[ISN] Cryptanalysis of Multiswap
--- begin forwarded text Status: U Date: Mon, 29 Oct 2001 02:50:31 -0600 (CST) From: InfoSec News [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [ISN] Cryptanalysis of Multiswap Sender: [EMAIL PROTECTED] Reply-To: InfoSec News [EMAIL PROTECTED] Forwarded from: Gary Stock [EMAIL PROTECTED] Topic: a new Microsoft block cipher dissected, and its weakness revealed. Some readers may prefer a more 'mainstream' analysis of this exploit, which I suspect will appear soon enough. The original introduction and conclusion appear below, with full details here: http://www.cs.berkeley.edu/~rtjohnso/multiswap/ The use of graphical notation in the original may make transcription to flat text inappropriate. I encourage interested cryptogs to visit the URL directly (while it is permitted to persist :-) A few mirrors, with proper attribution, might not hurt... GS = Cryptanalysis of Multiswap Nikita Borisov, Monica Chew, Rob Johnson, and David Wagner UC Berkeley An anonymous security researcher working under the pseudonym Beale Screamer reverse engineered the Microsoft Digital Rights Management subsystem and, by October 20th, the results were available on cryptome.org. As part of the reverse engineering effort Screamer found an unpublished block cipher, which he dubbed MultiSwap, being used as part of DRM. Screamer did not need to break the MultiSwap cipher to break DRM, but we thought it would be a fun excercise, and summarize the results of our investigation below. The attacks described here show weaknesses in the MultiSwap encryption scheme, and could potentially contribute to an attack on DRM. However, the attack on DRM described by Beale Screamer would be much more practical, so we feel that these weaknesses in MultiSwap do not pose a significant threat to DRM at this time. We present these results to further the science of computer security, not to promote rampant copying of copyrighted music. The cipher The Multswap algorithm takes a 64-bit block consisting of two 32-bit numbers x0 and x1 and encrypts them using the subkeys k0,...,k11 as diagramed below... [...body of article contains graphic notation...] Conclusion We have seen that MultiSwap can be broken with a 2^14 chosen-plaintext attack or a 2^22.5 known-plaintext attack, requiring 2^25 work. We believe this shows that MultiSwap is not safe for any use. # # # -- Gary Stockvox 616.226.9550 CIO Technical Compass fax 616.349.9076 Nexcerpt, Inc. [EMAIL PROTECTED] The first thing you'll notice is, when the camera's plugged in... Bill Gates, launching Windows XP Earthquake, Seattle, 28 Feb 2001 - ISN is currently hosted by Attrition.org To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn' in the BODY of the mail. --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Stew Baker: Fox News goes overboard
--- begin forwarded text Status: U Date: Mon, 29 Oct 2001 11:30:13 -0500 To: [EMAIL PROTECTED] From: David Farber [EMAIL PROTECTED] Subject: IP: Fox News goes overboard Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-Server-Uuid: 47feacc6-2336-11d3-82c6-0008c7db26d1 From: Baker, Stewart [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] cc: Albertazzie, Sally [EMAIL PROTECTED] Dave: I can't remember whether you carried the Fox News story. If you did, you might be interested in this. Stewart Fox News recently reported that the FBI has a plan to change the architecture of the Internet, centralizing it and providing a technical backdoor to the networks of Internet service providers. Like many others, I thought this was big news, and rather surprising. Until I realized that the reporter only cited one source and that it was, well, me. Fox News's claims go beyond the facts I provided to her, and beyond any that I know about. To be clear, I believe that the FBI is at work on an initiative to make Internet communications, indeed any packet data communications, more susceptible to intercept and more productive of non-content data about communications -- the sort of pen register data that was expressly approved for Internet communications in the recent antiterrorism bill. This initiative will have architectural implications for packet data communications systems. The FBI is likely to press providers of those services to centralize communications in nodes where interception will be more convenient, and it is likely to call on packet data services to build systems that provide more information about the communications of their subscribers. The vehicle for this initiative is CALEA, the Communications Assistance for Law Enforcement Act, a 1994 enactment that actually requires telecom carriers to redesign their networks to provide better wiretap capabilities. The act is supposed to exempt information services, but the vagueness of that provision has encouraged the FBI to expand its mandate into packet-data communications. The Bureau is now preparing a general CALEA proposal for all packet-data systems. While I have not seen it, the Bureau's past interventions into packet-data and other communications architecture have had two characteristics -- they have sought more centralization in order to simplify interception and they have asked providers to generate new data messages about their subscribers' activities -- messages that are of value only to law enforcement. There are real legal and policy questions that should be raised about this effort. In my view, it goes beyond what Congress intended in 1994. And the implications for Internet users and technologies deserve to be debated. But making these points, as I did with Fox News, is not the same as saying that the FBI has a firm plan to centralize the Internet and build back doors into all ISP networks. If Fox News wants to break that story, it will need a source other than me. Stewart Baker Steptoe Johnson LLP 1330 Connecticut Avenue, N.W. Washington, DC 20036 For archives see: http://www.interesting-people.org/archives/interesting-people/ --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Speaker Wanted - This Wednesday, Pulver Conference - Presence Instant Messaging
(Forwarded for [EMAIL PROTECTED] ) = This is Brad Templeton from the EFF. This Wednesday I'm moderating a panel at Jeff Pulver's semi-annual conference on Presence and Instant Messaging. It's a smallish (couple of hundred) conference where you'll see most of the commercial players in instant messaging, with the very notable exception of AOL. However, having attended this conference I have found that most of the people there pay little attention to issues of security and privacy in the IM world. Sometimes for real reasons (most IM is forced by NAT and firewalls to be routed through central servers) but often times simply because they haven't bothered. The panel I am moderating is on these topics of Presence and Instant Messaging, and due to various circumstances, right now I have only 2 other speakers on it, who will speak about the privacy and security work being done by two standards bodies, the PAM formum, and the IETF SIP working group. I have my own talk on the design and political issues, but I can move a lot of that into my plenary talk later in the day where I want to get those issues out. In particular I am interested in technologically interesting projects or research to allow privacy, encryption and anonymity in instant messaging, and also in presence data and location-aware devices. (Part of the conference is also on location aware services, E911 manadated location-aware phones etc.) So I apologize for not asking until today, but if you have done any work in these areas you would like to talk about briefly, I could have a slot for you, and get you free attendance at this normally $2,000 conference. Last time Lenny Foner gave a great talk on his work. The conference info is at http://www.pulver.com/pim/ and my session is This Wedesday, Oct 31, at 9:45am. It is at the Marriott in Santa Clara. Sorry as well for posting without regularly reading cypherpunks, but I need to keep my email load down. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
IP: Fw: [FiB FORUM] Anti-Terror Tools Include High-Tech
--- begin forwarded text Status: U From: Virginia [EMAIL PROTECTED] Subject: IP: Fw: [FiB FORUM] Anti-Terror Tools Include High-Tech Date: Mon, 29 Oct 2001 17:02:31 -0800 Sender: [EMAIL PROTECTED] Reply-To: Virginia [EMAIL PROTECTED] The FBI and police in Boston and Miami, Fla., are using powerful software called ``dTective'' from Ocean Systems Co. of Burtonsville, Md., to trace financial transactions linked to last month's terrorist attacks against New York and Washington. Date sent: Mon, 29 Oct 2001 05:20:58 +0100 To: [EMAIL PROTECTED] From: Kenneth Rasmusson [EMAIL PROTECTED] Subject:[FiB FORUM] Anti-Terror Tools Include High-Tech Send reply to: [EMAIL PROTECTED] http://dailynews.yahoo.com/htx/ap/20011028/pl/attacks_tech_tools_1.html Sunday October 28 2:02 PM ET Anti-Terror Tools Include High-Tech By TED BRIDIS, Associated Press Writer WASHINGTON (AP) - The government's pursuit of terrorists is relying heavily on sophisticated technology, from software that automatically translates foreign communications on the Internet to a device that secretly captures every keystroke a suspect makes on his computer. President Bush signed new anti-terrorism legislation Friday that enabled law enforcement to rely on these tools more reely, and the Justice Department immediately sent instructions to prosecutors. ``A new era in America's fight against terrorism ... is about to begin,'' Attorney General John Ashcroft pledged. Over the weekend, top Justice lawyers in Washington e-mailed the most cyber-savvy federal prosecutors around the country, describing in more than 30 printed pages how they can use the government's high-tech tools in new ways. The e-mail, reviewed by The Associated Press, outlines new guidelines, for example, for operating the FBI's Carnivore computers, which capture suspects' e-mails in ways that require only perfunctory approval by a judge. Another section says that in rare cases police can now secretly search a person's house without telling the homeowner for up to three months. During one of these so-called ``sneak and peek'' searches, authorities would secretly implant a hidden ``key-logger'' device. The FBI acknowledged making five such secret searches before it installed its snooping device in a recent gambling investigation. The key-logger, hidden inside a computer, secretly records everything a suspect types on it. The device lets authorities capture passwords to unscramble data files in otherwise-unbreakable codes. Bush said this weekend that new anti-terrorism laws were needed because modern terrorists ``operate by highly sophisticated methods and technologies.'' The U.S. government has its own share of gee-whiz gadgetry - enough for a season of ``Mission: Impossible.'' The CIA is rushing to teach its computers how to better translate Arabic under a young program it calls ``Fluent.'' Custom-written software scours foreign Web sites and displays information in English back to analysts. The program already understands at least nine languages, including Russian, French and Japanese. Another CIA breakthrough is ``Oasis,'' technology that listens to worldwide television and radio broadcasts and transcribes detailed reports for analysts. Oasis currently misinterprets about one in every five words and has difficulty recognizing colloquial Arabic, but the system is improving, said Larry Fairchild, head of the CIA's year-old Office of Advanced Information Technology. In a demonstration earlier this year at CIA headquarters, Fairchild showed early plans for ``CIA Live!,'' which lets CIA experts send instant messages and collaborate on reports and maps across the agency's ultra-secure computer networks. The FBI and police in Boston and Miami, Fla., are using powerful software called ``dTective'' from Ocean Systems Co. of Burtonsville, Md., to trace financial transactions linked to last month's terrorist attacks against New York and Washington. The software, which runs on highly specialized, $25,000 equipment from Avid Technology Inc., dramatically improves grainy video from surveillance cameras at banks or automated teller machines. It can enhance images, for example, that were nearly unusable because of bad lighting. ``Sometimes we're amazed at the quality of the image,'' said Dorothy Stout, a top specialist at Veridian Corp. in Oakton, Va., who teaches police how to use the video system. Other tools help her rebuild videotapes that have been burned, cut into pieces or thrown into a lake. ``It's quite time-consuming,'' she said. At U.S. computer-crime labs, including a cutting-edge Defense Department facility near Baltimore, technicians rebuild smashed disk drives from computers. They also use sophisticated commercial software, called ``Encase,'' which can recover deleted computer files and search for incriminating documents on a seized computer. Experts are hard at work in the FBI's headquarters