Provides penalties for
circumvention.
Education telecommunications; all computing equipment purchased for
schools or libraries with federal money under "eRate" or other
assistance program [cite] shall be capable of use for federal elections.
States receiving such funds shall participate in electronic federal
elections.
Title __ -- Electronic Election Requirements
SEC. xx01. SHORT TITLE.
This title may be cited as the ``Electronic Election Requirements Act''.
SEC. xx02. DEFINITIONS. -- In this title:
(A) BASE64 ENCODING -- A standard method for compact display of
arbitrary numeric data, described in Multipurpose Internet Mail
Extensions (MIME), Internet RFC-2045 et seq.
(B) DIGITAL CERTIFICATE -- A verifiable means to bind the identification
and other attributes of a public key to an entity that controls the
corresponding private key using a digital signature. In this
application, the certificate shall be self-signed, and signed by the
appropriate authorizing state server.
(C) DIGITAL SIGNATURE -- A verifiable means to bind information to an
entity, in a manner that is computationally infeasible for any
adversary to find any second message and signature combination that
appears to originate from the entity. Any method used for an
election shall ensure integrity and non-repudiation for at least ten
years.
(D) ELECTION SOFTWARE -- Applications or browser applets that display an
electronic ballot and record the voter choices.
(E) ELECTRONIC ELECTION SYSTEMS -- A collection of electronic
components, including election software, hardware, and platform
operating system, on both local clients and remote servers, used in
the election.
(F)
Dutch defense minister warns other countries have Echelon-type spy networks
[I haven't seen the original documents, so consider this only a rumor at this point. Anyone have more info? -- John] Translation of report by Dutch newspaper NRC Handelsblad on 20 January The Hague, 20 January: Systems used to "bug" telephones, faxes and e-mail, like the American-British Echelon, are not limited to a few Western countries. Investigative, security and intelligence services "in countries of various political complexions" use such systems. Companies and criminal organizations are also capable of tapping information channels on a large scale. So wrote Defense Minister De Grave in a memorandum issued on Friday [19 January], entitled "Large-scale bugging of modern telecommunications systems", which has been approved by the cabinet. This is the first time the existence of the Echelon espionage network has been officially recognized. Rumors to the effect that the United States, Canada, the United Kingdom and New Zealand have established such a system has never been formally confirmed by the countries in question. Investigations by the French and Belgian parliaments, however, indicate that Echelon does actually exist. The European parliament has also confirmed, on the basis of scientific reparatory studies, that there is such a spy network, which allows large-scale reception and filtering of information conveyed by modern telecommunications systems for subsequent listening or reading. The network was initially intended to be used to fight crime and terrorism, but there are fears that the network also serves the purposes of industrial espionage. In yesterday's memorandum, De Grave indicated that modern telecommunications systems are technically vulnerable to bugging activities. Systems that use the airwaves partially or exclusively are relatively simple to tap into. The current level of protection is not always adequate for government purposes, according to Minister De Grave. However, encryption of information offers a higher level of safety. Separate protective measures are needed to safeguard special government information (state secrets, for example) from spying by third parties. Echelon will be on the agenda of a special session in the Lower House next Monday [22 January]. Source: NRC Handelsblad, Rotterdam, in Dutch 20 Jan 01 p 2
Re: electronic ballots
-BEGIN PGP SIGNED MESSAGE- Thanks everyone for the helpful comments. I've combined them as well as I could. Some folks sent privately, as indicated. David Honig wrote: At 01:03 PM 1/25/01 -0500, William Allen Simpson wrote: I've been working with Congresswoman Lynn Rivers on language for electronic ballots. My intent is to specify the security sensitive information, and encourage widespread implementation in a competitive environment. We'd like feedback. You should list the desirable properties of a voting system and then the threats to those properties. Actually, there's a lot of this already, going back many years. There were many such threats described on this list last year, and there have been a couple of conferences. In the process of passing legislation, somebody might make a presentation to a committee, or write a report on a specific protocol. But, that kind of information isn't specified in an "authorization" statute. "Arnold G. Reinhold" wrote: I find it unsatisfactory to review a proposed cryptosystem design presented in legal language. At the very least, a careful system design document, preferably with pseudo code, and a detailed threat model should be presented. A working model would be better. This isn't a proposed cryptosystem design. It's a compilation of minimal requirements for security. It is expected that there will be many designs that meet the requirements. It's based on known designs, and existing analysis. Just as in standards development, requirements don't specify the result. As I tried to indicate, this is to specify the security sensitive information, so that when folks come to testify or work on conference papers, they are all speaking the same language. I needed your help to ensure that we didn't miss anything important, and we don't go down the sad course that electronic signatures suffered last year. David Honig wrote: you're gonna have to educate them in security analysis. This is exactly the purpose. The select committee will be designated next week. Most legislators won't bother to be educated until there is actual legislation to consider. Congresscritter Rivers convened a roundtable on Internet Privacy about 5 years ago, long before most folks in Congress were considering such issues. She went to the trouble to find local talent, such as Honeyman and myself. She has long displayed interest in other security issues. She's on Science and Technology, and has a couple of major universities in her district. Her background is biology and anthropology, so she is capable of following scientific rationale. I actually consider her pretty Internet savvy; however, I'm biased. On the other hand, she finds PGP too hard to use. She wants these requirements to be simple, low cost, easy to use, and as close to existing election practices as possible, so that non-technical people can comfortably use the system. Those of you that have known me for a long time might remember that I'm the fellow that wrote the Michigan appropriations language to provide matching funds for NSFnet, the precursor to the commercial Internet. I've been involved in electoral politics for going on 25 years. If you know of others with the requisite experience in politics, legislation and security, I'd like to meet them. "(Mr) Lyn R. Kennedy" wrote: 1. An electronic election system need only be as good as the current system. While perfection remains the goal, the minimum criteria is that it be no worse. 2. There needs to be an absolute disconnect between the voter and the vote. Some kind of voting certificate should allow a vote but make it difficult to determine how someone voted. I agree. Very important points. 3. The concept of the polling place needs to be re-examined. ... Someday, remote absentee voting might be practical. Right now, the goal is to gain experience in existing polling places, and remove the restriction that military bases and foreign offices cannot be used as polling places. There was a pilot on that last year. It seems that something like a smartcard would be the best scheme. Not likely. Voting is very different from banking transactions. And issuing smartcards with special software for voting is likely to be prohibitively expensive. Somebody wrote: It strikes me that the greatest cause of confusion in vote counting stems from the variation with which voters express their intent. Yes, that's why most of the language concentrates on uniformity of interface and presentation. The only known way to eliminate that variation is to use an entirely digital method. Every other system involving paper (or transcription between analog media) will have an error rate. Somebody wrote: Of course the digital signature alone cannot ensure non-repudiation. Maybe this should either leave out non-repudiation since it's a broader issue or be
Cryptographers Amici Briefs
For appeal of the MPAA v. 2600 decision: Brief Amici Curiae of Steven Bellovin, Matt Blaze, Dan Boneh, Dave Del Torto, Ian Goldberg, Bruce Schneier, Frank Andrew Stevenson, David Wagner: http://www.2600.com/dvd/docs/2001/0126-crypto-amicus.txt Brief Amicus Curiae of Arnold Reinhold: http://cryptome.org/mpaa-v-2600-agr.htm
Re: Dutch defense minister warns other countries have Echelon-type spy networks
[I haven't seen the original documents, so consider this only a rumor at this point. Anyone have more info? -- John] http://parlando.sdu.nl/cgi/showdoc/doc/anonymous:62665/4/0/KST50892.pdf/0/KST50892.pdf (I don't know if that is a permanent URL. If not, search for document number 27591, nr. 1 at http://www.parlement.nl/doc/parlando/hfdframe/par001.htm .) It's in Dutch, obviously.
Re: Dutch defense minister warns other countries have Echelon-type spy networks
- Original Message - From: "John Gilmore" [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Sunday, January 28, 2001 7:52 AM Subject: Dutch defense minister warns other countries have Echelon-type spy networks [I haven't seen the original documents, so consider this only a rumor at this point. Anyone have more info? -- John] This German site has two articles (in English) on this matter: http://www.heise.de/tp/english/inhalt/te/4729/1.html http://www.heise.de/tp/english/inhalt/te/4747/1.html Enzo
Re: Leo Marks
The obituary has, at long last, prompted me to write a brief review of Marks' book "Between Silk and Cyanide". The capsule summary: read it, and try to understand what he's really teaching about cryptography, amidst all the amusing anecdotes and over-the-top writing. The main lesson is about threat models. If asked, I dare say that most readers of this mailing list would say "of course keying material should be memorized if possible, and never written down". That seems obvious, especially for agents in enemy territory. After all, written keys are very incriminating. It's obvious, and was obvious to the SOE before Marks. It was also dead-wrong -- accent on the "dead". The cipher that agents were taught was a complex transposition, keyed by a memorized phrase. The scheme had several fatal flaws. The first is the most obvious: a guess at the phrase was easily tested, and if a part of the key was recovered, it wasn't hard to guess at the rest, if the phrase was from well-known source (and it generally was). More subtly, doing the encryption was an error-prone process, especially if done under field conditions without the aid of graph paper. Per protocol, if London couldn't decrypt the message, the agent was told to re-encrypt and re-transmit. But that meant more air time -- a serious matter, since the Gestapo used direction-finding vans to track down the transmitters. Doing some simple "cryptanalysis" -- too strong a word -- on garbles permitted London to read virtually all of them -- but that was time-consuming, and really pointed to the underlying problem, of a too-complex cipher. The duress code was another weak spot. If an agent was being compelled to send some message, he or she was supposed to add some signal to the message. But if the Gestapo ever arrested someone, they would torture *everything* out of that person -- the cipher key, the duress code, etc. And they had a stack of old messages to check against -- they made sure that the duress code stated by the agent wasn't present in the messages. The failure was not just the lack of perfect forward secrecy; it was the lack of perfect forward non-verifiability of the safe/duress indicators. Marks' solution was counter-intuitive: give the agent a sheet of "worked-out keys", printed on silk. These were not one-time pad keys; rather, they were the numeric indicators for the transposition. This avoided the guessable phrases; more importantly, it eliminated the most trouble-prone part of the encipherment, the conversion of the key phrase to a numeric version. The authentication codes were a function of part of the key. Agents were instructed to destroy each "WOK" after use; this provided not just forward secrecy, but also stop the Gestapo from verifying any statements about the duress code. Why silk? Because it was easily concealed in coat linings and the like, and wouldn't be detected in a casual street-frisk. Sure, if the Gestapo was really suspicious, they'd find it. So what? This is the *Gestapo*; if they were really suspicious, it didn't matter much if you weren't guilty, because you'd be in no shape to appreciate their failure to find anything. We joke about rubber hose cryptanalysis; the SOE agents had to contend with the real thing. And real agents had enough other incriminating stuff lying around that unused keys didn't matter. There's more, but the basic lesson is clear: understand the *real* threat model you face before you design any sort of security system. The SOE didn't, and that cost the life of many agents. --Steve Bellovin, http://www.research.att.com/~smb
Re: electronic ballots
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At 05:28 PM 1/25/01 -0600, (Mr) Lyn R. Kennedy wrote: First the basics: 1. An electronic election system need only be as good as the current system. While perfection remains the goal, the minimum criteria is that it be no worse. After Florida, I think we can shoot for something a lot better. 3. The concept of the polling place needs to be re-examined. If a voter can vote from anywhere at anytime then the problem becomes one of counting the last vote. A vote signed by an authorized observer would supercede any following ones that were not observed. I don't see the problem or the reason for an observer. Here in Oregon, we do all votes by mail. The last vote to count is the last one to arrive at the county's collection point before 8pm, election day. OTOH, my next door neighbor was bemoaning the loss of polling places -- as a place to meet the neighbors. So maybe the real answer is still to vote by mail (or electronically) but have a place (actually, an espresso shop with easy chairs, small tables and a fireplace) where you can go to hang out, hand in your ballot and visit with the neighbors. - Carl -BEGIN PGP SIGNATURE- Version: PGP 6.5.2 iQA/AwUBOneKmHPxfjyW5ytxEQKzsQCgim1lGgnLNWRvlxF5c/RoecbYNjcAnjnJ e+Jjdp5J11zoOFKFsQ4v8hog =MjCP -END PGP SIGNATURE- +--+ |Carl M. Ellison [EMAIL PROTECTED] http://world.std.com/~cme | |PGP: 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | +--Officer, officer, arrest that man. He's whistling a dirty song.-+
