Re: should you trust CAs? (Re: dual-use digital signature vulnerability)
On Wed, Jul 28, 2004 at 10:00:01PM -0700, Aram Perez wrote: As far as I know, there is nothing in any standard or good security practice that says you can't multiple certificate for the same email address. If I'm willing to pay each time, Verisign will gladly issue me a certificate with my email, I can revoke it, and then pay for another certificate with the same email. I can repeat this until I'm bankrupt and Verisign will gladly accept my money. Yes but if you compare this with the CA having the private key, you are going to notice that you revoked and issued a new key; also the CA will have your revocation log to use in their defense. At minimum it is detectable by savy users who may notice that eg the fingerprint for the key they have doesn't match with what someone else had thought was their key. I agree with Michael H. If you trust the CA to issue a cert, it's not that much more to trust them with generating the key pair. Its a big deal to let the CA generate your key pair. Key pairs should be generated by the user. Adam - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: should you trust CAs? (Re: dual-use digital signature vulnerability)
At 02:09 PM 7/28/04 -0400, Adam Back wrote: The difference is if the CA does not generate private keys, there should be only one certificate per email address, so if two are discovered in the wild the user has a transferable proof that the CA is up-to-no-good. Ie the difference is it is detectable and provable. Who cares? A CA is not legally liable for anything they sign. A govt is not liable for a false ID they issue a protected witness. The emperor has no clothes, just a reputation, unchallenged, ergo vapor. = 36 Laurelwood Dr Irvine CA 92620-1299 VOX: (714) 544-9727 (home) mnemonic: P1G JIG WRAP VOX: (949) 462-6726 (work -don't leave msgs, I can't pick them up) mnemonic: WIZ GOB MRAM ICBM: -117.7621, 33.7275 HTTP: http://68.5.216.23:81 (back up, but not 99.999% reliable) PGP PUBLIC KEY: by arrangement Send plain ASCII text not HTML lest ye be misquoted -- Don't 'sir' me, young man, you have no idea who you're dealing with Tommy Lee Jones, MIB - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: dual-use digital signature [EMAIL PROTECTED]
[EMAIL PROTECTED] writes: Your certificate definition says additionalRecipients, mine says additionalSubjects, Fred-over-there's says coKeyOwners. The OIDs for these extensions end up all different. A human may be able to parse the intent from the ASN.1 it but email programs will have difficulty. What I meant was that if there was any demand for this, someone would define a standard place to store the info, which apps would (eventually) display. At the moment there's neither a additionalRecipients, a additionalSubjects, a coKeyOwners, or anything else, because no-one's ever asked for it. Given the complete lack of demand for this to date I suspect that even if you did do an RFC for it it'd be relegated to Experimental status and everyone would ignore it... what exactly is the intent of adding this information? Under what circumstances would it be used? What's the UI for it? Do you throw up a warning? Warning of what? If it's Others are listening in then the alternative is to not use the cert at all, in which case the choice given to the users will be Allow one or two others to listen in vs. Allow anyone to listen in, since everyone will choose the former there's not much point in putting it there in the first place. etc etc etc. (There have been similar suggestions made about other warn-the-user type features on the S/MIME list, which tend to get shot down with some variant of I wouldn't even know how to begin to do a UI for this, with a backup of This amounts to giving the user a choice of communicate or don't communicate, guess which one they'll choose?). Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: should you trust CAs? (Re: dual-use digital signature vulnerability)
Aram Perez [EMAIL PROTECTED] writes: I agree with Michael H. If you trust the CA to issue a cert, it's not that much more to trust them with generating the key pair. Trusting them to safely communicate the key pair to you once they've generated it is left as an exercise for the reader :-). Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Microsoft .NET PRNG (fwd)
Forwarded here as the original forum is having no success. IIRC, Matt Blaze examined the early CrptoAPI and associated PRNG, but I can't seem to find the post/article that I am thinking of. -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF ...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them. Osama Bin Laden - - - There aught to be limits to freedom!George Bush - - - Which one scares you more? -- Forwarded message -- Date: Fri, 30 Jul 2004 10:52:12 -0300 From: Pablo Milano [EMAIL PROTECTED] To: 'Yvan Boily' [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Microsoft .NET PRNG I'm looking for the same information. I want to know which method does MS Crypto API use in order to obtain strong random seeds. The most in-deep information about this I could find was http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/s ecurity/cpgenrandom.asp. Anyway, I'm still not sure if what is explained there is what the function SHOULD do, or what the function ACTUALLY DOES. Any help would be appreciated. Regards. -Mensaje original- De: Yvan Boily [mailto:[EMAIL PROTECTED] Enviado el: MiƩrcoles, 28 de Julio de 2004 04:40 p.m. Para: [EMAIL PROTECTED] Asunto: Microsoft .NET PRNG I have read both FoundStone's and @Stakes reviews of the PRNG included with the Microsoft .NET 1.1 framework (also the Win32 CryptoAPI) , however there is little information available (that I have been able to locate) that discusses the actual method used, or an analysis of how reliable it is from a cryptographic perspective. I don't profess to be expert enough on random number generation and cryptography to criticize the implementation, however I would like to know more about it as most code samples I have seen and now an application I am auditing is relying extensively on the CryptoAPI to provide facilities for random key generation. Does anyone have any technical resources which discuss concerns or commendations of the implementation? Regards, Yvan Boily - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Stepping on Big Brother's Toes
http://www.wired.com/news/print/0,1294,64379,00.html Wired News Stepping on Big Brother's Toes By Michelle Delio? Story location: http://www.wired.com/news/privacy/0,1848,64379,00.html 01:30 PM Jul. 28, 2004 PT Cars that report your every false move to local law authorities. Huge databases with detailed information on every citizen. Companies that only honor privacy guidelines when it's profitable for them to do so. These were some of the winners of Privacy International's sixth annual U.K. Big Brother Awards, announced Wednesday. The awards are an annual attempt to publicly name and shame the government and private-sector organizations that have done the most to invade personal privacy in Britain. The winners of Worst Public Servant, Most Invasive Company, Most Appalling Project, Most Heinous Government Organization and Lifetime Menace were selected by a panel of experts consisting of lawyers, academics, consultants, journalists and civil rights activists. Winners were chosen from roughly 300 people and organizations nominated by the public. They receive a lovely gold statue of a boot stamping on a human head, which is usually mailed to the winners, as none has never shown up to collect its award. Big Brother Awards are now held as an annual event in 17 countries. Each event typically focuses on privacy violations in the host country. But Privacy International opted to make an exception this year by including in the U.K. awards a U.S. initiative, US-Visit. This security program requires that most foreign visitors traveling to the United States on a visa have their index fingers digitally scanned and a digital photograph taken, so that immigration officers can verify their identity before the visitors are allowed entry into the United States. The scheme is offensive and invasive, and has been undertaken with little or no debate or scrutiny, said Simon Davies, director of Privacy International. Nor has the requirement taken any account of the 'special relationship' between the U.K. and the U.S. The U.K. government has been silent about the program and has capitulated every step of the way. Margaret Hodge, U.K. minister of state for children, won Worst Public Servant because of her support for a controversial tracking system that would share information collected on minors by Britain's National Health program with other government agencies. While the ministry believes that such tracking would prevent child abuse, others have fought it on the basis that sharing such information is a breach of doctor-patient confidentiality. British Gas was cited as the Most Invasive Company, after it declared that U.K. privacy rules prevented it from helping an elderly couple who were found dead of hypothermia in their home last winter, weeks after their gas service was cut off due to nonpayment of a 140-pound ($255) bill. British Gas said the Data Protection Act, intended to ensure that personal information is protected, prohibited it from reporting the situation to social services agencies that could have helped the couple restore heating service. Runner-up in this category was banking firm Lloyds TSB, which has been demanding that customers present themselves at their local branch office with proper photo ID or face having their bank accounts frozen. Lloyds describes the project as a way to stop terrorism and international money laundering. FollowUs, a company that uses GPS chips embedded in mobile phones to locate the phones' users for peace of mind, security or fun was also a runner-up. Most Appalling Project was awarded to Britain's National Health Service electronic medical records program, which aims to computerize patient records in a way that some have protested is insecure and will compromise patient privacy. Runner-up in this category was mobile-phone company Vodafone, which blocks customers from logging onto adult websites through their phone handsets in order, the company says, to protect mobile-phone-toting, porn-seeking children. Customers can access adult websites by proving their age by providing their credit card details to the company online, over the phone or in person, and specifically requesting that adult-access blocks be dropped. Most Heinous Government Organization was won by The Office of National Statistics for its development of the Citizen Information Project, which will collect, collate and share U.K. citizens' data with other government agencies. The Department for Transport won runner-up for its electronic vehicle-identification program, currently under development. Known as the Spy in the Dashboard, the program will embed microprocessor chips into cars. The chips would automatically report any instances of speeding, illegal parking and other grievous offenses to authorities, who would follow up with a summons. We are seeing a race to the bottom, where government and private sector alike compete to provide the most intrusive services in the most
How They Could Steal the Election This Time
http://www.thenation.com/docprint.mhtml?i=20040816s=dugger Click here to return to the browser-optimized version of this page. This article can be found on the web at http://www.thenation.com/doc.mhtml?i=20040816s=dugger How They Could Steal the Election This Time by RONNIE DUGGER [from the August 16, 2004 issue] On November 2 millions of Americans will cast their votes for President in computerized voting systems that can be rigged by corporate or local-election insiders. Some 98 million citizens, five out of every six of the roughly 115 million who will go to the polls, will consign their votes into computers that unidentified computer programmers, working in the main for four private corporations and the officials of 10,500 election jurisdictions, could program to invisibly falsify the outcomes. The result could be the failure of an American presidential election and its collapse into suspicions, accusations and a civic fury that will make Florida 2000 seem like a family spat in the kitchen. Robert Reich, Bill Clinton's Labor Secretary, has written, Automated voting machines will be easily rigged, with no paper trails to document abuses. Senator John Kerry told Florida Democrats last March, I don't think we ought to have any vote cast in America that cannot be traced and properly recounted. Pointing out in a recent speech at the NAACP convention that a million African-Americans were disenfranchised in the last election, Kerry says his campaign is readying 2,000 lawyers to challenge any place in America where you cannot trace the vote and count the votes [see Greg Palast, Vanishing Votes, May 17]. The potential for fraud and error is daunting. About 61 million of the votes in November, more than half the total, will be counted in the computers of one company, the privately held Election Systems and Software (ESS) of Omaha, Nebraska. Altogether, nearly 100 million votes will be counted in computers provided and programmed by ESS and three other private corporations: British-owned Sequoia Voting Systems of Oakland, California, whose touch-screen voting equipment was rejected as insecure against fraud by New York City in the 1990s; the Republican-identified company Diebold Election Systems of McKinney, Texas, whose machines malfunctioned this year in a California election; and Hart InterCivic of Austin, one of whose principal investors is Tom Hicks, who helped make George W. Bush a millionaire. About a third of the votes, 36 million, will be tabulated completely inside the new paperless, direct-recording-electronic (DRE) voting systems, on which you vote directly on a touch-screen. Unlike receipted transactions at the neighborhood ATM, however, you get no paper record of your vote. Since, as a government expert says, the ballot is embedded in the voting equipment, there is no voter-marked paper ballot to be counted or recounted. Voting on the DRE, you never know, despite what the touch-screen says, whether the computer is counting your vote as you think you are casting it or, either by error or fraud, it is giving it to another candidate. No one can tell what a computer does inside itself by looking at it; an election official can't watch the bits inside, says Dr. Peter Neumann, the principal scientist at the Computer Science Laboratory of SRI International and a world authority on computer-based risks. The four major election corporations count votes with voting-system source codes. These are kept strictly secret by contract with the local jurisdictions and states using the machines. That secrecy makes it next to impossible for a candidate to examine the source code used to tabulate his or her own contest. In computer jargon a trapdoor is an opening in the code through which the program can be corrupted. David Stutsman, an Indiana lawyer whose suits in the 1980s exposed a trapdoor that was being used by the nation's largest election company at that time, puts it well: The secrecy of the ballot has been turned into the secrecy of the vote count. According to Dr. David Dill, professor of computer science at Stanford, all elections conducted on DREs are open to question. Challenging those who belittle the danger of fraud, Dill says that with trillions of dollars at stake in the battle for control of Congress and the presidency, potential attackers who might seek to fix elections include hackers, candidates, zealots, foreign governments and criminal organizations, and local officials can't stop it. Last fall during a public talk on The Voting Machine War for advanced computer-science students at Stanford, Dill asked, Why am I always being asked to prove these systems aren't secure? The burden of proof ought to be on the vendor. You ask about the hardware. 'Secret.' The software? 'Secret.' What's the cryptography? 'Can't tell you because that'll compromise the secrecy of the machines.'... Federal testing procedures? 'Secret'! Results of the tests? 'Secret'! Basically we are required to have