Re: The future of security
On Mon, Apr 26, 2004 at 08:21:43PM +0100, Graeme Burnett wrote: Would anyone there have any good predictions on how cryptography is going to unfold in the next few years or so? I have my own ideas, but I would love to see what others see in the crystal ball. My guess is that it is unpredictable. As so many other things, it depends on so many coincidences, marketing, politics. But what I do expect: - I don't expect that there will be much progress in maths and theory of cryptography. Very few inventions will make it out of the ivory tower, if any at all. Key lenghts will increase. We'll play RSA with 4096 or 8192 bit. They will find that Quantum Computers may be fast, but still bound to computation complexity. - SSL/TLS will become even more of a de facto standard in open source software and (new?) protocols. It will make it's way into the standard libraries of programming languages (e.g. as it did for Ruby). - I don't expect that we'll ever have a common PKI for common people with a significant distribution. It's like with today's HTTPS: The big ones have commercial certificates, plain people use passwords and simple authentication mechanisms (like receiving a URL with a random number by e-mail). - I guess the most important crypto applications will be: - HTTPS of course - portable storage equipped with symmetric ciphers such as USB-Sticks and portable hard disks. - VPN routers - Voice over IP - DRM - maybe in digital passports and credit cards - simple auth tokens like RSA SecurID, Aladdin eToken will become more commonly used. - As a consequence, I guess that politicians will reopen the 1997's discussion of prohibiting strong encryption. They already do. - Maybe we'll have less crypto security in future than we have today. 5-10 years ago I knew much more people using PGP than today. Most modern mail user agents are capable of S/MIME, but it's hard to find someone making use of it. I'm a consultant for many companies, but not a single one of them uses it. Most modern MTAs support TLS, but to my knowledge less than 3% of messages are actually TLS encrypted in SMTP. It's strange, but law will become more important than cryptograpy. As a summary, I don't expect any innovations. Not more than within the last 10 years. But I'm pretty sure that security will be more and more important and that's were I expect innovations and progress. Security doesn't necessarily mean cryptography. regards Hadmut - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Brands' private credentials
Here's what I remember from about a year ago about the current state of private credentials. That recollection comes with no warranties express or implied. Last I heard, Brands started a company called Credentica, which seems to only have a placeholder page (although it does have an info@ address). I also heard that his credential system was never implemented, but that might be wrong now. Anna Lysyanskaya and Jan Camenisch came up with a credential system that I hear is based on Brands'. Anna's dissertation is online and might give you some clues. They might also have been working on an implementation. I came up with a much simpler system that has many similar properties to Brands', and even does some things that his doesn't. It's much less developed than the other systems, but we did write a Java implementation and published a paper at WPES last year about it. I feel a little presumptuous mentioning it in the context of the other systems, which have a much more esteemed set of authors and are much more developed, but I'm also pretty confident in its simplicity. http://isrl.cs.byu.edu/HiddenCredentials.html http://isrl.cs.byu.edu/pubs/wpes03.pdf Note that most anonymous credential systems are encumbered by patents. The implementation for my system is based on the Franklin/Boneh IBE which they recently patented, although there's another IBE system which may not be encumbered and which should also work as a basis for Hidden Credentials. -J - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RSA-576 Factored
http://mathworld.wolfram.com/news/2003-12-05/rsa/ MathWorld Headline News RSA-576 Factored By Eric W. Weisstein December 5, 2003--On December 3, the day after the announcement of the discovery of the largest known prime by the Great Internet Mersenne Prime Search on December 2 (MathWorld headline news, December 2, 2003), a team at the German Federal Agency for Information Technology Security (BIS) announced the factorization of the 174-digit number 1881 9881292060 7963838697 2394616504 3980716356 3379417382 7007633564 2298885971 5234665485 3190606065 0474304531 7388011303 3967161996 9232120573 4031879550 6569962213 0516875930 7650257059 known as RSA-576. RSA numbers are composite numbers having exactly two prime factors (i.e., so-called semiprimes) that have been listed in the Factoring Challenge of RSA Security®. While composite numbers are defined as numbers that can be written as a product of smaller numbers known as factors (for example, 6 = 2 x 3 is composite with factors 2 and 3), prime numbers have no such decomposition (for example, 7 does not have any factors other than 1 and itself). Prime factors therefore represent a fundamental (and unique) decomposition of a given positive integer. RSA numbers are special types of composite numbers particularly chosen to be difficult to factor, and they are identified by the number of digits they contain. While RSA-576 is a much smaller number than the 6,320,430-digit monster Mersenne prime announced earlier this week, its factorization is significant because of the curious property of numbers that proving or disproving a number to be prime (primality testing) seems to be much easier than actually identifying the factors of a number (prime factorization). Thus, while it is trivial to multiply two large numbers p and q together, it can be extremely difficult to determine the factors if only their product pq is given. With some ingenuity, this property can be used to create practical and efficient encryption systems for electronic data. RSA Laboratories sponsors the RSA Factoring Challenge to encourage research into computational number theory and the practical difficulty of factoring large integers and also because it can be helpful for users of the RSA encryption public-key cryptography algorithm for choosing suitable key lengths for an appropriate level of security. A cash prize is awarded to the first person to factor each challenge number. RSA numbers were originally spaced at intervals of 10 decimal digits between one and five hundred digits, and prizes were awarded according to a complicated formula. These original numbers were named according to the number of decimal digits, so RSA-100 was a hundred-digit number. As computers and algorithms became faster, the unfactored challenge numbers were removed from the prize list and replaced with a set of numbers with fixed cash prizes. At this point, the naming convention was also changed so that the trailing number indicates the number of digits in the binary representation of the number. Hence, RSA-576 has 576 binary digits, which translates to 174 digits in decimal. RSA numbers received widespread attention when a 129-digit number known as RSA-129 was used by R. Rivest, A. Shamir, and L. Adleman to publish one of the first public-key messages together with a $100 reward for the message's decryption (Gardner 1977). Despite widespread belief at the time that the message encoded by RSA-129 would take millions of years to break, it was factored in 1994 using a distributed computation that harnessed networked computers spread around the globe performing a multiple polynomial quadratic sieve (Leutwyler 1994). The result of all the concentrated number crunching was decryption of the encoded message to yield the profound plain-text message The magic words are squeamish ossifrage. (An ossifrage is a rare predatory vulture found in the mountains of Europe.) Factorization of RSA-129 followed earlier factorizations of RSA-100, RSA-110, and RSA-120. The challenge numbers RSA-130, RSA-140, RSA-155, and RSA-160 were also subsequently factored between 1996 and April of this year. (Amusingly, RSA-150 apparently remains unfactored following its withdrawal from the RSA Challenge list.) On December 2, Jens Franke circulated an email announcing factorization of the smallest prize number RSA-576. The factorization was accomplished using a prime factorization algorithm known as the general number field sieve. The two 87-digit factors found using this sieve are 3980750 8642406493 7397125500 5503864911 9906436234 2526708406 3851895759 4638895726 1768583317 x 4727721 4610743530 2536223071 9730482246 3291469530 2097116459 8521711305 2071125636 3590397527 and can easily be multiplied to verify that they do indeed give the original number. Franke's note detailed the factorization process in which lattice sieving was done by J. Franke and T. Kleinjung using hardware at the Scientific Computing Institute
[Neuclear-general] ANNOUNCE: Released version 0.7 of NeuClear Commons
--- begin forwarded text From: Pelle Braendgaard [EMAIL PROTECTED] Organization: VERAX Inc To: [EMAIL PROTECTED], [EMAIL PROTECTED] User-Agent: KMail/1.6.2 Cc: [EMAIL PROTECTED] Subject: [Neuclear-general] ANNOUNCE: Released version 0.7 of NeuClear Commons Sender: [EMAIL PROTECTED] List-Id: neuclear-general.lists.sourceforge.net List-Post: mailto:[EMAIL PROTECTED] List-Help: mailto:[EMAIL PROTECTED] List-Subscribe: https://lists.sourceforge.net/lists/listinfo/neuclear-general, mailto:[EMAIL PROTECTED] List-Archive: http://sourceforge.net/mailarchive/forum.php?forum=neuclear-general Date: Wed, 28 Apr 2004 12:30:11 -0500 Panama City, 28 April, 2004. We are happy to announce the 0.7 release of NeuClear Commons. Main goal of this release is to support the 0.9 release of NeuClear ID. Download it today and join in the NeuClear revolution. Major new features are: * New Swing based Passphrase Agent * DefaultSigner is now completely interactive. * SQLSigner stores Public Private Key Pairs in SQL using Hibernate. * Removed all old SQL support code. * Added in memory caching to Public Key Resolver * Added new interactive signing model with the BrowsableSigner interface * New SetPublicKeyCallback method for returning the public key in interactive applications For more information see: http://dev.neuclear.org/commons/ Full Release notes below: Release Notes - NeuClear Commons - Version r_0_7 ** Bug * [COM-13] - Handle Invalid Passphrase in SwingAgent * [COM-14] - Use different screen layout for normal passphrase in SwingAgent * [COM-25] - Remembered passphrase is forgotten if identity is changed * [COM-27] - Loop when JCESigner is loaded with incorrect passphrase * [COM-31] - Remembered passphrase doesnt enable sign button * [COM-33] - Signed HTML generated by Identity and subclasses fail verification ** New Feature * [COM-4] - Create Completely Interactive Signing Method * [COM-5] - Support for more advanced passphrase agent * [COM-6] - Set PublicKey Callback Method * [COM-10] - Create Improved GUI Agent * [COM-11] - Add remember Passphrase to SwingAgent * [COM-12] - Add Identity Generator to SwingAgent * [COM-16] - add Password encrypted private key methods to CryptoTools * [COM-17] - Create SQLSigner * [COM-18] - Make DefaultSigner an intelligent wrapper for end user signing front ends * [COM-20] - Add Save Key Store Dialog to InteractiveAgent * [COM-21] - Add Open Key Store Dialog to InteractiveAgent * [COM-22] - Implement Save in SwingAgent ** Task * [COM-15] - Update project.xml with latest dependencies * [COM-32] - Drop all the sql packages as no longer needed ** Improvement * [COM-9] - Add in memory caching to PublicKey Resolver * [COM-19] - Create signing task queue on SwingAgent * [COM-26] - Change to DefaultSigner's method of saving -- http://talk.org + Live and direct from Panama http://neuclear.org + Clear it both ways with NeuClear --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Neuclear-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/neuclear-general --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Can Skype be wiretapped by the authorities?
- Original Message - From: Axel H Horns [EMAIL PROTECTED] Subject: Can Skype be wiretapped by the authorities? Is something known about the details of the crypto protocol within Skype? How reliable is the encryption? While Skype is generally rather protective of their protocol, there have been leaks, in fact one elak that I am aware of was to me personally, unfortunately I do not have the protocol any more it just wasn't worth saving. With that said the protocol is horribly and completely worthless, they brag about using 1536-2048 bit RSA, but what they dont' tell you is that when I saw the protocol the key was directly encrypted without padding, it's also worth noting that when I said key that wasn't a typo, there was only one, although it was hashed to create two. There was a complete lack of message authentication, a complete lack of key verification, a complete lack of one-timeness to the transfers, basically a complete lack of security, even their user verification was flawed to the point where it was completely worthless. Assuming that they have not changed their protocol substantially (likely considering no one would listen to the individual that leaked it to me, and hence was given the breaks) the protocol is still horribly insecure, and pointlessly complex. The ONLY functional security it has is that it is peer2peer and as such it is harder to eavesdrop. Joe Trust Laboratories Changing Software Development http://www.trustlaboratories.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: How to WASTE and want not
This page seems to describe the security: http://waste.sourceforge.net/security.html iang - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
message, but also test
--- begin forwarded text Date: Thu, 29 Apr 2004 09:07:44 + From: Ryan Lackey [EMAIL PROTECTED] To: [EMAIL PROTECTED] User-Agent: Mutt/1.5.5.1+cvs20040105i Subject: message, but also test Sender: [EMAIL PROTECTED] I have two questions: 1) Does anyone have actual performance measurements of ZKS from when it was operational/at peak, in terms of bandwidth, MTU, latency, and jitter? Is there a good way to quantify just how far from acceptable it was? 2) Does anyone know of any existing reviews of bandwidth cost in multiple jurisdictions (say, per 1Mbps CIR international terrestrial), as well as electricity (per-Kwh)? I'm working on a research report which shows the 5-10 year costs for a few specific businesses in as many different locations and jurisdictions as possible, since otherwise it's almost impossible to quantify how much better a jurisdiction is than any other. I know bandwidth costs for all the markets I actually care about, but I'd like to flesh this out to account for more individual countries. The problem is the bandwidth numbers I have are public as well as very aggressively negotiated, and there's usually a spread of 3-10x between them, so I'd rather not have to go through that level of negotiation for any additional data points. (some people have been sending to [EMAIL PROTECTED] vs. [EMAIL PROTECTED], which was causing a bunch of cypherpunks mail to accumulate in the catchall spool for metacolo.com. I just added cypherpunks and cypherpunks-* aliases in the metacolo domain as well, so it should work, of which this is a test) (I also subscribed the al-qaeda node, and will probably finish setting up the spamfiltered version of the list, as well as passing the back archives through the same archiving software as current archives, and search-indexing them, next time I get bored) -- Ryan Lackey [RL960-RIPE AS24812] [EMAIL PROTECTED] +1 202 258 9251 OpenPGP DH 4096: B8B8 3D95 F940 9760 C64B DE90 07AD BE07 D2E0 301F ___ cypherpunks mailing list [EMAIL PROTECTED] http://cypherpunks.metacolo.com/mailman/listinfo/cypherpunks --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Is there a Brands certificate reference implementation?
Stefan Brands started his own company, http://www.credentica.com/ There isn't much on the web site yet, but if you click on the image you get the info email address. The code that was developed for Brands credentials at ZKS was never released. There was also code written during the ESPRIT project called CAFE. A description of protocols for Brands credentials can be found here http://crypto.cs.mcgill.ca/~stiglic/Papers/brands.pdf A more elaborate reference is the technical paper that can be found here http://www.credentica.com/technology/technology.html --Anton - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
Would anyone there have any good predictions on how cryptography is going to unfold in the next few years or so? I have my own ideas, but I would love to see what others see in the crystal ball. prediction: just as in the 1990s the commercial world caught up to the mil world in uses of crypto, so, too, will it catch up this decade in traffic analysis --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Security Architect Position at National Archives
Forwarded with permission. This may not be appropriate for the list, but it is one of the most interesting and useful crypto/security jobs I've seen in some time... The position is at Archive II in College Park, right next to the University of MD, at the junction of I-95 and the beltway. The hours are flexible so avoiding the rush hour traffic is not a big deal. The role is for a system architec/designer with strong cyber security experience. Somebody who can evaluate the security implication of various design proposal. In other words, I'm not looking just for somebody who can run a firewall or vulnerabiility check, or who can cite NIST security standard (although those skills woul dcome in handy too!). We are hiring system integrator to build a large, distributed, multi-sites electronic archives. It's possibly the most interesting project in the civilian government, IMHO. You can find out more about it at http://www.archives.gov/electronic_records_archives/about_era/scope.html The project is multi-year and is being bidded upon by large system integrators. So the candidate will get a chance to do interesting work, and watch how the big guys do it too. Attched is the annoucement. It's a position I can bring directly in, without going through the OPM process. Regards, Dyung Le [EMAIL PROTECTED] Information Technology (IT) Specialist (INFORMATION SECURITY) The National Archives and Records Administration (NARA) is seeking one (1) Information Technology (IT) Specialist (Information Security) as part of the development team for NARAs Electronic Records Archives (ERA) program. The Electronic Records Archives is a challenging program with national importance, and aims to develop a comprehensive, systematic, and dynamic mechanism for preserving virtually any kind of electronic record, free from dependence on any specific hardware or software. (http://www.archives.gov/electronic_records_archives/index.html) -- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
iTunes 4.5: 24 hours after I downloaded it... I've broken it
http://craz.net/programs/itunes/ crazney.net - iTunes stuff Welcome to my iTunes stuff website, here you will find various things relating to iTunes hacking that I have written. Last updated:April 29, 2004 iTunes 4.5: iTunes 4.5 uses a new authentication algorithm. However, not even 24 hours after I downloaded it, and that includes a little sleep and lots of uni time, I've broken it. Hah. Anyhow, libopendaap 0.2.0 and tunesbrowser 0.1.4 are now available. crazney brb have to shut chooks in. Fryboy I have just deconstructed the encryption protocol designed by Apple's finest enginee..ah fuck the chicken has escaped Pages here: * libopendaap: A library for connecting to iTunes shares and streaming audio files. *tunesbrowser: An application, built on top of libopendaap in GTK for browsing and playing the songs in various iTunes shares. *authentication: A page describing the authentication procedure used by the latest iTunes programs in order to lock out third party applications. *iTunes Music Store authentication: A page describing the authentication packets used by the iTMS. This complements Jason Rohrers iTMS-4-ALL project. Say no to the AUS-FTA! Contact info: See the front page for contact details. Please let me know if you use and enjoy (or hate) this software! Apple and iTunes are registered trademarks of Apple Computer, Inc. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RFC 3766 Determining Strengths For Public Keys Used For Exchanging Symmetric Keys
also summary entry at http://www.garlic.com/~lynn/rfcidx12.htm#3766 clicking on .txt=nnn field in the summary retrieves the actual RFC BCP 86 RFC 3766 Title: Determining Strengths For Public Keys Used For Exchanging Symmetric Keys Author(s): H. Orman, P. Hoffman Status: Best Current Practice Date: April 2004 Mailbox:[EMAIL PROTECTED], [EMAIL PROTECTED] Pages: 23 Characters: 55939 Updates/Obsoletes/SeeAlso:None I-D Tag:draft-orman-public-key-lengths-08.txt URL:ftp://ftp.rfc-editor.org/in-notes/rfc3766.txt Implementors of systems that use public key cryptography to exchange symmetric keys need to make the public keys resistant to some predetermined level of attack. That level of attack resistance is the strength of the system, and the symmetric keys that are exchanged must be at least as strong as the system strength requirements. The three quantities, system strength, symmetric key strength, and public key strength, must be consistently matched for any network protocol usage. While it is fairly easy to express the system strength requirements in terms of a symmetric key length and to choose a cipher that has a key length equal to or exceeding that requirement, it is harder to choose a public key that has a cryptographic strength meeting a symmetric key strength requirement. This document explains how to determine the length of an asymmetric key as a function of a symmetric key strength requirement. Some rules of thumb for estimating equivalent resistance to large-scale attacks on various algorithms are given. The document also addresses how changing the sizes of the underlying large integers (moduli, group sizes, exponents, and so on) changes the time to use the algorithms for key exchange. -- Anne Lynn Wheelerhttp://www.garlic.com/~lynn/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Signs Point to Worm Attack on SSL Vulnerability
http://www.eweek.com/print_article/0,1761,a=125527,00.asp EWeek Signs Point to Worm Attack on SSL Vulnerability April 27, 2004 By Dennis Fisher Security experts on Tuesday said they are seeing evidence of what appears to be a worm exploiting the recently announced vulnerability in the Windows implementation of the Secure Sockets Layer (SSL) protocol. During the morning and early afternoon Tuesday, specialists at VeriSign Inc.'s security operations center observed a large-scale exploitation of the vulnerability. While there are a number of software tools available on the Internet to attack the vulnerability, experts said the volume of activity is too great for the attacks to be manual. ADVERTISEMENT The attacks are too heavy and too regular to be anything but a worm. This has to be a worm or a mass rooter, said Jerry Brady, chief security officer of managed security services at VeriSign, based in Mountain View, Calif. The activity is at much too high of a rate for it to be people manually using the exploit. The vulnerability, for which Microsoft Corp. released a patch earlier this month, is in an older Microsoft protocol called PCT (Protected Communications Transport). Microsoft's SSL library contains a buffer overrun flaw that enables attackers to run arbitrary code on vulnerable machines by sending specially designed PCT handshake packets. PCT is included in the SSL library, which is present in a number of products, including IIS and Exchange Server. VeriSign and other security services warned of this vulnerability last week. Click here to read more about the previous alert and the specific action of this exploit. Brady said the majority of the company's managed services customers who have Internet-facing IIS servers have been attacked already. He added that the company is in the process of breaking down the attacks to see whether they are installing back doors or Trojans on compromised machines. It's too soon to tell right now. We're still doing the forensics at this point, Brady said. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
Many thanks to the list members who have contributed ideas to the above - I'll share the results by previewing the paper in the next few weeks if I may. Having been a devotee of the financial crypto community for many years, a thought has just occurred to me about the possible use of Systemics Ricardian Contract idea as a practical implementation of a distributed access control mechanism. I came across Akanti http://www-itg.lbl.gov/Akenti/ - augmented x509 certs used as access control tokens in a distributed environment. It seems that this problem space is similar to the fincrypto domain. Proprietary non-human readable binary/ascii formats have arguably lost ground to human readable name/value pair formats (i.e. XML and before that IATA), so it would seem a logical progression to extend Herr Grigg's Ricardian ontology to include a DAC contract? Cheers G - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Fwd: [ISN] Mobile flaws expose executives to bugging
*Took* 'em long enough... Cheers, RAH --- begin forwarded text Date: Fri, 30 Apr 2004 02:30:16 -0500 (CDT) From: InfoSec News [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [ISN] Mobile flaws expose executives to bugging Reply-To: [EMAIL PROTECTED] List-Id: InfoSec News isn.attrition.org List-Unsubscribe: http://www.attrition.org/mailman/listinfo/isn, mailto:[EMAIL PROTECTED] List-Archive: http://www.attrition.org/pipermail/isn List-Post: mailto:[EMAIL PROTECTED] List-Help: mailto:[EMAIL PROTECTED] List-Subscribe: http://www.attrition.org/mailman/listinfo/isn, mailto:[EMAIL PROTECTED] Sender: [EMAIL PROTECTED] http://business.timesonline.co.uk/article/0,,8209-1092789,00.html By Steve Boggan April 30, 2004 EXECUTIVES at some of Britain's biggest companies are using mobile phones that can be secretly tracked and bugged, despite a series of Times investigations demonstrating gaping holes in handset security. During tests at the offices of Shell, BP, HSBC and Goldman Sachs, The Times identified 95 phones potentially vulnerable to a new form of hacking known as bluesnarfing. Under the process, which threatens mobile phones that use Bluetooth wireless technology, hackers can download text messages, phone lists and even remotely tamper with handsets to enable them to be used as listening devices. Last week The Times identified 46 phones that could have been vulnerable to attack during a 12-minute test in the central lobby of the Palace of Westminster. During our latest experiment, we had the ability to access the phone of a Shell employee supplying aviation fuel to aircraft companies and bug the handsets of chauffeurs driving executives. At the offices of Shell, a passive scan showed that 19 phones would have accepted an unauthorised Bluetooth connection. None was made, to avoid infringement of the Computer Misuse Act. Of these, 13 were Nokias and five were Ericssons. The Nokia 6310 and 6310i, the most popular business phones in the UK, and the Ericsson T610, one of the best-selling picture phones, have proved to be the most insecure. Outside, a group of chauffeurs were waiting in seven identical and consecutively-numbered Volvos. An attack on any of their phones would have allowed us to set up a divert to a handset of our choice. We could then have instructed their phones to call us secretly, leaving a channel open through which we could have heard executives conversations in the cars. At BPs office in St Jamess Square, Westminster, we identified 24 potentially vulnerable phones while at Goldman Sachs in Fleet Street, the figure was 35 phones. We scanned in a smoking area outside the offices of HSBC in Canary Wharf during a ten-minute period. Seventeen potentially vulnerable phones were identified. The latest cause for concern involving the Nokia 6310s and Sony Ericsson T610s involves secret tracking. Commercial companies offer phone tracking services to businesses and individuals who want to locate sales forces quickly. An SMS message is sent to the relevant mobile phone with an activation code. Once activated, the phones location is shown on an internet website map. Bluesnarfing allows the activation code to be diverted to an attacker, so that an account is set up without the handset owners knowledge. He or she could then be tracked, without their knowledge, 24 hours a day. Nokia admits there are problems with its 6310s and 8910s but says it is working on a solution that will be available to users from this summer. Sony Ericsson says it has cured the text message and divert problems in new phones but phone lists, calendars and pictures can still be accessed. It promises a cure for that problem in the second half of the year. Shell and BP said they never commented on security; Goldman Sachs was aware of the problem and had issued advice to staff; and HSBC said its technical staff were looking into the problem. _ ISN mailing list Sponsored by: OSVDB.org --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Calif. Official Bans Some Voting Machines
http://news.yahoo.com/news?tmpl=storycid=519u=/ap/20040501/ap_on_re_us/electronic_votingprinter=1 Yahoo! Yahoo! News Sat, May 01, 2004 Calif. Official Bans Some Voting Machines Fri Apr 30, 8:56 PM ET Add U.S. National - AP to My Yahoo! By JIM WASSERMAN, Associated Press Writer SACRAMENTO, Calif. - The state's top elections official called for a criminal investigation of Diebold Election Systems Inc. as he banned use of the company's newest model touchscreen voting machine, citing concerns about its security and reliability. Friday's ban will force up to 2 million voters in four counties, including San Diego, to use paper ballots in November, marking their choices in ovals read by optical scanners. Secretary of State Kevin Shelley asked the attorney general's office to investigate allegations of fraud, saying Diebold had lied to state officials. A spokesman for Attorney General Bill Lockyer said prosecutors would review Shelley's claims. Diebold issued a statement saying it was confident in its systems and planned to work with election officials in California and throughout the nation to run a smooth election this fall. The ban immediately affects more than 14,000 AccuVote-TSx machines made by Diebold, the leading touchscreen provider. Many were used for the first time in the March primaries and suffered failures. In 10 other counties, Shelley decertified touchscreen machines but set 23 conditions under which they still could be used. That order involved 4,000 older machines from Diebold and 24,000 from its three rivals. The decision follows the recommendations of a state advisory panel, which conducted hearings earlier this month. Made just six months before a presidential election, the decision reflects growing concern about paperless electronic voting. A number of failures involving touchscreen machines in Georgia, Maryland and California have spurred serious questioning of the technology. As currently configured, the machines lack paper records, making recounts impossible. I anticipate his decision will have an immediate and widespread impact, said Kim Alexander, president of the California Voter Foundation and a frequent critic of the machines. California is turning away from e-voting equipment, and other states are sure to follow. Activists have been demanding paper printouts - required in California by 2006 - to guard against fraud, hacking and malfunction. Diebold has been a frequent target of such groups, though most California county election officials say that problems have been overstated and that voters like the touchscreen systems first installed four years ago. At least 50 million voters nationally were expected to use the ATM-like machines from Diebold and other companies in November. California counties with 6.5 million registered voters have been at the forefront of touchscreen voting, installing more than 40 percent of the more than 100,000 machines believed to be in use nationally. A state investigation released this month said Diebold jeopardized the outcome of the March election in California with computer glitches, last-minute changes to its systems and installations of uncertified software in its machines in 17 counties. It specifically cited San Diego County, where 573 of 1,611 polling places failed to open on time because low battery power caused machines to malfunction. Registrars in counties that made the switch to paperless voting said Shelley's decision to return to paper ballots would result in chaos. There just isn't time to bring this system up before November, Kern County Registrar Ann Barnett said. It's absurd. Diebold officials, in a 28-page report rebutting many of the accusations about its performance, said the company had been singled out unfairly for problems with electronic voting and maintained its machines are safe, secure and demonstrated 100 percent accuracy in the March election. The company, a subsidiary of automatic teller machine maker Diebold, Inc., acknowledged it had alienated the secretary of state's office and promised to redouble efforts to improve relations with counties and the state. ___ On the Net: California Secretary of State: http://www.ss.ca.gov Diebold Election Systems: http://www.diebold.com/dieboldes/ -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Wikipedia project: Crypto
The good people at Wikipedia have started a cryptography subproject, an attempt to build a comprehensive and detailed guide to cryptography in the Wikipedia. The project page: http://en.wikipedia.org/wiki/Wikipedia:WikiProject_Cryptography features a list of open tasks and things that need cleanup or writing about. For anyone who has a few minutes to spare, their contributions would without a doubt be most appreciated. Cheers, Ivan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
MatrixSSL Embedded SSL/TLS
For those of you who are interested in the coding aspects of crypto, I'd like to announce that our small footprint SSL/TLS library, MatrixSSL is available for download at http://www.matrixssl.org With a footprint under 50KB, MatrixSSL not only meets device requirements, it also provides a protocol implementation that is easy to read and understand. Some unique benefits for the cryptography community are: + Clean, clear implementation makes bugs and security issues easier to spot and fix + Focused, well documented implementation of SSL is a good teaching tool + Open Source ensures potential backdoors and security issues can be found + Compact implementation of a standard security protocol removes an excuse for homegrown solutions I'm interested in your feedback about MatrixSSL. We are actively working to make sure this a unique solution that solves some of the issues preventing adoption of standard security protocols in Internet enabled devices. J Harper PeerSec Networks http://www.peersec.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Tiny new agency ill-equipped for e-voting oversight
http://www.siliconvalley.com/mld/siliconvalley/8580743.htm?template=contentModules/printstory.jsp The San Jose Mercury News Posted on Mon, May. 03, 2004 Tiny new agency ill-equipped for e-voting oversight SAN JOSE, Calif. (AP) - As alarm mounts over the integrity of the ATM-like voting machines 50 million Americans will use in the November election, a new federal agency has begun scrutinizing how to safeguard electronic polling from fraud, hackers and faulty software. But the tiny U.S. Election Assistance Commission says it is so woefully underfunded that it can't be expected to forestall widespread voting machine problems, which would cast doubt on the election's integrity. The commission -- which on Wednesday conducts the first federal hearing on the security and reliability of electronic voting -- laments its predicament in a new report. ``We've found some deeply troubling concerns, and the country wants to know the solution,'' said DeForest B. Soaries, Jr., a Republican and former New Jersey secretary of state named by President Bush in December to lead the agency. The Washington, D.C. hearing will focus on the security risks of touchscreen machines, which computer scientists say cannot be trusted because they do not produce paper records, making proper recounts impossible. Despite reassurances from the machines' makers, at least 20 states are considering legislation to require a paper trail. After hearing from academics, elections officials and voting equipment company executives, the Soaries commission will issue recommendations -- for example, that poll workers should keep a stack of paper ballots handy in case machines fail to start. Machines in more than half the precincts in California's San Diego County malfunctioned during the March 2 presidential primary, and a lack of paper ballots may have disenfranchised hundreds of voters. Created nearly a year after a congressional deadline, the Soaries-led agency took over the Federal Elections Commission's job of setting standards for ensuring the voting process is sound. But the EAC lacks the authority to enforce any such standards and the agency's first annual report, released Friday, is apt to disappoint anyone who had high expectations. Created under the 2002 Help America Vote Act that began funneling $3.9 billion to states to upgrade voting systems after Florida's hanging chad debacle, the agency's two Republican and two Democratic commissioners weren't appointed until December. Their first public meeting was in March. A bare-bones Web site only went live on Friday. With only $1.2 million of its $10 million budget appropriated, the commission has so far been able to hire seven full-time staffers, borrowing some part-timers from other federal agencies. The lack of funding has forced the EAC to abandon or delay much of its intended mission. For example, it won't be able to develop a national system for testing voting machines, according to the report. Soaries intends to use his bully pulpit as chairman to highlight problems to state and local elections officials. But he said in a telephone interview that the EAC will need $2 million more this year and its full $10 million in 2005 to tackle its mission of restoring public faith in electronic voting. ``If you look at the evolution of voting in America, only in last four months has there been a federal agency whose exclusive focus is to deal with voting. It's the foundation of our democratic structure on one hand, but on the other we've really left it to the states to manage completely,'' Soaries said. Most states have relied on guidance from the National Association of State Election Directors, a volunteer organization of retired and active election officials around the country. NASED, in turn, has certified three little-known testing companies to verify the integrity of every machine and every line of code in e-voting equipment nationwide, and it's up to elections officials in each state to get the equipment tested. NASED plans to transfer its certification authority to the National Institute of Standards and Technology, which is supposed to update the decade-old standards the labs use to make sure voting equipment is secure and reliable. But that also is on hold because NIST ``did not receive funding to support the work,'' the commission report says. ``I wish the EAC luck, but oversight of these systems is illusory,'' said Kim Alexander, president of the California Voter Foundation. ``As long as federal voting system standards are voluntary, voters across the country will not have the peace of mind they need to feel confident in their voting systems.'' Currently certified by NASED to test all voting hardware for U.S. elections is a Huntsville, Ala.-based division of Wyle Laboratories Inc. All software is tested by two other entities -- a Huntsville, Ala., lab operated by Greenwood Village, Colo.-based Ciber Inc., and Denver-based SysTest Labs LLC. The labs may take a year or
Microsoft: 'Palladium' Is Still Alive and Kicking
http://www.microsoft-watch.com/article2/0,1995,1585354,00.asp Wednesday, May 05, 2004 Microsoft: 'Palladium' Is Still Alive and Kicking By Mary Jo Foley Updated: Redmond denies published report that it is axing its Next-Generation Secure Computing Base and insists the technology still will debut in Longhorn. SEATTLE - Microsoft spent much of Day 2 of its Windows Hardware Engineering Conference (WinHEC) here refuting a published report claiming the company has axed its Next Generation Secure Computing Base (NGSCB) security technology. NGSCB is alive and kicking, said Mario Juarez, a product manager in Microsoft's security and technology business unit. ADVERTISEMENT NGSCB - the hardware/software security system formerly code-named Palladium - has been one of the most controversial components expected to debut in the version of Windows that's due out in 2006+. Unlike last year's WinHEC, where NGSCB received top billing, this year, it's just a blip on the radar screen. In fact, there are at only three sessions on the WinHEC docket specifically about NGSCB. But Microsoft is still talking up its NGSCB vision at this week's show. Microsoft is continuing to be vague about exactly how much of its NGSCB code will ship as part of Longhorn. Company officials have gone on record saying that customers would not be impacted by the technology until Microsoft delivered Version 2 of the NGSCB platform. The company has not provided a date for Version 2. In spite of these facts, the plan of record continues to be to deliver Version 1 of its NGSCB technology as part of Longhorn, said Juarez. Juarez acknowledged that Microsoft is reworking its NGSCB technologies to enable independent software vendors and customers with a way to allow their existing applications to take advantage of NGSCB without having to rewrite them. He said that customers to whom Microsoft has shown early versions of NGSCB requested this change. He added that Microsoft will provide more details on how it plans to do this some time later this year. Microsoft has explained NGSCB's inner workings this way: The two foundations of NGSCB were designed to be the Trusted Platform Module on the hardware side, and the Trusted Operating Root (or nexus) on the software side. The nexus was to be the kernel of an isolated software stack that was designed to run inside the standard Windows environment. The nexus was slated to provide a set of APIs that would enable sealed storage and other foundations for trusted-computing. But up until this week, Microsoft had said that only applications that were designed from the ground-up to be nexus-aware would be able to take advantage of these features. Juarez also admitted that the NGSCB team currently did not have a managed code story. He said, We need to go back and figure out how that will look and work. Managed code is a key concept in Longhorn. It involves a new programming model centered around a new managed application programming interface. Microsoft is gunning to have many of Longhorn's own subsystems function as managed applications and is advocating that third parties make their Longhorn applications managed, as well. Juarez said Microsoft is not providing any of its NGSCB bits as part of the new Longhorn pre-alpha release that it is distributing this week to WinHEC attendees. But he denied that this means that the company is exorcising NGSCB from the product. Instead, he said that the NGSCB team decided that the driver developers at the show wouldn't be the right targets for this code. We are not updating the development environment now. We are evaluating whether there will be one in Longhorn, he said. The only question is what it will look like. Microsoft did include in the pre-alpha version of Longhorn software developer kit that it distributed at the Professional Developers Conference last fall both the NGSCB application programming interface (API) set, as well as various NGSCB class-library files. We are making some predictable changes, Juarez continued. He said that Microsoft has attempted to be very transparent about its NGSCB plans over the past two years in order to allay industry fears about Microsoft's security intentions. We've just been doing in public what is usually done in private, Juarez said, in terms of detailing the NGSCB evolving its strategy and directions. (Note: This story was updated. One of the four scheduled NGSCB sessions at this year's show was cancelled, leaving only three on the docket. Also: Juarez said he misspoke, re: whether there will be an NGSCB development environment included as part of Version 1 of NGSCB. Microsoft is currently evaluating whether or not to make the dev environment part of the release, he said.) -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and
Re: The future of security
Graeme Burnett wrote: Hello folks, I am doing a presentation on the future of security, which of course includes a component on cryptography. That will be given at this conference on payments systems and security: http://www.enhyper.com/paysec/ Would anyone there have any good predictions on how cryptography is going to unfold in the next few years or so? I have my own ideas, but I would love to see what others see in the crystal ball. I would see these things, in no particular order, and no huge thought process applied. a. a hype cycle in QC that will peak in a year or two, then disappear as purchasers realise that the boxes aren't any different to ones that are half the price. b. much more use of opportunistic cryptography, whereby crypto systems align their costs against the risks being faced. E.g., self-signed certs and cert caching in SSL systems, caching and application integration in other systems. c. much less emphasis on deductive no-risk systems (PKIs like x.509 with SSL) due to the poor security and market results of the CA model. d. more systems being built with basic, simple home-grown techniques, including ones that are only mildly secure. These would be built by programmers, not cryptoplumbers. They would require refits of proper crypto as/if they migrate into successful user bases. In project terms, this is the same as b. above - more use of opportunistic tactics to secure stuff basically and quickly. e. greater and more costs to browser users from phishing [1] will eventually result in mods to security model to protect users. In the meantime, lots of snakeoil security solutions will be sold to banks. The day Microsoft decides to fix the browser security model, phishing will reduce to a just another risk. f. arisal of mass crypto in the chat field, and slow painful demise of email. This is because the chat protocols can be updated within the power of small teams, including adding simple crypto. Email will continue to defy the mass employment of crypto, although if someone were to add a create self-signed cert now button, things might improve. g. much interest in simple crypto in the p2p field, especially file sharing, as the need for protection and privacy increases due to IP attacks. All of the techniques will flow across to other applications that need it less. h. almost all press will be in areas where crypto is sure to make a difference. Voting, QC, startups with sexy crypto algorithms, etc. i. Cryptographers will continue to be pressed into service as security architects, because it sounds like the same thing. Security architects will continue to do most of their work with little or no crypto. j. a cryptographic solution for spam and viruses won't be found. Nor for DRM. iang [1] one phisher took $75,000 from 400 victims: http://www.financialcryptography.com/mt/archives/000129.html - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
Ian Grigg wrote: Graeme Burnett wrote: Hello folks, I am doing a presentation on the future of security, which of course includes a component on cryptography. That will be given at this conference on payments systems and security: http://www.enhyper.com/paysec/ Would anyone there have any good predictions on how cryptography is going to unfold in the next few years or so? I have my own ideas, but I would love to see what others see in the crystal ball. i. Cryptographers will continue to be pressed into service as security architects, because it sounds like the same thing. Security architects will continue to do most of their work with little or no crypto. Hmmm I'm afraid I concur - my personal experience of being a security architect for a major merchant bank was one of meeting regulatory requirement by post development due diligence, or as my wife calls it nagging, making the role effectively that of grumpy rubber stampers G - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Quantum crypto gets a speed boost
http://optics.org/articles/news/10/5/2/1 Optics.org Quantum crypto gets a speed boost 6 May 2004 NIST scientists transfer a quantum key made of single photons at a rate of 1Mbps. A team of US scientists from the National Institute of Standards and Technology (NIST) in Colorado and Acadia Optronics, Maryland, claims to have built the world's fastest quantum cryptography system (Optics Express 12 9). NIST test bed Its 730 m free-space link, which uses a stream of single photons to transfer a secret encryption key, offers a key transfer rate of 1Mbps -- about 100 times faster than previously demonstrations. NIST says that the increase in speed could potentially make quantum cryptography practical for applications such as streaming encrypted video or communications across large networks. Quantum key distribution (QKD) has recently emerged as an attractive technique to create completely secure communication links between banks and military bases and the first commercial systems are now starting to appear. Although the transmission distances have steadily improved over the past few years, the current records are 150 km in fiber and 23 km in free space, the transfer rate of the key has remained painfully slow, typically 1 kbps or so. Crypto components The NIST-Acadia team has boosted this transfer rate to 1 Mbps by employing a clock synchronization scheme typically found in high-speed optical communications. The innovation is to operate a classical (unsecure) link at 1.5 microns in parallel with an 845 nm QKD link over a 730 m span between two NIST buildings. The classical link, at a clock rate of 1.25 Gbps, is used to synchronize the QKD receiver and tell it when to look for the key's photons. This synchronized detection helps distinguish the QKD photons generated by a pair of 845 nm VCSELs from stray light such as photons from the Sun and thus raise the key transmission rate. Although in theory it should be possible to achieve key transmission at up to the clock-rate, the team has found that the 350 ps timing resolution of its silicon avalanche photodetectors currently limits performance to 1 Mbps. The team says with better detectors the key rate could be raised further. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
E-Voting Commission Gets Earful
http://www.wired.com/news/print/0,1294,63349,00.html Wired News E-Voting Commission Gets Earful By Michael Grebb? Story location: http://www.wired.com/news/evote/0,2645,63349,00.html 02:00 AM May. 06, 2004 PT WASHINGTON -- Passions ran high Wednesday at the first public hearing of the Election Assistance Commission, where activists and manufacturers of electronic voting machines clashed over whether new e-voting systems should include a voter-verifiable paper trail that auditors could use to recount votes if necessary. The newly formed commission, which is just beginning to oversee the certification of voting systems and the standardization of elections across the country, held its first meeting to examine the state of elections and voting systems. The commissioners were collecting testimony from special-interest groups, election officials, computer scientists and voting-machine makers. But the commission's chairman said he didn't expect the bipartisan panel would issue national standards requiring paper receipts when it makes preliminary recommendations next week, followed by more detailed guidelines next month. We will not decide on what machines people will buy, said the chairman, Republican DeForest B. Soaries Jr., saying it wasn't the panel's role to tell states what to do. We will say, if California wants to have a backup paper system, what national standards it should follow. At least 20 states are considering legislation to require a paper record of every vote cast after rushing to get ATM-like voting machines to replace paper ballots in the wake of Florida's fiasco with hanging chads in the 2000 presidential election. About 50 million people, or 29 percent of voters, are expected to vote electronically in November's election. Representatives from the machine makers tried to convince commissioners that paperless e-voting systems are not only safe and accurate, but more so than paper-based systems. Mark Radke, director of marketing at Diebold Election Systems, said Diebold's touch-screen voting systems experienced zero security problems during the November 2002 elections, pointing out that its voice guidance audio feature allowed blind voters to vote in private for the very first time. (With paper-only systems, blind voters historically have needed to recite their ballot choices to a poll worker or friend, who would then mark the ballot for them.) Radke also said Diebold's machines outperformed other systems during the California recall elections in October. He claimed that under-counted votes were the lowest on Diebold touch screens, at 0.73 percent, compared with 2.86 percent for optical-scan systems, 4.6 percent for other electronic systems and 6.32 percent for paper-only systems. Alfie Charles, spokesman for Sequoia Voting Systems, said the sensationalized concerns of paper-trail advocates aren't grounded in reality. The evidence is pretty clear, he said. Electronic systems help prevent disenfranchisement. Several panelists also pointed out that the pool of people able to hack into an e-voting system is far smaller than those able to steal ballots, stuff the ballot box or punch holes in voting cards to change or nullify votes. Under that theory, electronic systems would increase security. We would reduce the number of people capable of committing fraud, Charles said. But Avi Rubin, a Johns Hopkins University computer scientist who helped author a report last July about security vulnerabilities in Diebold's touch-screen voting system, warned that paperless systems could allow savvy intruders to rig an election. He said corporations supporting a particular presidential candidate who is friendly to their needs would have billions at stake to make sure their candidate won. We've got very well-funded and bad-intentioned adversaries to worry about, he said. Rubin said while paper trails are needed for the November election, in the long, long term we should explore other cryptographic options and other electronic techniques to someday run secure, paperless elections. At a press conference and rally outside the hearing, a crowd of supporters cheered when California Secretary of State Kevin Shelley took the podium. On Friday, Shelley banned the use of one model of Diebold's voting machines in four California counties, and decertified all touch-screen systems unless counties that own them implement 23 security requirements. At least one county is filing suit against Shelley for his actions, and others may follow. Supervisors in Riverside County voted unanimously Tuesday to sue Shelley, California's top election official, to remove the ban on their machines, saying his ruling would harm disabled and visually impaired voters who have been able to vote unassisted for the first time using touch-screen machines that guide them through the ballot with audio directions. Shelley charged that Diebold aggressively marketed its TSx system to voting officials in the four
Re: The future of security
On Thu, 2004-05-06 at 17:52, Ian Grigg wrote: c. much less emphasis on deductive no-risk systems (PKIs like x.509 with SSL) due to the poor security and market results of the CA model. at the nist pki rd workship (mentioned elsewhere in some other post in this mailing list) there was discussion of 1) using private key signing for things like signature (like in human signature) agreement/authorization as opposed to straight authentication. one of the issues is that if you ever use a private key to digitally some random challenge/response data in a authentication paradigm ... you might be at risk ever using the same private key for signature purposes ... since it might be possible that some of the random data you may have signed might not have been truely random after all 2) naked public keys ... aka w/o certificates at all 3) and in some of the breaks the certificate use in payment transactions. sort of two issues in payment transactions were/are a) privacy and b) size bloat. in the mid-90s, the traditional x.509 identity certificate from the early 90s was drastically cut back to relying-party-only, account number certificate because of privacy issues with identity information. The work on certificate-based financial transaction started with taking a 60-80 byte payment transaction, instead of ISO8583, using ASN.1 encoding to blow it up to 200-300 bytes; added a 128-byte RSA signature (then adding in the ASN.1 encoding) and a relying-party-only certificate that typically ran 4k-12k bytes; having starting from a 60byte normal transaction, the certificate-based stuff would blow it up by factor of one hundred times to 6k to 12k bytes. The certificate was totally redundant and superfluous since the financial institution was the relying party and already had all the information. In the X9.59 work it was observed that it was possible to encode an ECDSA signature in an ISO8583 transaction in 42 bytes ... so absolute minimum for authenticated payment transaction would go from 60 bytes to a little over 100 bytes ... w/o throwing in a bunch of extraneous, duplicated and/or superfluous data that provided absolutely no added value (the payment transaction still contained the same data, digital signature authentication was added ... and all the payload carried in a certificate was totally redundant and superfluous since the relying-party had a superset). It isn't exactly that payment security requirements have to be proportional to the cost of certificate security ... it was that certificate security increased the payload costs by a factor of one hundred times and provided NO added value. some of my further observations about mixing authentication signing and signature signing ... as well as nature of naked public keys ... recently posted to thread in sci.crypt: http://www.garlic.com/~lynn/2004e.html#20 Soft signatures and the future of security ... somewhat orthogonal to cryptography ... there was recently a letter from NSF to some former multician that was posted to the alt.os.multics n.g. that started a thread on (not necessarily crypto) system security (and multics never having been broken). a couple posts in the thread http://www.garlic.com/~lynn/2004e.html#27 NSF itnerest in Multics security http://www.garlic.com/~lynn/2004e.html#36 NSF itnerest in Multics security -- Anne Lynn Wheeler | http://www.garlic.com/~lynn/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
acoustic cryptanalysis
Adi Shamir Eran Tromer find you can literally listen in on your computer doing RSA computations: http://www.wisdom.weizmann.ac.il/~tromer/acoustic/ -- Perry E. Metzger[EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Security Architect Position at National Archives
At 12:02 PM -0400 4/29/04, Rich Salz wrote: The role is for a system architec/designer with strong cyber security experience. Somebody who can evaluate the security implication of various design proposal. In other words, I'm not looking just for somebody who can run a firewall or vulnerabiility check, or who can cite NIST security standard (although those skills woul dcome in handy too!). i talked to them. the downside is that they want this security architect to be the security administrator, once the system is built... - don davis, boston - - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]