Re: Formal notice given of rearrangement of deck chairs on RMS PKItanic
Victor Duchovni victor.ducho...@morganstanley.com writes: What are EE certs, did you mean EV? End-entity certs, i.e. non-CA certs. This means that potentially after the end of this year and definitely after 2013 it will not be possible to use any key shorted than 2048 bits with Firefox. Anyone using, for example, an embedded device adminstered via SSL will have to use another browser. From the discussion on the Mozilla policy list I get the impression that this move has been given pretty much zero thought beyond we need to do what NIST wants. Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: What if you had a very good entropy source, but only practical at crypto engine installation time?
Thierry Moreau thierry.mor...@connotech.com writes: The PUDEC (Practical Use of Dice for Entropy Collection) scheme has been advanced. The new web page is at http://pudec.connotech.com Plus the PUDEC dice sets are now offered for sale. Hmm, they're somewhat expensive... a cheaper alternative, even if they require a bit more manual effort, are these: http://www.amazon.com/Gamestation-d16-Hexidice/dp/B0012YVYXU (16-sided dice numbered 0...F, $1 each, although shipment outside the US is damn expensive). Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Formal notice given of rearrangement of deck chairs on RMS PKItanic
Matt Crawford craw...@fnal.gov writes: EE = End Entity, but I don't read the first sentence the way Peter did. As I mentioned in my previous followup, it's badly worded, but the intent is to ban any keys 2K bits of any kind (currently with evolving weasel-words about letting CAs certify them up to 2013 or so if the user begs really hard). Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: English 19-year-old jailed for refusal to disclose decryption key
Am 06.10.2010 um 22:57 schrieb Marsh Ray: On 10/06/2010 01:57 PM, Ray Dillinger wrote: a 19-year-old just got a 16-month jail sentence for his refusal to disclose the password that would have allowed investigators to see what was on his hard drive. I am thankful to not be an English subject. What about http://www.truecrypt.org/docs/?s=plausible-deniability Could this be used? -- Christoph Gruber If privacy is outlawed, only outlaws will have privacy. Phil Zimmermann - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Computer health certificate plan: Charney of DoJ/MS
http://www.bbc.co.uk/news/technology-11483008 BBC reports that Microsoft's idea seems to be that if your computer doesn't present a valid health certificate to your ISP, then your ISP wouldn't let it be on the net, or would throttle it down to a tiny bandwidth. The Health Certificate would, of course, be provided by Intel and Microsoft, but only from machines with Treacherous Computing hardware, after examining everything in your computer to make sure Intel and Microsoft approve of it all. (This is the same DRM procedure they've been pushing for a decade -- the system would cryptographically attest to arbitrary information about what's running in your machine, using proprietary hardware and software you have no control over and no ability to inspect, and the outsiders would decide not to deal with you if they didn't like your attestation. The only change is that they've revised their goal from record companies won't sell you a song if you won't attest to nobody will give you an Internet connection if you won't attest.) Homebrew computers and Linux machines need not apply. They don't explain how this would actually be implemented -- in Ethernet switches? In DSL routers or NAT boxes? In ISP servers? They're not quite sure whether the health certificate should *identify* your device, but they're leaning in that direction. But they're quite sure that it all needs doing, by voluntary means or government coercion, and that the resulting info about your device health should be widely shared with governments, corporations, etc. This proposal comes from Microsoft VP Scott Charney, well known to many of us as the former Chief of the Computer Crime and Intellectual Property Section in the Criminal Division of the U.S. Department of Justice, or as he puts it, the leading federal prosecutor for computer crimes from 1991 to 1999. He joined Microsoft in 2002 and is running their Treacherous Computing effort as well as several other things. The vision that Charney is driving is described in six papers here (one of which is the one the BBC is covering): https://www.microsoft.com/mscorp/twc/endtoendtrust/vision/ He's pushing the Public Health Model because public health bureacracies have huge, largely unchecked powers to apply force to people who they disfavor. Along those lines, he converts the public health departments' most draconian measure, used only in extreme circumstances - quarantine - into the standard procedure for his New Internet: quarantine EVERY device -- unless and until it proves that it should evade the quarantine. In his Establishing End to End Trust paper (another of the six), he lays out the computer security problem and decides that defense isn't enough; authentication, identification, and widespread auditing are the next step in solving it. He concludes: As we become increasingly dependent on the Internet for all our daily activities, can we maintain a globally connected, anonymous, untraceable Internet and be dependent on devices that run arbitrary code of unknown provenance? If the answer to that is no, then we need to create a more authenticated and audited Internet environment -- one in which people have the information they need to make good trust choices. He makes halfhearted attempts to address privacy and anonymity issues, but ultimately decides that those decisions will be made somewhere else (not by the user or consumer, of course). His analysis completely ignores the incentives of monopoly hardware and software providers; of corrupt governments such as our own; of even honest governments or citizens desiring to act secretly or without attribution; of advertisers; of the copyright mafia; of others actively hostile to consumer and civil freedom; and of freedom- supporting communities such as the free software movement. It ignores DRM, abuse of shrink-wrap contracts, copyright maximalization, censorship, and other trends in consumer abuse. It's designed by a career cop/bureaucrat/copyright-enforcer and implemented by a monopolist - hardly viewpoints friendly to freedom. I'd recommend merely ignoring his ideas til they sink like a stone. But it looks like Intel and Microsoft are actively sneaking up on the free Internet and the free 10% of the computer market by building in these techniques and seeking partnerships with governments, ISPs, telcos, oligopolists, etc to force their use. So some sort of active opposition seems appropriate. Perhaps Linux systems should routinely delete all the manufacturer-provided device attestation and identification keys from every Treacherous Computing device they ever boot on. (This won't affect keys that the *user* stores in their TPM if they want to.) If a significant part of the Internet is physically incapable of attesting to the monopolists, ISPs will never be able to require such attestation. I've certainly deleted those keys on my own PCs that came with such crap -- so far, no downside. Let's keep it that
Re: Computer health certificate plan indistinguishable from Denial Of Service attack.
On 06/10/10 Ray Dillinger said: It is hard to count the number of untestable and/or flat out wrong assumptions built into this idea, and harder still to enumerate all the ways it could go wrong. My wife runs Clamwin AV on her windows XP box and it's always complaining that she doesn't have antivirus installed. No, she has better AV installed. I'd love to know how they plan to validate my Linux boxes. But then, that's likely part of the plan. mps signature.asc Description: Digital signature
Re: Computer health certificate plan indistinguishable from Denial Of Service attack.
I'd love to know how they plan to validate my Linux boxes. OpenPTS [1] + TrouSerS [2] + Grub-IMA [3] + IMA [4] ;-) Kent [1] http://openpts.sourceforge.jp/ [2] http://trousers.sourceforge.net/ [3] http://sourceforge.jp/projects/openpts/wiki/GRUB-IMA [4] http://linux-ima.sourceforge.net/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: English 19-year-old jailed for refusal to disclose decryption key
On Oct 7, 2010, at 4:14 AM, Christoph Gruber gr...@guru.at wrote: a 19-year-old just got a 16-month jail sentence for his refusal to disclose the password that would have allowed investigators to see what was on his hard drive. What about http://www.truecrypt.org/docs/?s=plausible-deniability Could this be used? Sure. And the technology used would have no effect on the standard used in court: Is there sufficient convincing evidence that there's data there to decrypt (e.g., you used the system in the last day to send a message based on the kind of information sought)? If so, decrypt or go to jail. Beyond a reasonable doubt isn't the standard for everything, and even of it were, it's as understood by a judge or jury, not a logician. -- Jerry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: English 19-year-old jailed for refusal to disclose decryption key
On 7 Oct 2010 at 12:05, Jerry Leichter wrote: On Oct 7, 2010, at 4:14 AM, Christoph Gruber gr...@guru.at wrote: a 19-year-old just got a 16-month jail sentence for his refusal to disclose the password that would have allowed investigators to see what was on his hard drive. What about http://www.truecrypt.org/docs/?s=plausible-deniability Could this be used? Sure. And the technology used would have no effect on the standard ... used in court: I think you're not getting the trick here: with truecrypt's plausible deniability hack you *CAN* give them the password and they *CAN* decrypt the file [or filesystem]. BUT: it is a double encryption setup. If you use one password only some of it gets decrypted, if you use the other password all of it is decrypted. There's no way to tell if you used the first password that you didn't decrypt everything. So in theory you could hide the nasty stuff behind the second passsword, a ton of innocent stuff behind the first password and just give them the first password when asked. In practice, I dunno if it really works or will really let you slide by. /Bernie\ -- Bernie Cosell Fantasy Farm Fibers mailto:ber...@fantasyfarm.com Pearisburg, VA -- Too many people, too few sheep -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Anyone know anything about the new ATT encrypted voice service?
On Wed, Oct 06, 2010 at 08:19:29PM -0400, Steven Bellovin wrote: | | On Oct 6, 2010, at 6:19 01PM, Perry E. Metzger wrote: | | ATT debuts a new encrypted voice service. Anyone know anything about | it? | | http://news.cnet.com/8301-13506_3-20018761-17.html | | (Hat tip to Jacob Applebaum's twitter feed.) | | | http://www.att.com/gen/press-room?pid=18624cdvn=newsnewsarticleid=31260mapcode=enterprise says a bit more. | I've posted some thoughts on this, along with its relevance to the freedom-to-tinker/jailbreak/generativity debates at http://emergentchaos.com/archives/2010/10/att-voice-encryption-and-trust.html Adam - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: English 19-year-old jailed for refusal to disclose decryption key
On Thu, Oct 07, 2010 at 01:10:12PM -0400, Bernie Cosell wrote: I think you're not getting the trick here: with truecrypt's plausible deniability hack you *CAN* give them the password and they *CAN* decrypt the file [or filesystem]. BUT: it is a double encryption setup. If you use one password only some of it gets decrypted, if you use the other password all of it is decrypted. There's no way to tell if you used the first password that you didn't decrypt everything. So in theory you could hide the nasty stuff behind the second passsword, a ton of innocent stuff behind the first password and just give them the first password when asked. In practice, I dunno if it really works or will really let you slide by. There is no trick, not really. If decryption results in plaintext much shorter than the ciphertext -much shorter than can be explained by the presence of a MAC- then it'd be fair to assume that you're pulling this trick. The law could easily deal with this. Plausible deniability with respect to crypto technology used is not really any different than plausible deniability with respect to knowledge of actual keys. Moreover, possession of software that can do double encryption could be considered probable cause that your files are likely to be encrypted with it. Repeat after me: cryptography cannot protect citizens from their states. Nico -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: English 19-year-old jailed for refusal to disclose decryption key
On 10/07/2010 12:10 PM, Bernie Cosell wrote: There's no way to tell if you used the first password that you didn't decrypt everything. Is there a way to prove that you did? If yes, your jailers may say We know you have more self-incriminating evidence there. Your imprisonment will continue until you prove that you've given us everything. If no, your jailers may say We know you have more self-incriminating evidence there. Your imprisonment will continue until you prove that you've given us everything. Get it? So in theory you could hide the nasty stuff behind the second passsword, a ton of innocent stuff behind the first password and just give them the first password when asked. If the encrypted file is large, and disk file fragmentation patterns, timestamps, etc. suggest it has grown through reallocation, the 4 KB grocery list you decrypt out of it is not going to convince anyone. On the other hand, if you produce a sufficient amount of relatively incompressable image, video, or encrypted data from it, you may be able to convince them that you've decrypted it all. - Marsh - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Computer health certificate plan: Charney of DoJ/MS
At 3:16 AM -0700 10/7/10, John Gilmore wrote: http://www.bbc.co.uk/news/technology-11483008 BBC reports that Microsoft's idea seems to be that if your computer doesn't present a valid health certificate to your ISP, then your ISP wouldn't let it be on the net, or would throttle it down to a tiny bandwidth. The Health Certificate would, of course, be provided by Intel and Microsoft, but only from machines with Treacherous Computing hardware, after examining everything in your computer to make sure Intel and Microsoft approve of it all. I think that this will crash and burn because by the time that they're ready to implement this, PCs will be a minority of devices connected via IP. My cable box talks TCP/IP. So does my Tivo. And my SqueezeBox. And my SlingBox. And my router. And most modern televisions. Many people would be annoyed, to say the least, if they couldn't watch movies on their NetFlix-enabled TV - which they bought before this cockamamie idea was proposed. -- -- Marshall Marshall Clow Idio Software mailto:marsh...@idio.com It is by caffeine alone I set my mind in motion. It is by the beans of Java that thoughts acquire speed, the hands acquire shaking, the shaking becomes a warning. It is by caffeine alone I set my mind in motion. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com