Re: [cryptography] The Compromised Internet
On Wed, Sep 25, 2013 at 1:36 PM, Tony Arcieri basc...@gmail.com wrote: ... What threat are you trying to prevent that isn't already solved by the use of cryptography alone? this is some funny shit right here... LOL ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] The Unbreakable Cipher (2)
- Forwarded message from coderman coder...@gmail.com - Date: Wed, 25 Sep 2013 23:38:58 -0700 From: coderman coder...@gmail.com To: brian carroll electromagnet...@gmail.com Cc: cpunks cypherpu...@cpunks.org Subject: Re: The Unbreakable Cipher (2) On Wed, Sep 25, 2013 at 9:29 PM, brian carroll electromagnet...@gmail.com wrote: ... no- not for a multilinear/nonlinear bit set approach. voluminous data exchange... you're wrong. the key is to re-key so frequently there is never a significant volume transferred under the same symmetric key. in the manually keyed IPsec experiment i mentioned in another thread, we used synchronized key daemons to maintain a rolling pair of SA/AH+ESP associations that rotated on a per second interval. as long as you didn't transfer more than some obtuse number of terabits in a given second the assurance provided by a random key is intact. (and we used VIA C5P dual RNG processors to provide the manual keying material that was kept in sync between a pair of communicating stations over unencrypted 802.11b - there was no IKE or other public key exchange, just synchronized symmetric ciphers and digests) - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 signature.asc Description: Digital signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Snowden walked away with the U.S. IC Intellipedia
On 26/09/13 03:41 AM, John Young wrote: A sends: Snowden walked away with the U.S. IC Intellipedia. http://en.wikipedia.org/wiki/Intellipedia What we're after here is 'decision superiority', not 'information superiority', he said. We have to get inside the decision cycle of the enemy. We have to be able to discover what they're doing and respond to it effectively.[5] I think the above Boyd-speak is still true. Even if shared or open sourced, the primary value of the wiki remains in the hands of 'the community'. That would only change if the attacker were to destroy google's servers. The secondary value of (say) the foreign intel agencies to be able to read the state of the collective mind will be an enourmous win. But, they have to get it first, and that is definately a secondary issue. Know yourself first, then know your enemy. Also, it is unlikely the Top-Secret and Secret ones will ever be published openly by the journals. They might, as a stunt, publish the lowest grade one, as it is unclassified. iang ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] Opinions on Internet Privacy
http://xkcd.com/1269/ ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] The Compromised Internet
On Wed, Sep 25, 2013 at 11:19 PM, coderman coder...@gmail.com wrote: On Wed, Sep 25, 2013 at 1:36 PM, Tony Arcieri basc...@gmail.com wrote: ... What threat are you trying to prevent that isn't already solved by the use of cryptography alone? this is some funny shit right here... LOL someone pointed out that i might be an ass about a legitimate query. here's a subset of all the things crypto alone does not protect: - your source of entropy, upon which all secrets rely. - your crypto implementation, which may leaks keys profusely out the side. - the peers you crypto with; often the most important info. - the complexity of attacking your crypted comms, which may be reduced to a tractable search space due to architectural or design flaws introduced by accident or $250,000,000 malicious intent. - the data in motion or at rest, beyond your crypto boundaries. i could go on... ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Opinions on Internet Privacy
-Original Message- From: cryptography [mailto:cryptography-boun...@randombit.net] On Behalf Of coderman Sent: donderdag 26 september 2013 10:07 To: ianG Cc: Crypto discussion list Subject: Re: [cryptography] Opinions on Internet Privacy On Thu, Sep 26, 2013 at 12:06 AM, ianG i...@iang.org wrote: http://xkcd.com/1269/ finally, a succinct response to the Internet debacle! did anyone else immediately associate various friends and/or associates which each archetype? ... i'm craving strawberries. So you agree we DO need an additional layer of symmetric and public key encryption, don't you? Six layers might not be enough!! ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] The Compromised Internet
At 09:16 PM 9/25/2013, you wrote: Fundamentally, what you're asking for doesn't make sense. Threat models are about economics, scale, and mistakes, and even if we don't have security bugs, we still have economics. An NSA technical report says a unit was set up in Bell Laboratories over 50 years ago to research fledgling ideas which the over-militarized NSA staff didn't have time or skill to look into. So it was done at Bell, IBM, MIT, Philco, NCR, RCA, and ilk, back then and as now with today's iconized coms, orgs and edus. Inside of which, then and now, are the cypherpunks playing chess with suits and slicks, manipulating the infrastructure to generate exploits the suits can't, or don't want, to care about so long as quarterlies are fat. Calling upon the sagacity of this forum the question might be answered as you say by developing ways to piggy-back, rig, boot-leg, twist and turn switches and valves, to swipe a little bit of the infrastructure pipelines to use for less controlled purposes. Whatever the infrastructure is, internet, EM spectrum, radio, laser, cable, optics, farts, prayer. Whatever happened to hunches and gut feelings as cover for IP theft and lucky accidents. Pilfering by insiders sold or shared off the market has an ancient history, Snowdens galore forever, the mothers of invention and payback to suits sucking blood of labor. Now then, cough, cough, suppose the internet will continue to be the comms medium of choice for citizens and consumers and their besuited gang of exploiters. Workarounds to exploit the exploiters will flower by avid hackers multiplying like rabbits inside and outside the hegemons. What else besides that healthy pilfering industry which happily generates profits for hackers and cypherpunks to set up their own exploiting ventures? As might have been asked before the internet, before telecoms, before radio, before drums and smoke and yodel and grunts and skull banging. What are lab rats doing when not angling for scale-up capital? Nothing commercial, hopefully, nothing worth feeding to John Markoff, to Glenn Greenwald, to WikiLeaks, to vultures. Probably not worth this all too open call for hot shit swapping. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Chaos theory
On 09/22/2013 10:23 PM, coderman wrote: if you're looking for general research in complexity / chaos, shortcut to perusing: Santa Fe Instutute series[0] then AKNOS[1] from there you'll be able to traverse the myraid particulars of interest... best regards, 0. Santa Fe Institute Series https://www.google.com/search?tbo=ptbm=bksq=bibliogroup:Santa+Fe+Institute+Seriescad=3#q=bibliogroup%3A%22Santa+Fe+Institute+Series%22safe=offtbm=bks https://en.wikipedia.org/wiki/Santa_Fe_Institute 1. A New Kind of Science http://www.wolframscience.com/nksonline/toc.html Thanks, I'll take a look. -- jTDSi2iTpW4qBsAR5wuO2eIDmKkbArSMyIpvlXlE8nAF1w5nv2+oBKhp9/sT k4UO05sEd3BeLrK4mCoGZiQp/kyAqu6jwvLypofUhx8jV8Em/MVUxGX7Kmwx ITJUJmw9QIOe1t9hkDmpkEOpAaCyryjVQwOZwV0OD+e+YxV3IH5/X2Hz/Ed3 UY/SwFdmMv9EC7ZLooFhOLCrWtfvZ+IP+mgF9Ts72bYJKXjacU3ZFMIiVZf+ oGX28A2DFbTm2Lhak4bX8IrKL4kqYq+7hH39OQWM3ImPaWyqskckevzKeyqI A9gkVpAupp22csx6NgzE3GRFjIR5Yqc1Cdy5kB0N7w== ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] One Time Pad Cryptanalysis
Cryptanalystis make their living out of sloppy thinking and enthusiastic over-ingenuity of designers of cipher systems. Brig. Gen. J.H. Tiltman, Some Principles of Cryptographic Security, NSA Technical Journal, Summer 1974. http://www.nsa.gov/public_info/_files/tech_journals/Some_Principles.pdf Tiltman vaunts the One Time Pad but cautions there have been effective decrypts exploiting enthusiastic sloppy thinking that OTP is unbreakable. Most appears to involve non-decipher means and methods. The paper redacts others presumably still effective. For amateur ingenuity Tiltman footnotes: I remember an early example of the solution of the problem of producing strictly one-time perforated tape. A Canadian engineer working for a British intelligence organization in New York who knew nothing at all about cryptography produced in 1942 an on-line machine called TELEKRYPTON. He generated his tapes by pouring a mixture of metal and glass balls through a hopper, the metal halls alone passing current and perforating 5-level tape. He analyzed the result and saw that it was biased, owing to the heavier weight of the metal balls, and then changed the respective sizes of the balls to compensate for the extra weight of the metal. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Chaos theory
Wolfram's book is about CAs and not chaos/fractals in general. For an initial intro you might try Chaos and Fractals - New Frontiers of Science by Hans-Otto Peitgen, Rudolph Dietmar, Saupe, Heinz-Otto, Hartmut Juergens. You'll also want to get all their other books. Your first read should always be Mandelbrot's books. For a more fun approach you should also check out Pickover's books if you want to see some code snippets and try your hand at playing with the math. All of these books have been around long enough that you should be able to find them in your local used bookstores in larger market at considerable discounts. I see them in here in Austin/Dallas/San Antonio in Half Price Books for as little as $10. http://www.hpb.com Collin RM Stocks col...@sibilance.org wrote: On 09/22/2013 10:23 PM, coderman wrote: if you're looking for general research in complexity / chaos, shortcut to perusing: Santa Fe Instutute series[0] then AKNOS[1] from there you'll be able to traverse the myraid particulars of interest... best regards, 0. Santa Fe Institute Series https://www.google.com/search?tbo=ptbm=bksq=bibliogroup:Santa+Fe+Institute+Seriescad=3#q=bibliogroup%3A%22Santa+Fe+Institute+Series%22safe=offtbm=bks https://en.wikipedia.org/wiki/Santa_Fe_Institute 1. A New Kind of Science http://www.wolframscience.com/nksonline/toc.html Thanks, I'll take a look. -- jTDSi2iTpW4qBsAR5wuO2eIDmKkbArSMyIpvlXlE8nAF1w5nv2+oBKhp9/sT k4UO05sEd3BeLrK4mCoGZiQp/kyAqu6jwvLypofUhx8jV8Em/MVUxGX7Kmwx ITJUJmw9QIOe1t9hkDmpkEOpAaCyryjVQwOZwV0OD+e+YxV3IH5/X2Hz/Ed3 UY/SwFdmMv9EC7ZLooFhOLCrWtfvZ+IP+mgF9Ts72bYJKXjacU3ZFMIiVZf+ oGX28A2DFbTm2Lhak4bX8IrKL4kqYq+7hH39OQWM3ImPaWyqskckevzKeyqI A9gkVpAupp22csx6NgzE3GRFjIR5Yqc1Cdy5kB0N7w== ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography -- -- -- -- -- Venimus, Vidimus, Dolavimus jamescho...@austin.rr.com jcho...@confusionresearchcenter.org rav...@ssz.com james.cho...@g.austincc.edu jchoate00...@gmail.com james.cho...@twcable.com h: 512-657-1279 w: 512-845-8989 http://hackerspaces.org/wiki/Confusion_Research_Center http://confusionresearchcenter.org http://arbornet.org (ravage) Adapt, Adopt, Improvise -- -- -- -- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] One Time Pad Cryptanalysis
John Young j...@pipeline.com wrote: Tiltman vaunts the One Time Pad but cautions there have been effective decrypts exploiting enthusiastic sloppy thinking that OTP is unbreakable. Most appears to involve non-decipher means and methods. The paper redacts others presumably still effective. Here's one, not always applicable but devastating when it is: http://en.citizendium.org/wiki/Stream_cipher#Rewrite_attacks ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] RSA equivalent key length/strength
On Wed, Sep 18, 2013 at 02:23:11PM -0700, Lucky Green wrote: Moti Young and others wrote a book back in the 90's (or perhaps) 80's, that detailed the strength of various RSA key lengths over time. I am too lazy to look up the reference or locate the book on my bookshelf. Moti: help me out here? :-) This is a very good resource because it includes recommendations from multiple sources and makes it easy to compare them: http://www.keylength.com/ Regards, Zooko ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] One Time Pad Cryptanalysis
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26/09/13 17:36, Sandy Harris wrote: John Young j...@pipeline.com wrote: Tiltman vaunts the One Time Pad but cautions there have been effective decrypts exploiting enthusiastic sloppy thinking that OTP is unbreakable. Most appears to involve non-decipher means and methods. The paper redacts others presumably still effective. Here's one, not always applicable but devastating when it is: http://en.citizendium.org/wiki/Stream_cipher#Rewrite_attacks Reuse of pads is also disastrous - VENONA made a breakthrough due to pad reuse, which wasn't public knowledge at the time the paper was written (though was by the time it was declassified). Cheers, Michael -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJSRIG3AAoJEBEET9GfxSfMPAsH/RiJ3eshLdf9wHCVzeZ+ WNSLuJ4Pb3J+B3kjYmei6M3RpfhsA0TWhHZxjUlBnBLqf3/+CoRsXSXMlfTS9EZV BXbNIjiDH5JiYJHGFGp3RZ3Cu1tDO59+1J+albBgMsY9V7Nk67HgBp66n9BuvgxK CqpY1gZQ5dXU/iQVgpUdAgPt9urZeShy9IF8l9pj38tAZtNF6XKjZ/HvezbGwh4s yhoYsYjIT56Nc04/yGKJKTwGztPJ4V3oIcKeXgCYCQx5AbGNqkimk+fnkiYVFzoW Wq3ycmgMJqFYSr3GSGniGjPeh/4kOsvSQSENHUzGW6qk//bNkgrsRm3TekCSsQQ= =lPIx -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Asynchronous forward secrecy encryption
Let me just mention that this conversation is AWESOME. I only wish the folks over at Perry's Crypto List (http://www.metzdowd.com/pipermail/cryptography/) knew that we were having such a great conversation over here. On Thu, Sep 19, 2013 at 09:20:04PM +0100, Michael Rogers wrote: The key reuse issue isn't related to the choice between time-based and message-based updates. It's caused by keys and IVs in the current design being derived deterministically from the shared secret and the sequence number. If an endpoint crashes and restarts, it may reuse a key and IV with new plaintext. Not good. Another defense against this is to generate the IV from the plaintext, possibly from the plaintext in addition to other stuff. There are three things that you might want to throw into your IV generator: 1. the plaintext, 2. a persistent secret key used only for this purpose and known only to this client, 3. a random nonce read from the operating system. I would suggest including 1 and 2 but not 3. This *could* be seen as an alternative to the defense you described: In the new design, the temporary keys are still derived deterministically from the shared secret, but the IVs and ephemeral keys are random. Or it could be used as an added, redundant defense. I guess if it is an added, redundant defense then this is the same as including the random nonce -- number 3 from the list above. Regards, Zooko ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] One Time Pad Cryptanalysis
On 2013-09-26, at 1:49 PM, Michael Rogers mich...@briarproject.org wrote: Reuse of pads is also disastrous - VENONA made […] Forgive me for taking this opportunity to repeat an earlier rant, but your example provides the perfect example. When a one time pad is operated perfectly, it provides perfect secrecy; but once it is operationed with small deviations from perfection it provides terrible security. Things that approximate the OTP in operation do not approximate it in security. This is a very good reason to steer people away form it. This is an example of why we need to pay attention to how easy it is to screw things up and how badly things fail. For example, CBC mode will degrade proportionally with how poorly IVs are selected. CTR, on the other hand, can degrade catastrophically with poor nonces. Another example is that we prefer ciphers which are not vulnerable to related key attacks even though we expect good system design to not use related keys in the first place. I’m suggesting that when offering advice to application developers on what sorts of systems to use, we should explicitly consider how easy it is for them to screw it up and how bad things get when they do. Cheers, -j smime.p7s Description: S/MIME cryptographic signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] design and implementation of replay prevention windows
i'm looking for information on the design and implementation of replay windows in various protocols. what concerns drive an appropriate window size? what role do timestamps play, if any, in constraining replay outside the active window? are there persistence requirements for properly maintaining a window? what memory and processing overhead are associated with particular moving window implementations and how can this be tuned for best efficiency? any pointers appreciated! ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography