[cryptography] NSA Files: overview of published documents and films // Der Spiegel
In German: http://www.spiegel.de/netzwelt/netzpolitik/im-internet-veroeffentlichte-dokumente-um-den-nsa-skandal-a-923335.html Translation (Google), so not supporting links: Bovenkant formulier NSA Files: overview of published documents and films Thousands of documents should have whistleblower Edward Snowden , prove the spying programs and intelligence structures. Only some of them are published and accessible on the Internet. Nevertheless, they paint a bleak picture of the monitoring apparatus. Films and documents NSA Spähprogrammen and FISC ■ data collection program Prism: NSA films explain sources and technology ■ Controlled Peek : the rules for spying on non-US citizens (2007 ) ■ Presentation slides about Boundless Informer: The program evaluates telephone and internet connection data from countries around the globe out ( 2012). ■ Frequently Asked Questions and Answers: Explaining the program Boundless informant ■ Origin of data for XKeyscore : show films which data sources used for the XKeyscore the NSA program . ■ FISC arrangements : three previously secret documents of the Foreign Intelligence Surveillance Court ( Fisc ) , to oversee the NSA ■ FISC Decision on illegal NSA E- Collection: A 2011 -set program collected electronic communcation of Americans ■ Regular data transfer to Israeli intelligence : memorandum stating , must comply with the conditions attached to the agents of the Israeli National Sigint unit ( insulin ) if they use the raw data from the U.S. ■ Report of the NSA Inspector General : Development of metadata queries that began under President George W. Bush (2009 ) ■ insight into the monitoring infrastructure of the NSA files show how the program has worked XKeyscore 2008. ■ The errors of the supervisor : Internal NSA report on data breaches in the first quarter of 2012 ■ What is a violation : NSA films for the training of employees in terms of monitoring ■ Find out what to say and what not : NSA films with instructions for completing the monitoring rationale for the supervising authorities Business , Finance and links ■ Structure of U.S. intelligence : Büdget and Financial Overview About 16 U.S. intelligence agencies with 107,035 employees. ■ Financial linkages between companies and NSA : The U.S. Secret Service took over the costs that are incurred after a ruling by the Foreign Intelligence Surveillance Court in October 2011 for companies. Forces Fisc - decision, which Verizon to release data to its clients : ■ Publication of telephone directories ■ NSA access to corporate networks , video shows documents the NSA surveillance of the Brazilian oil company Petrobras and attacks including the Swift Bankkennetzwerk support . -- -- Reactions and correspondence Established the government of the United States had the largest secret surveillance system in the world : ■ Letter from Edward Snow adressed to the President of Ecuador ■ demand of the Fisc - Judge Dennis Saylor : disclosure and classification of secret FISC decisions To use letter of the French Cabinet Secretary Christophe Chantepy that aufordert the employees of the French ministries, not own smartphones : ■ No confidential sharing of information about smartphones ■ Letter from the FISC judge's Reggie B. Walton : Yahoo has set 2007 as the only recipient of a supervision order to defend against this statementAlpha. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] LINKS ADDED // NSA Files: overview of published documents and films // Der Spiegel
In German: http://www.spiegel.de/netzwelt/netzpolitik/im-internet-veroeffentlichte-dokumente-um-den-nsa-skandal-a-923335.html Translation (Google), LINKS ADDED : NSA Files: overview of published documents and films Thousands of documents should have whistleblower Edward Snowden , prove the spying programs and intelligence structures. Only some of them are published and accessible on the Internet. Nevertheless, they paint a bleak picture of the monitoring apparatus. Films and documents NSA Spähprogrammen and FISC ■ data collection program Prism: NSA films explain sources and technology http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/ ■ Controlled Peek : the rules for spying on non-US citizens (2007 ) http://www.theguardian.com/world/interactive/2013/jun/20/exhibit-a-procedures-nsa-document ■ Presentation slides about Boundless Informer: The program evaluates telephone and internet connection data from countries around the globe out ( 2012). http://www.theguardian.com/world/interactive/2013/jun/08/nsa-boundless-informant-data-mining-slides ■ Frequently Asked Questions and Answers: Explaining the program Boundless informant http://www.theguardian.com/world/interactive/2013/jun/08/boundless-informant-nsa-full-text ■ Origin of data for XKeyscore : show films which data sources used for the XKeyscore the NSA program . https://www.documentcloud.org/documents/743244-xkeyscore-slidedeck.html ■ FISC arrangements : three previously secret documents of the Foreign Intelligence Surveillance Court ( Fisc ) , to oversee the NSA http://icontherecord.tumblr.com/ ■ FISC Decision on illegal NSA E- Collection: A 2011 -set program collected electronic communcation of Americans http://apps.washingtonpost.com/g/page/national/fisa-court-documents-on-illegal-nsa-e-mail-collection-program/409/ ■ Regular data transfer to Israeli intelligence : memorandum stating , must comply with the conditions attached to the agents of the Israeli National Sigint unit ( insulin ) if they use the raw data from the U.S. http://www.theguardian.com/world/interactive/2013/sep/11/nsa-israel-intelligence-memorandum-understanding-document ■ Report of the NSA Inspector General : Development of metadata queries that began under President George W. Bush (2009 ) http://www.theguardian.com/world/interactive/2013/jun/27/nsa-inspector-general-report-document-data-collection ■ insight into the monitoring infrastructure of the NSA files show how the program has worked XKeyscore 2008. http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data ■ The errors of the supervisor : Internal NSA report on data breaches in the first quarter of 2012 http://apps.washingtonpost.com/g/page/national/nsa-report-on-privacy-violations-in-the-first-quarter-of-2012/395/ ■ What is a violation : NSA films for the training of employees in terms of monitoring http://apps.washingtonpost.com/g/page/national/whats-a-violation/391/ ■ Find out what to say and what not : NSA films with instructions for completing the monitoring rationale for the supervising authorities http://apps.washingtonpost.com/g/page/national/what-to-say-and-not-to-say-to-our-overseers/390/#more Business , Finance and links ■ Structure of U.S. intelligence : Büdget and Financial Overview About 16 U.S. intelligence agencies with 107,035 employees. http://apps.washingtonpost.com/g/page/national/inside-the-2013-us-intelligence-black-budget/420/ ■ Financial linkages between companies and NSA : The U.S. Secret Service took over the costs that are incurred after a ruling by the Foreign Intelligence Surveillance Court in October 2011 for companies. http://www.theguardian.com/world/2013/aug/23/nsa-prism-costs-tech-companies-paid Forces Fisc - decision, which Verizon to release data to its clients : http://www.theguardian.com/world/interactive/2013/jun/06/verizon-telephone-data-court-order ■ NSA access to corporate networks , video shows documents the NSA surveillance of the Brazilian oil company Petrobras and attacks including the Swift Bankkennetzwerk support . http://g1.globo.com/fantastico/noticia/2013/09/nsa-documents-show-united-states-spied-brazilian-oil-giant.html -- -- Reactions and correspondence (Established the government of the United States had the largest secret surveillance system in the world ): ■ Letter from Edward Snow adressed to the President of Ecuador http://g1.globo.com/fantastico/noticia/2013/09/nsa-documents-show-united-states-spied-brazilian-oil-giant.html ■ demand of the Fisc - Judge Dennis Saylor : disclosure and classification of secret FISC decisions http://www.uscourts.gov/uscourts/courts/fisc/misc-13-02-order-130813.pdf To use letter of the French Cabinet Secretary Christophe Chantepy that aufordert the employees of the French ministries, not own smartphones :
Re: [cryptography] [Cryptography] RSA equivalent key length/strength
On 19/09/13 00:23 AM, Lucky Green wrote: According to published reports that I saw, NSA/DoD pays $250M (per year?) to backdoor cryptographic implementations. I have knowledge of only one such effort. That effort involved DoD/NSA paying $10M to a leading cryptographic library provider to both implement and set as the default the obviously backdoored Dual_EC_DRBG as the default RNG. So, boom. Once the finger is pointed so directly, this came tumbling down within a day or two. http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/ http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html? One mystery is left for me. Why so much? It clearly doesn't cost that much money to implement the DRBG, or if it did, I would have done it for $5m, honest injun! Nor would it cost that to test it nor to deploy it on mass. Documentation, etc. What are we to conclude was the reason for such a high cost? Conscience sedative? Internal payoffs? This was $10M wasted. While this vendor may have had a dominating position in the market place before certain patents expired, by the time DoD/NSA paid the $10M, few customers used that vendor's cryptographic libraries. Another theory - take a fool's money? And, what happens to RSA now? If this is business-as-usual, does this mean that when the Feds show up to my door with 'a proposal' that I should see the mutual interest in sharing my customer's data with them by means ecliptic exotic? Take the 30 pieces of silver (adj. for 2000 years of inflation), and be happy they're also keeping my struggling business in the black? Or grey? Or, is it the new Crypto AG? Is RSA the new byword for sellout? Does RSA go out of business? An Arthur Anderson event? In which case I have no choice. I have a reason to preserve the privacy of my customers, and tell the NSA I'm not interested in their cyanide pill patriotism. iang ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] Chaos theory
Sorry that this question is only tangentially related to cryptography. Then again, a lot of the stuff here is only tangentially related. Could anybody here link me to some good resources on chaos theory? I'm not looking for anything specifically about certain chaotic systems (like the Lorentz Attractor or Chua's circuit), but instead about general methods to identify and evaluate chaotic systems. Maybe something related to calculating fractional dimensions, c. This would be a great help. Thanks, // Collin -- nB9wyf+C0RyG4XHbIMGuIK5qQfCrJn7KlR7bwZVV1l44nQmx9OPgKa0vy0X0 37lXt1jfRMpAvxSBWJ/CVkNAdMOnqii6wNwwj/nBNFjJJli68xQUyUyEKuF/ sD63zA+z2FXBp4LsxNLLJmKegNR2yiCaJIYShE7ba3kgGTlgdnA0urlS8Bnw czWeRXbwOWpu4SbsTIauJUiv8j5LCnSsjzF/vk1IqoPivnzB81/db/dI56Ka 5F7psoNNpfoDZw+JJhseMwMFY6SmUgvWCkix2dGZncwQ/XVs9JVJT4jMg6OR eyOAFWoblHNp/UcJ2MKvF8loOxDg7O83+Yx8ffRrqg== ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] RSA equivalent key length/strength
ianG i...@iang.org writes: One mystery is left for me. Why so much? It clearly doesn't cost that much money to implement the DRBG, or if it did, I would have done it for $5m, honest injun! Nor would it cost that to test it nor to deploy it on mass. Documentation, etc. You're assuming that someone got passed a suitcase full of cash and that was it. Far more likely that RSA got a $10M contract for some government work and at some point that included a request to make the ECDRBG the default for insert plausible-sounding reason here. All quite above board, nothing terribly suspicious to raise eyebrows. Peter. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] Dual_EC_DRBG was cooked, but not AES?
The Snowden revelations describe several methods by which NSA committed kleptography, caused compliance by hardware makers and influenced standards. Why has AES escaped general suspicion? Are we to believe that NIST tested, selected, endorsed and promulgated an algorithm that was immune to NSA's toolset, without NSA participation and approval? NSA involvement in DES is known, but we await cryptanalysis or Snowdenesque revelations before having skepticism about AES? On 17 March 1975, the proposed DES was published in the Federal Register. Public comments were requested, and in the following year two open workshops were held to discuss the proposed standard. There was some criticism from various parties, including from public-key cryptography pioneers Martin Hellman and Whitfield Diffie,[2] citing a shortened key length and the mysterious S-boxes as evidence of improper interference from the NSA. The suspicion was that the algorithm had been covertly weakened by the intelligence agency so that they — but no-one else — could easily read encrypted messages.[3] Alan Konheim (one of the designers of DES) commented, We sent the S-boxes off to Washington. They came back and were all different.[4] The United States Senate Select Committee on Intelligence reviewed the NSA's actions to determine whether there had been any improper involvement. In the unclassified summary of their findings, published in 1978, the Committee wrote: In the development of DES, NSA convinced IBM that a reduced key size was sufficient; indirectly assisted in the development of the S-box structures; and certified that the final DES algorithm was, to the best of their knowledge, free from any statistical or mathematical weakness.[5] However, it also found that NSA did not tamper with the design of the algorithm in any way. IBM invented and designed the algorithm, made all pertinent decisions regarding it, and concurred that the agreed upon key size was more than adequate for all commercial applications for which the DES was intended.[6] Source: https://en.wikipedia.org/wiki/Data_Encryption_Standard On September 10 2013, The New York Times wrote that internal memos leaked by a former N.S.A. contractor, Edward Snowden, suggest that the N.S.A. generated one of the random number generators used in a 2006 N.I.S.T. standard — called the Dual EC DRBG standard — which contains a backdoor for the NSA. On September 10 2013, The NIST director released a statement, saying that NIST would not deliberately weaken a cryptographic standard. Source: https://en.wikipedia.org/wiki/Dual_EC_DRBG A major American computer security company has told thousands of customers to stop using an encryption system that relies on a mathematical formula developed by the National Security Agency (NSA). RSA, the security arm of the storage company EMC, sent an email to customers telling them that the default random number generator in a toolkit for developers used a weak formula, and they should switch to one of the other formulas in the product. The abrupt warning is the latest fallout from the huge intelligence disclosures by the whistleblower Edward Snowden about the extent of surveillance and the debasement of encryption by the NSA. Last week, the New York Times reported that Snowden's cache of documents from his time working for an NSA contractor showed that the agency used its public participation in the process for setting voluntary cryptography standards, run by the government's National Institute of Standards (NIST) and Technology, to push for a formula it knew it could break. Soon after that revelation, the NIST began advising against the use of one of its cryptographic standards and, having accepted the NSA proposal in 2006 as one of four systems acceptable for government use, said it would reconsider that inclusion in the wake of questions about its security. Source: http://www.theguardian.com/world/2013/sep/21/rsa-emc-warning-encryption-system-nsa ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Dual_EC_DRBG was cooked, but not AES?
Ed Stone t...@synernet.com at Sunday, September 22, 2013, 3:05:06 PM: Why has AES escaped general suspicion? because it was not created by NIST, nor NSA nor any other US gov org. it was created by the academia, namely two guys, daemen and rijmen (neither of them are americans). the possibility of a backdoor in dual_ec was discovered very soon after its announcement. aes is much older, and despite the 15 years of scrutiny, it stands firm. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] RSA equivalent key length/strength
New to the list, so I'm sorry if I missed it, but what was the evidence presented that RSA took a $10M payoff to make Dual EC DRBG the default in Crypto-C? Thanks, -Jared On Sep 22, 2013, at 9:01 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: ianG i...@iang.org writes: One mystery is left for me. Why so much? It clearly doesn't cost that much money to implement the DRBG, or if it did, I would have done it for $5m, honest injun! Nor would it cost that to test it nor to deploy it on mass. Documentation, etc. You're assuming that someone got passed a suitcase full of cash and that was it. Far more likely that RSA got a $10M contract for some government work and at some point that included a request to make the ECDRBG the default for insert plausible-sounding reason here. All quite above board, nothing terribly suspicious to raise eyebrows. Peter. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Dual_EC_DRBG was cooked, but not AES?
On 22/09/13 16:05 PM, Ed Stone wrote: Why has AES escaped general suspicion? Are we to believe that NIST tested, selected, endorsed and promulgated an algorithm that was immune to NSA's toolset, without NSA participation and approval? NSA involvement in DES is known, but we await cryptanalysis or Snowdenesque revelations before having skepticism about AES? NIST didn't really test, select, endorse and promulgate the AES algorithm, and neither did the NSA. The process was a competition for open cryptographers, not agencies. It was done this way because we strongly suspected DES interference. Some 30 algorithms were accepted in the first round, and subject to a year or so worth of scrutiny by the same submitting teams. This then led to a second round of 5 competitors and another long-ish period of aggressive scrutiny. The scrutiny was quite fierce because the reputations of the winners would be made, so the 5 teams did their darndest to undermine the competition. Many famous names were hoping for the prize. It is the case that NIST (and probably the NSA) selected Rijndael from the 5 finalists. But they did so on the basis of a lot of commentary, and all the critics was agreed that all 5 were secure [0]. So, claiming that the NSA perverted the AES competition faces a much higher burden. They would have had to have done these things: * pervert some of the early teams, * pervert the selection process to enable their stooges through, * and designed something that escaped the aggressive scrutiny of the losers. It's possible, but much harder to get away with. In contrast, with the DRBG adventure, NSA designed the process, and tacked it onto a more internal NIST standards process. Little or minimal scrutiny from outside, and little or minimal perversion of outsiders necessary in the standardisation phase (but that did come later). iang [0] At the time, myself and my team followed it, and we predicted that Rijndael would be the winner ... just by reading all the comments. Note we weren't serious cryptographers, but we provided the Java framework for the competition, so it was a ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] Cryptography Inevitable Failure
Nothing more useful for spies than widely trusted cryptosystems. Nor do they ever reveal cracking the highly reputable. Neither confirm nor deny. They do leak vulns, participate in standards settings earnestly and lackadasiacly, fund good and bad research, buy good and bad systems, hire good and bad staff and contractors, engage in open and secret enterprises, issue truthful and false statements, advise and mislead political leaders in public and in secret briefings, claim to obey civilian leaders and disobey them. As Hallam-Baker reported, NSA when confronted with A and B choices, select both. This obligatory duplicity is avowed necessary to conceal what is good and what is bad, both classified for deception. Presumably there is stash of comsec revelations pre-positioned for implementation as needs arise and also when needs do not arise. Duality, duplicity, duping, is the lifeblood and poison of security as well as insecurity, neither ying nor yang can exist without the other. Paranoia sustains information assurance. AES will succumb when the time is ripe for a newborn. Perhaps the time was ripe for Snowden to midwife the inevitable failure of NSA and ilk. Recall NSA's 1997 paper on the inevitable failure of computer security. Imagine a similar one on encryption awaiting disclosure. Imagine what would replace encryption as the duplicitor of choice. Then scale up. Imagine what will replace over-centralized, over-grown, unmanageable NSA and its mushrooming gaga'd critics. Not DIRNSAs retiring to shyster duties, cryptographers gone fat feeding marketable personnas, not Alice, Bob and Chelsea, not NRL-dudes rigging the Tor 3-card monte, not end to end rotted MITM and at both ends, not anything once daring and taunting like cryptoanarchy, not prize winning WikiLeaks and granting EFF, not fleecing fat cats and fans for FOI liberation and forever elusive privacy, not spooning bits of spy feces into yawning mouths of readers. Then scale down to non-secret means and methods accessible to everyone. Even the end of official spying and its inevitable corruption of government by out of control secrecy and dependency upon the toolmakers of secret comsec. But can cryptographers imagine the end of cryptography or are they as bone-headedly duplicitous as those who pay them to promote paranoia, secrecy, distrust and protection. At 09:39 AM 9/22/2013, you wrote: On 22/09/13 16:05 PM, Ed Stone wrote: Why has AES escaped general suspicion? Are we to believe that NIST tested, selected, endorsed and promulgated an algorithm that was immune to NSA's toolset, without NSA participation and approval? NSA involvement in DES is known, but we await cryptanalysis or Snowdenesque revelations before having skepticism about AES? NIST didn't really test, select, endorse and promulgate the AES algorithm, and neither did the NSA. The process was a competition for open cryptographers, not agencies. It was done this way because we strongly suspected DES interference. Some 30 algorithms were accepted in the first round, and subject to a year or so worth of scrutiny by the same submitting teams. This then led to a second round of 5 competitors and another long-ish period of aggressive scrutiny. The scrutiny was quite fierce because the reputations of the winners would be made, so the 5 teams did their darndest to undermine the competition. Many famous names were hoping for the prize. It is the case that NIST (and probably the NSA) selected Rijndael from the 5 finalists. But they did so on the basis of a lot of commentary, and all the critics was agreed that all 5 were secure [0]. So, claiming that the NSA perverted the AES competition faces a much higher burden. They would have had to have done these things: * pervert some of the early teams, * pervert the selection process to enable their stooges through, * and designed something that escaped the aggressive scrutiny of the losers. It's possible, but much harder to get away with. In contrast, with the DRBG adventure, NSA designed the process, and tacked it onto a more internal NIST standards process. Little or minimal scrutiny from outside, and little or minimal perversion of outsiders necessary in the standardisation phase (but that did come later). iang [0] At the time, myself and my team followed it, and we predicted that Rijndael would be the winner ... just by reading all the comments. Note we weren't serious cryptographers, but we provided the Java framework for the competition, so it was a ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Dual_EC_DRBG was cooked, but not AES?
On Sun, Sep 22, 2013 at 7:05 AM, Ed Stone t...@synernet.com wrote: There was some criticism from various parties, including from public-key cryptography pioneers Martin Hellman and Whitfield Diffie,[2] citing a shortened key length and the mysterious S-boxes as evidence of improper interference from the NSA. The suspicion was that the algorithm had been covertly weakened by the intelligence agency so that they — but no-one else — could easily read encrypted messages.[3] Alan Konheim (one of the designers of DES) commented, We sent the S-boxes off to Washington. They came back and were all different.[4] It's now known that the NSA selected S-boxes that hardened the algorithm against differential cryptanalysis. Furthermore, 3DES continues to remain a viable cipher. See: http://www.cosic.esat.kuleuven.be/publications/article-2335.pdf -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Dual_EC_DRBG was cooked, but not AES?
2013/9/22 Tony Arcieri basc...@gmail.com Furthermore, 3DES continues to remain a viable cipher. I, personally, find that a most commendable and remarkable fact. To use DES with longer keying (and more rounds) is, to this very day, a solid choice. It makes one wonder why the longer keys weren't used before, doesn't it make you feel safer that your secret will remain that way until long after you die? Performance issues in cryptography are an interesting problem. Both the safety and inconvenience are in it. It is my preposition that the security has been minimized too often, and too much. Longer keys, stronger crypto. This is what I would like to see. I still think simplicity is something largely ignored in the algorithms. DES is a *fairly* simple arrangement, AES definitely doesn't improve upon it. It still seems strange to me that *tricks*, because that's what they are, require so much trickery. A simple purpose, a simple solution. You'd imagine. The simplest algorithm would be the simplest trick to figure out, to undo the trickery of. Anything more complex would be more difficult to undo, but will it be more computationally expensive? Are we increasing human effort or computer effort? Regarding this topic: typically I'm always disappointed in groups by two things. The first is the capacity of the group. The second is the kind of effort being performed to achieve a goal. Usually groups display much lesser capabilities than individuals do. And the groups will not perform outside their parameters, meaning they do much less than you'd think they do to achieve their goals. I doubt AES is subverted through partaking in the contest. But as those at the competition I wonder about the abilities of the immense amounts of cryptographers possibly employed at the NSA. They're careful though. Maybe we won't ever find out. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] RSA equivalent key length/strength
On 2013-09-22 23:01, Peter Gutmann wrote: You're assuming that someone got passed a suitcase full of cash and that was it. Far more likely that RSA got a $10M contract for some government work and at some point that included a request to make the ECDRBG the default for insert plausible-sounding reason here. All quite above board, nothing terribly suspicious to raise eyebrows. Possibly, but security agencies do tend to use the suitcase full of cash gambit, not to mention the we know where your children live gambit. This, however, because done in secret, tends to be even more wasteful and expensive that the supposedly above ground government contract. For a security agency to order a pizza costs ten million dollars. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] RSA equivalent key length/strength
Just an example of how to spend $250M. Jared Hunter feralch...@gmail.com wrote: New to the list, so I'm sorry if I missed it, but what was the evidence presented that RSA took a $10M payoff to make Dual EC DRBG the default in Crypto-C? Thanks, -Jared On Sep 22, 2013, at 9:01 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: ianG i...@iang.org writes: One mystery is left for me. Why so much? It clearly doesn't cost that much money to implement the DRBG, or if it did, I would have done it for $5m, honest injun! Nor would it cost that to test it nor to deploy it on mass. Documentation, etc. You're assuming that someone got passed a suitcase full of cash and that was it. Far more likely that RSA got a $10M contract for some government work and at some point that included a request to make the ECDRBG the default for insert plausible-sounding reason here. All quite above board, nothing terribly suspicious to raise eyebrows. Peter. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] RSA equivalent key length/strength
James A. Donald jam...@echeque.com wrote: On 2013-09-22 23:01, Peter Gutmann wrote: You're assuming that someone got passed a suitcase full of cash and that was it. Far more likely that RSA got a $10M contract for some government work and at some point that included a request to make the ECDRBG the default for insert plausible-sounding reason here. All quite above board, nothing terribly suspicious to raise eyebrows. Possibly, but security agencies do tend to use the suitcase full of cash gambit, not to mention the we know where your children live gambit. Do we have any proof of this? Is there any record of how we did business with Crypto-AG? This, however, because done in secret, tends to be even more wasteful and expensive that the supposedly above ground government contract. Well yes, windows with noise and radiation deflection or refraction and blast resistant probably cost more than those in your dining room. Also, we read this (and most of us are involved with this in some capacity for a living). This makes us spend a bit more time (and possibly money) securing our data. For example, the company I work for does lots of pentests - do you think we use an Active Directory domain? So if I'm working at a place that figures how to listen to LTE, do you think I'm going to let my employees use LTE? How much does it cost to get end to end encryption on a modern phone? How many models and chips do I reverse engineer? How many Angry Birds APKs do I do dynamic (and maybe static) analysis on? The report said they obtained information through hacking. So how much does their ingress and egress monitoring cost? What types of monitoring have they developed for mobile devices (bet someone like Mandiant has a killer contract for this)? You see $250 and wonder how you can spend that much. I see that and think for that price can I have another. For a security agency to order a pizza costs ten million dollars. Again some proof would be nice. I've heard there is (or was) a BestBuy in the Pentagon that has standard prices on items. I'll bet that store is highly subsidized (scanning people and packages, shielding, etc) but I'd doubt the store sees much (any?) more profit above their other stores. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] What is Intel® Core™ vPro™ Technology Animation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9/22/2013 2:23 PM, Jerry Leichter wrote: On Sep 21, 2013, at 10:05 PM, d.nix wrote: Hah hah hah. Uh, reading between the lines, color me *skeptical* that this is really what it claims to be, given the current understanding of things... http://www.intel.com/content/www/us/en/enterprise-security/what-is-vpro-technology-video.html The question isn't whether it's what it claims to be. It is that. But is it's *more* than it claims to be. Yes, in my haste I neglected the only disclaimer bit; it is indeed a means by which the *rightful owner/administrator* might perform very useful tasks. The obvious crux of the biscuit is *who else* has access, and what can they do surreptitiously? If for example, the paper regarding manipulating the RNG circuit by alternate chip doping is valid, then an adversary with deep pockets and vast resources might well be able remotely target specific systems on demand. Possibly even air gapped ones if this function is controllable via a 3G signal as I have read elsewhere. Or perhaps just outright reroute and tap information prior to encryption, or subtly corrupt things in other ways such that processes fail or leak data. A universal on-demand STUXNET, if you will... Yes, idle unfounded speculation, I know... but still... these days the fear is that we're not paranoid enough. H. Maybe time to pull my old 1996 SGI R10K and R4400 boxes out of storage. For a few *very* dedicated and air gapped tasks they might be a small measure of worthwhile trouble. Regards, DN -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (MingW32) iQEcBAEBAgAGBQJSP4OfAAoJEDMbeBxcUNAeVmUH/3MRSd/QkH9J/fY4iezSX/ME 2AbXaRSJmyLhZPW/c+moH0aUYAIPUQQ3JmVt0InZWM06jrR0pO/I9GxIM9IUWYM7 /6u/NLUcdiDtJx+BLcyUdtqSpYErkWQH9qoWxunDtUUj988xxTgia1Q+yN0h+ZOg 6PJtXB8+fTAGSoRCkhuokitB/XGbMFgAxtIyq2CMVSr3v0fOGCItvEq2wVzw8+h1 o0ps90OE3RLnel6u4YNm5EFRWoDiwN45+u/wGdXHJlSUZrncX1o6NsGvSC/0Pl94 7CYF7qpeltMMzpgPrp0IeWrls/G89FdOnjD97nzcCQ480RZAfpYCNXOIBURXq+I= =SUzc -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Chaos theory
if you're looking for general research in complexity / chaos, shortcut to perusing: Santa Fe Instutute series[0] then AKNOS[1] from there you'll be able to traverse the myraid particulars of interest... best regards, 0. Santa Fe Institute Series https://www.google.com/search?tbo=ptbm=bksq=bibliogroup:Santa+Fe+Institute+Seriescad=3#q=bibliogroup%3A%22Santa+Fe+Institute+Series%22safe=offtbm=bks https://en.wikipedia.org/wiki/Santa_Fe_Institute 1. A New Kind of Science http://www.wolframscience.com/nksonline/toc.html ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] What is Intel(R) Core™ vPro™ Technology Animation
On Sun, Sep 22, 2013 at 7:56 PM, d.nix d@comcast.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9/22/2013 2:23 PM, Jerry Leichter wrote: On Sep 21, 2013, at 10:05 PM, d.nix wrote: Hah hah hah. Uh, reading between the lines, color me *skeptical* that this is really what it claims to be, given the current understanding of things... http://www.intel.com/content/www/us/en/enterprise-security/what-is-vpro-technology-video.html The question isn't whether it's what it claims to be. It is that. But is it's *more* than it claims to be. Yes, in my haste I neglected the only disclaimer bit; it is indeed a means by which the *rightful owner/administrator* might perform very useful tasks. The obvious crux of the biscuit is *who else* has access, and what can they do surreptitiously? Painting with a broad brush, part of the solution is a remote administration board that can''t be removed. Cf, Fujitsu LOM (Lights Out Management), HP ILO (Integrated Lights Out) HP RILO (Remote Integrated Lights Out), Compaq RIB (Remote Insight Board), and Dell DRAC (Dell Remote Access Card). As for who has access, that depends on the quality of the implementations. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4784. Jeff ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] Fwd: Re: What is Intel® Core™ vPro™ Technology Animation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Original Message Subject: Re: What is Intel® Core™ vPro™ Technology Animation Date: Mon, 23 Sep 2013 05:56:48 +0200 From: To: cypherpu...@cpunks.org Security Evaluation of Intel's Active Management Technology VASSILIOS VERVERIS Master of Science Thesis Stockholm, Sweden 2010 [...] During production AMT platforms are equipped with one or more active embedded hashed root certificates (factory default) from various SSL vendors worldwide. [...] In our laboratory environment (see section 3) we have tested and found that the ZTC remote provisioning can be implemented even while the Intel AMT functionality is disabled within the BIOS as illustrated in Figure 3.6. Surprisingly the AMT platform broadcasts an ARP request packet upon connecting to a wired network (typically a LAN) and follows the sequence described in section 3.7.1. From this point and beyond the attacker operates the SCS and could manipulate the PC according to his/her malicious activities (see section 3.7.5) even while the Intel AMT is disabled in BIOS. http://kth.diva-portal.org/smash/get/diva2:508256/FULLTEXT01 - -- H. That's not very reassuring. DN -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (MingW32) iQEcBAEBAgAGBQJSP8W2AAoJEDMbeBxcUNAeYpgH/il2j/5ipVpRDsTjzOw0nPQH MCiqNj9uqQGnAi9nCGHi99vFGax/IoTGcu/n7Tx+3Nqb9laacjyYu7lYREb5H/QR cncppjotuIvNpVBhkLHES80cg71KmQ/UwwTHw1SCXCB7SIuYWaLELzcQyiK+4hj+ txlzxvx7sPEanksixZGTuR6ikq/H5RdHtDQoww/9eT2WmV+VXAGgm0ffs0sA4iQW 6aEGY1+dwi/+fOAWRjG4Wg51GsCpXeIsJ9ofjcwS8iWpyht51lwkvC6uladTXmoR 5iM9IAxPp/yz9CUkiFRNxAYMrjbMXt4xvXPgbzGM6rOYEGhqfSCv4s6671yxmDk= =AibC -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Asynchronous forward secrecy encryption
Http://spot-on.sf.net This should have what you search for. Rgds. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography