Re: Al Qaeda crypto reportedly fails the test
In message [EMAIL PROTECTED], John Denker writes: Here's a challenge directly relevant to this group: Can you design a comsec system so that pressure against a code clerk will not do unbounded damage? What about pressure against a comsec system designer? If I understand your question correctly, in 1994 a VPN product was fielded that had this capability. It did not have any capability for static group or tunnel keys. It was only RSA/DH using DH for the tunnel key and RSA only for authentication. The device had perfect forward secrecy because the use of RSA disclosed nothing about the tunnel keys, and complete RSA secret disclosure would only divulge that the D-H was authentic. The DH private keys were use once random and the public parameters, well, public. The user could set the tunnel lifetime short or long, their choice. In this case, the code clerk had no direct access to the key material and could not set static keys even if they tried. The box was not tamper resistant, but it was not easy to remove the keys even with physical access. The device did not have a group password (current Cisco IPSEC vulnerability) and used an invitation scheme to bring new nodes in. Link to Cisco notice is here http://tinyurl.com/6jovo Once the system was fielded, pressure on the systems designer could not change this. In essence, there was no code clerk. One can argue that the network administrator is the code clerk, but that person could still wire around the VPN device or attach a completely separate backdoor to to cause, as you say, unbounded damage in a way that does not compromise the comsec system. This was one of the original proposals for IPSEC, but was not selected (but that is another story). Subsequent generations of this device are still being built and sold from http://www.blueridgenetworks.com/ So, as long as I have understood your question, such systems have existed for some time. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Al Qaeda crypto reportedly fails the test
Hi Chris, Steven M. Bellovin writes: http://www.petitcolas.net/fabien/kerckhoffs/index.html for the actual articles.) Does there exist an English translation (I'd be surprised if not)? If not, I'd be happy to provide one if there were sufficient interest. I'd be interested in an English version. Thanks! Aram - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Al Qaeda crypto reportedly fails the test
Steven M. Bellovin writes: http://www.petitcolas.net/fabien/kerckhoffs/index.html for the actual articles.) Does there exist an English translation (I'd be surprised if not)? If not, I'd be happy to provide one if there were sufficient interest. -- Chris Palmer Staff Technologist, Electronic Frontier Foundation 415 436 9333 x124 (desk), 415 305 5842 (cell) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Al Qaeda crypto reportedly fails the test
In message [EMAIL PROTECTED], John Denker writes: Here's a challenge directly relevant to this group: Can you design a comsec system so that pressure against a code clerk will not do unbounded damage? What about pressure against a comsec system designer? Modulo Steve's comments about the threat model, Ben Laurie and I wrote a paper on this theme a few years ago: http://www.acsac.org/2000/papers/47.pdf I developed that paper's threat model into chapter 4 of my PhD thesis: http://www.cs.ucl.ac.uk/staff/I.Brown/pimms/thesis.pdf We are still hopeful that we will eventually get somewhere with our Internet draft improving the forward secrecy capabilities of OpenPGP: http://www.cs.ucl.ac.uk/staff/I.Brown/openpgp-pfs.txt -- +44 7970 164 526 / http://www.cs.ucl.ac.uk/staff/I.Brown/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Al Qaeda crypto reportedly fails the test
On Mon, 2004-08-02 at 15:03, John Denker wrote: News article http://news.bbc.co.uk/2/hi/americas/3528502.stm says in part: The BBC's Zaffar Abbas, in Islamabad, says it appears that US investigators were able to unscramble information on the computers after Pakistan passed on suspicious encrypted documents. Bah. They were probably Word documents with the password required option turned on. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Al Qaeda crypto reportedly fails the test
News article http://news.bbc.co.uk/2/hi/americas/3528502.stm says in part: The BBC's Zaffar Abbas, in Islamabad, says it appears that US investigators were able to unscramble information on the computers after Pakistan passed on suspicious encrypted documents. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
