@stake wows the wireless rubes...

[R. A. Hettinga]

--- begin forwarded text


Status:  U
Date: Wed, 13 Mar 2002 03:17:48 -0600 (CST)
From: InfoSec News [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [ISN] New Attack Intercepts Wireless Net Messages
Sender: [EMAIL PROTECTED]
Reply-To: InfoSec News [EMAIL PROTECTED]

http://www.eweek.com/article/0,3658,s=1884a=23806,00.asp

March 11, 2002
By Dennis Fisher and Carmen Nobel

It's the stuff of Popular Science. A group of security researchers has
discovered a simple attack that enables them to intercept Internet
traffic moving over a wireless network using gear that can be picked
up at any electronics store and an easily downloadable piece of
freeware.

The attack, accomplished by @Stake Inc., a security consulting company
in Cambridge, Mass., affects a popular consumer version of Research In
Motion Ltd.'s BlackBerry devices as well as a variety of handhelds
that send unencrypted transmissions over networks such as Mobitex.

By design, the Mobitex specification, like other wireless standards
such as Global System for Mobile Communications and General Packet
Radio Service, sends packets in unencrypted form. The network, which
handles data transmissions only, has been in operation since 1986 and
has a large base of installed devices, with customers using it for
everything from point-of-sale verification to e-mail.

The attack is fairly simple, said Joe Grand, one of the researchers
who perfected the technique. The problem is, this isn't a bug. It's
part of the spec that data is transmitted in the clear, just like it's
part of the spec that Internet data is transmitted in the clear. The
risk depends on who is using the network and when and what data
they're sending.

Using a scanner with a digital output, an antenna and freely
downloadable software, the researchers were able to intercept traffic
destined for BlackBerry Internet Edition devices. And, because the
packets aren't encrypted, the attackers can read the messages they
intercept without further work.

The Internet Edition handhelds are sold mainly through co-branding
relationships with ISPs such as AOL Time Warner Inc.'s America Online
service, EarthLink Inc. and Yahoo Inc.

Executives at RIM said they don't see the attack as a problem because
they have never touted the Internet Edition devices as being secure.

Internet traffic isn't supposed to be secure, said Jim Balsillie,
chairman and co-CEO of RIM. It's kind of like a company making beer
and cola and someone saying that there's alcohol in the company's
drinks when the children are drinking cola.

However, the attack serves as a reminder to users that e-mail and
other Internet traffic is open to snooping and is inherently insecure.

I always figure that anything that's sent via e-mail can be read by
at least hundreds of people which have either legitimate or
compromised access to systems sitting between me and my recipient;
this just adds another potential access point, said Christopher Bell,
chief technology officer of People2People Group, a relationship
services company in Boston, and a user of the BlackBerry Internet
Edition. I am disappointed that they didn't make at least a modest
attempt to obscure the content.

Balsillie said the messages are only as secure as the networks of the
ISPs that relay them, none of which provide encrypted e-mail.

Chris Darby, CEO of @Stake, said RIM has done a thorough job including
security in its other devices, which use a server that sits behind
corporate firewalls.

RIM is incredibly progressive about the way they're addressing
security in their Enterprise Edition, Darby said.

The attack also applies to other devices on the Mobitex network, many
of which are proprietary solutions developed for in-house corporate
uses.

This attack does not work on the BlackBerry Enterprise Edition, which
uses Triple Data Encryption Standard encryption in addition to other
security features, @Stake officials said.

Typically, Mobitex operators will advise customers that they should
choose the security scheme that fits their particular needs, said
Jack Barse, executive director of the Mobitex Operators Association,
based in Bethesda, Md. It was a conscious decision not to put
network-level security in because customers have said that they don't
want the overhead associated with security if they're just doing
things like instant messages. Customers can absolutely add on their
own encryption to whatever application they're using [the network]
for. And we encourage that.




-
ISN is currently hosted by Attrition.org

To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn' in the BODY
of the mail.

--- end forwarded text


-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of 

NDS Denies Counterfeiting Charges By Canal Plus, Plans Countersuit

[R. A. Hettinga]

http://online.wsj.com/article_print/0,4287,SB101597625854059480,00.html




March 13, 2002
EUROPEAN BUSINESS NEWS
NDS Denies Counterfeiting Charges
By Canal Plus, Plans Countersuit

By BRUCE ORWALL
Staff Reporter of THE WALL STREET JOURNAL

WAR IN TV LAND

Canal Plus Alleges NDS Helped Steal Digital-TV Broadcasts1
03/12/02
 

COMPANIES
Dow Jones, Reuters
News Corp. Ltd. ADS (NWS)
PRICE
CHANGE
U.S. dollars28.38
-0.57
12:59 p.m.
 
NDS Group PLC ADS (NNDS)
PRICE
CHANGE
U.S. dollars17.60
0.65
1:02 p.m.
 
Vivendi Universal ADS (V)
PRICE
CHANGE
U.S. dollars39.30
-0.25
12:57 p.m.
 
* At Market Close

News Corp.'s NDS Group PLC denied allegations that it contributed to the
counterfeiting of satellite-TV smart cards made by rival Vivendi
Universal SA's Canal Plus Group, even as NDS shares dropped 26% on news of
the allegation.

Both NDS, based in Britain, and Canal Plus make conditional access
software that is used in conjunction with set-top boxes to protect digital
television signals from being stolen by consumers who haven't paid to
receive them.

On Monday, Canal Plus filed a federal lawsuit in San Jose, Calif., charging
that NDS had contributed directly to the counterfeiting of its smart
cards by breaking the computer code embedded in them, then arranging to
have that code distributed on the Internet.

Canal Plus, of Paris, said the result was widespread counterfeiting of its
card, causing it to lose hundreds of millions of dollars in revenue from
the Canal Plus pay-TV systems it operates throughout Europe.

NDS, of London, called the lawsuit outrageous and baseless and said it
plans a countersuit. NDS President and Chief Executive Officer Abe Peled
said that Canal Plus's real problem is the inferior nature of its smart
cards and what he called Canal Plus's failure to protect its business from
piracy. He also suggested that Canal Plus is trying to deflect attention
from the poor financial performance of Canal Plus Group, which hasn't been
profitable for several years.

While NDS denied that it had anything to do with distributing the Canal
Plus code, it said that it does reverse engineer the cards produced by
competitors to understand how they work and to advance NDS's own efforts.
But Mr. Peled said the company doesn't disseminate such information: We
have no involvement with their piracy problem, he said.

In 4 p.m. trading on the Nasdaq Stock Market Tuesday, NDS's American
depositary receipts were down $6.05 to $16.95.

Counterfeiting of smart cards has been a problem for satellite-TV
operators, but especially for Canal Plus, which concedes that millions of
counterfeit cards are available throughout Europe. The breakout of a nasty
public battle between large media companies over a piracy issue is rare as
everyone in the industry agrees that piracy is a tough problem for them
all. Publicly traded NDS is 80%-owned by News Corp., and a number of News
Corp. executives sit on its board.

Now that this fight has erupted into the public arena, it is clear that it
will be hard-fought on both sides. NDS's Mr. Peled made several allegations
of his own Tuesday. He said that late last year Canal Plus Technologies
approached NDS to propose what he described as a merger. Mr. Peled said NDS
indicated it was interested in exploring such a transaction. But then,
according to Mr. Peled, they showed up with a lawyer and attempted to
gain leverage in these negotiations based on these baselessallegations.
Mr. Peled said that in the course of the discussions Canal Plus conceded
that it, too, extracts the computer code from competitors' smart cards.

Mr. Peled said that during the course of the merger discussions Canal Plus
identified an NDS employee who it said was involved in distributing the
smart-card code. Now, NDS said, Canal is trying to hire that employee. In
its planned countersuit, NDS said it intends to allege tortious
interference in that case and with other employment and contractual
relationships of NDS.

Canal Plus Technologies Chairman and Chief Executive Francois Carayol
rebutted Mr. Peled's claims on every point. He said emphatically that Canal
Plus neither now nor ever did reverse engineer its competitors' smart
cards. He said the merger discussions were started by NDS in September but
never advanced after Canal made its piracy allegations to NDS in December.
Canal also said it hasn't offered jobs to NDS employees.

Write to Bruce Orwall at [EMAIL PROTECTED]
URL for this article:
http://online.wsj.com/article/0,,SB101597625854059480.djm,00.html
Hyperlinks in this Article:
(1) http://online.wsj.com/article/0,,SB1015883213118362160,00.html
(2) mailto:[EMAIL PROTECTED]

Updated March 13, 2002

Copyright 2002 Dow Jones  Company, Inc. All Rights Reserved
Printing, distribution, and use of this material is governed by your
Subscription agreement and Copyright laws.
For information about subscribing go to http://www.wsj.com
-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet 

[ISN] Cryptography: Its not just about keeping things secret

[R. A. Hettinga]

--- begin forwarded text


Status:  U
Date: Thu, 14 Mar 2002 01:43:59 -0600 (CST)
From: InfoSec News [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [ISN] Cryptography: Its not just about keeping things secret
Sender: [EMAIL PROTECTED]
Reply-To: InfoSec News [EMAIL PROTECTED]

http://bermudasun.bm/cgi-local/edpull.pl?cat=03Businessord=03ed=2002-03-13

By Robin Holder
Business from 2002-03-13 Edition

BERMUDA IS actively promoting itself as a jurisdiction for offshore
E-commerce, according to Nicko van Someren, the general chair of the
International Financial Cryptography Conference (FC 02) taking place
at Sonesta Beach Resort this week.

The sixth annual conference, organized by the International Financial
Cryptography Association, is bringing together cryptographers,
technologists, businesses, bankers and lawyers.

It is the only international gathering dedicated to the understanding
of cryptography - the science of encoding messages - and its relevance
to international finance.

Cryptography is not just about encryption codes and keeping things
secret. It's about authentication, finding out about the person on the
other end of the line, integrity checking and ensuring
confidentiality, van Someren, also chief technology officer of
nCipher Corp., said. For cryptography to be effective, protocols have
to developed in conjunction with functions such as online shopping and
sending confidential E-mail, van Someren added.

This conference looks at cryptography as applied to all aspects of
finance. That might mean anything as simple as retail E-commerce right
through to more complex issues like the validity of digital contracts
and defining digital currencies which have some of the properties of
physical currencies, van Someren said.

He said people have been examining the technical aspects of anonymous
cash systems for some years but there is a danger since totally
anonymous cash systems could be used as tools for money laundering.
The conference is a convergence of cryptography as applied to finance
in the broader sense. It might be payment processing on the Internet,
or it might be managing the digital rights of people creating digital
media or protecting people from identity theft, van Someren said.
The conference was first held six years ago in Anguilla but this is
the first time it is being held in Bermuda.

Addressing delegates so far have been Renee Webb, the Minister of
Telecommunications and E-commerce and Nigel Hickson, E-business
consultant to the Ministry.

There are data protection issues that surround the OECD's
(Organization for Economic Cooperation and Development) treaty on tax
law harmonization and the cryptography involved in E-commerce has
significant implications for that, van Someren said.



-
ISN is currently hosted by Attrition.org

To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn' in the BODY
of the mail.

--- end forwarded text


-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

USENIX Smart Card Research and Advanced Application Conference

[Jon Simon]

This information is from http://www.usenix.org/events/cardis02/cfp/ 
and there is more info at that url.

Fifth Smart Card Research and Advanced Application Conference
November 20-22, 2002
Hyatt Ste. Claire, San Jose, California, USA

Sponsors
IFIP Working Group 8.8 (Smart Cards)
USENIX, the Advanced Computing Systems Association

Important Dates
Submissions due: June 24, 2002
Notification of acceptance: August 12, 2002
Camera-ready final papers due: September 23, 2002

Overview
Smart card research is of increasing importance as the need for 
information security increases rapidly, especially in response to 
new, urgent demands. Since 1994, CARDIS has been the premier 
international research conference dedicated to smart cards and their 
applications.

CARDIS '02, the joint IFIP/USENIX International Conference on Smart 
Card Research and Advanced Applications, constitutes the Fifth IFIP 
CARDIS conference and the Second USENIX conference on Smart Card 
Technology. Like its predecessors, CARDIS '02 will bring together 
researchers and practitioners in the development and deployment of 
smart card systems and technologies.

Aims and Goals
The portability, processing power, and tamper resistance of smart 
cards offers a platform for secure conditional access to information 
and applications. Smart cards significantly extend the scope of 
distributed systems by providing a trusted platform for 
cryptographically secured computation and storage. Notwithstanding 
their long history, relative to modern computing, the applicability 
of smart cards in distributed systems remains an untapped resource, 
limited mainly by our imagination and understanding. Here lie vast 
uncovered research areas that will have a huge impact on the eventual 
success of the technology. The research challenges span many domains, 
including hardware design, cryptographic applications, distributed 
system architecture, and formal modeling.

Unlike events devoted to commercial and application aspects of smart 
cards, the CARDIS conferences bring together researchers who are 
active in all aspects of the design, validation, and application of 
smart cards. The breadth of smart card research stimulates a synergy 
among disparate research communities, making CARDIS an ideal 
opportunity to present the latest research advances.

Call for Papers
The program committee seeks papers describing the design, 
application, and validation of smart card technologies. Submissions 
across a broad range of smart card development phases are encouraged, 
from exploratory research and proof-of-concept studies to practical 
application and deployment of smart card technology.

Topics
The following topics are of particular interest to the program committee:

*  Application loading
*  Smart card operating systems
*  Virtual machines
*  Integrated development environments
*  High-speed, small-footprint encryption
*  Cryptographic accelerators
*  On-card data sharing schemes
*  Smart cards in the Internet
*  Automatic mask generation
*  Emerging opportunities for standardization
*  Smart tokens and other competing technologies
*  Alternative form factors for smart card chips
*  Smart card application program interfaces
*  Trends in smart card hardware
*  Research in tamper-resistance
*  Hardware and software certification
*  Security validation and benchmarks
*  Biometrics involving smart cards

-- 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Attention PGP Customers, Important information concerning E-Business Server

[R. A. Hettinga]

--- begin forwarded text


Status:  U
Date: Fri, 15 Mar 2002 08:02:49 -0800
From: Network Associates [EMAIL PROTECTED]
Reply-To: Network Associates [EMAIL PROTECTED]
Subject: Attention PGP Customers, Important information concerning
E-Business Server
To: [EMAIL PROTECTED]


[This message is brought to you as a subscriber to the Network
Associates or PGP websites. To unsubscribe, please follow
the instructions at the bottom of the page.]


March 15, 2002

Dear Customer,

As you know, we recently integrated several products from the PGP Security
business unit into McAfee.

These PGP Security products continue to be developed and sold by McAfee:
PGP E-Business Server is now McAfee E-Business Server
PGP E-Business Server Point-2-Point is now McAfee E-Business Server Partner
Edition
PGP E-Business Server for OS/390 is now McAfee E-Business Server for OS/390
PGPfire ASaP is now McAfee Desktop Firewall ASaP
PGPfire is now McAfee Desktop Firewall
PGPvpn will become McAfee VPN Client
PGP encryption is retained and continues as the encryption engine within
E-Business Server.

Network Associates recently announced the official closure of the PGP
Security. We have sold the Gauntlet VPN and
Firewall products to Secure Computing. Because we have not found an
appropriate buyer for PGP Corporate Desktop
product bundle, PGPmail, PGPdisk and file, PGPKeyserver and PGPwireless,
they have been put into maintenance
mode. However, the products that we have integrated into McAfee are
unaffected by this change.

In fact, we have made and will be making exciting announcements on these
products that will benefit our customers by
extending the ease of use, ease of management, and platform support for
these products.

McAfee Desktop Firewall 7.5 and McAfee ThreatScan 2.0 in Beta
Desktop Firewall 7.5 allows customers to protect against hackers, blended
threats, virus spread, and bandwidth-depleting
network traffic. ThreatScan 2.0 enables anti-virus administrators to
quickly understand where the vulnerable devices,
operating systems and applications are on their networks to proactively
reduce risks from viruses and blended threats.
Both of these products use our market-leading ePolicy Orchestrator 2.5
management console. Find out more at
http://www.mcafeeb2b.com/beta

McAfee E-Business Server
Simplifying the end userís and developerís ability to protect data, McAfee
has now added two more E-Business Server,
formerly PGP E-Business Server, family products that we will continue to
develop and use PGP encryption. We
recently announced McAfee E-Business Client, which enables an end user to
drag and drop to encrypt and send data
using a pre-configured client. Also, more developers are now able to
protect data with encryption by using the Visual
Basic, Perl and Java native APIs within their existing applications. The
applications for these products include
protecting healthcare data, financial transactions, insurance records and
Web-based customer credit card transactions on
vulnerable Web servers. Find out more at:
http://www.mcafeeb2b.com/aboutmcafeeb2b/pressroom We are also
promoting our newly re-branded McAfee E-Business Server on mainframe
platforms (OS/390), and the addition of
Linux for S/390 and zSeries at the SHARE.org conference starting March 3 in
Nashville, TN (Booth 107). Find out
more at http://www.mcafeeb2b.com/products/ebusiness.asp.

If you have any further questions regarding these product changes, contact
your sales representative, call us at 1-888-
VIRUS-NO or contact us online at www.mcafeeb2b.com. We will continue to
provide the best security and availability
solutions for your network.


Regards,


Art Matin,
President, McAfee Security





This information update is available at no charge to all
registered users of Network Associates website.

 * To cancel this update, send us a reply with the words
unsubscribe [EMAIL PROTECTED] in the subject line with the
original message attached.

 * To change your email address, send us a reply with the words,
change-address in the subject line. In the body of the message
include your old and new email addresses with the original
message.

  Use the following format for email changes:

  OLD: [EMAIL PROTECTED]
  NEW: [EMAIL PROTECTED]




__
This message was sent by Network Associates, Inc. using Responsys Interact
(TM).

If you prefer not to receive future e-mail from Network Associates, Inc.:
http://nai.rsc01.net/servlet/optout?gHpgJDVAWEkHoFpINJDJhtE0

To view our permission marketing policy:
http://www.rsvp0.net

--- end forwarded text


-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation 

Fwd: [BAWUG] AirTraq Mailing List announcement

[R. A. Hettinga]

--- begin forwarded text


Status:  U
Date: Sat, 16 Mar 2002 17:14:27 +
To: [EMAIL PROTECTED]
From: Fearghas McKay [EMAIL PROTECTED]
Subject: Fwd: [BAWUG] AirTraq Mailing List announcement
Reply-To: Usual People List [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
List-Subscribe: mailto:[EMAIL PROTECTED]


--- begin forwarded text


From: wireless lan [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: [BAWUG] AirTraq Mailing List announcement

X-Original-Date: Fri, 15 Mar 2002 19:22:38 -0800 (PST)
Date: Fri, 15 Mar 2002 19:22:38 -0800 (PST)

Hi All,

I dearly appreciate all these mailing list I
subscribe. A bunch of friend and I opened a new one
_dedicated_ to wireless security research. It's not
wlan specific: these last days we spoke about GSM,
telco wireless networks auth, wlan DoS, 802.11b
spoofing methods.

Here is the mailing list description, if you are
interested, feel free to join :)

Also we are going to make some AirTraq workshop (here
in San Francisco, some will probably also happen in
Bangkok, London and Paris where we have some AirTraq
members) to demonstrate known problems (hands on for
everyone interested) and to investigate new issues,
discuss ideas...

- - -

AirTraq - Wireless Security Research

Discussion in this group relate to wireless security,
wardriving, GSM networks, GPRS, 802.11b and .11a
security, WEP, hiperlan2, spread spectrum, WAP,
bluetooth, UMTS and 3G, UWB, RIM Blackberry, VSAT,
DVB...

This list is created in the spirit of BugTraq to
provide a forum for full disclosure on wireless
security.


[EMAIL PROTECTED]

http://groups.yahoo.com/group/airtraq

- - -


Best regards,
Philippe.
--
Philippe Langlois
http://www.wavesecurity.com


__
Do You Yahoo!?
Yahoo! Sports - live college hoops coverage
http://sports.yahoo.com/
--
general wireless list, a bawug thing http://www.bawug.org/
[un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless

--- end forwarded text

--- end forwarded text


-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: DNA-Based Computer Solves Truly Huge Logic Problem

[R. A. Hettinga]

--- begin forwarded text


Status:  U
Date: Sat, 16 Mar 2002 14:16:31 -0800
To: [EMAIL PROTECTED]
From: Bill Stewart [EMAIL PROTECTED]
Subject: Re: DNA-Based Computer Solves Truly Huge Logic Problem
Sender: [EMAIL PROTECTED]

At 01:44 PM 03/15/2002 -0600, James Choate wrote:
http://unisci.com/stories/20021/0315023.htm
and many of you autodeleted or ignored it,
because it's just Jim forwarding stuff again.

However, it had a catchy title, and sure enough,
Len Adleman is up to new tricks -
this time he's gotten a DNA computer to solve a problem instance with
2**20 possible values.  It looks like the popular 3-SAT problem
which many NP-complete problems are easily resolved to.

The real article is in Science, the AAAS journal,
but the unisci.com article doesn't give a real footnote to it.

Now, if he'd pointed us to Slashdot,
http://slashdot.org/article.pl?sid=02/03/16/1353240mode=threadtid=126
we'd have the references to http://physicsweb.org/article/news/6/3/11 ,
which says (R Braich et al 2002 Science to appear),
a comment by someone who talked to one of the researchers,
confirming that, yes, it was a 24-clause 20-variable 3-SAT problem,
and references to USC News (Adleman works at USC)
http://uscnews.usc.edu/usctoday/action.lasso?-database=USCToday.fmp-response=Detail.html-logicalOp=and-recID=35637-search
which has a slightly longer version of the article that _does_ have references,
including http://www.sciencemag.org/sciencexpress/recent.shtml
which (for a free registration) will let you see the *real* article.

But Jim knows y'all can read slashdot for yourselves :-)

--- end forwarded text


-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Knuth on crypto...

[R. A. Hettinga]

--- begin forwarded text


Status:  U
From: Nomen Nescio [EMAIL PROTECTED]
Comments: This message did not originate from the Sender address above.
  It was remailed automatically by anonymizing remailer software. Please
  report problems or inappropriate use to the remailer administrator at
  [EMAIL PROTECTED].
To: [EMAIL PROTECTED]
Subject: Knuth needs killing
Date: Sun, 17 Mar 2002 05:50:20 +0100 (CET)
Sender: [EMAIL PROTECTED]

Question: What do you think of research in cryptographic algorithms? And
what do you think of efforts by politicians today to put limits on
ryptography research?

Knuth: Certainly the whole area of cryptographic algorithms has been one
of the most active and exciting a reas in computer science for the past
ten years, and many of the results are spectacular and beautiful. I
cant claim that Im good at that particular subject, though, because I
cant think of sneaky attacks myself. But the key problem is, what about
the abuse of secure methods of communication? I dont want criminals to
use these methods to become better criminals. Im a religious person,
and I think that God knows all my secrets, so I always feel that
whatever Im thinking is public knowledge in some way. I come from this
kind of background. I dont feel I have to encrypt everything I do. On
the other hand, I would certainly feel quite differently if somebody
started to use such openness against me, by stealing my bank accounts or
whatever. So I am supportive of a high level of secrecy. But whether it
should be impossible for the authorities to decode things even in
criminal investigations, in extreme casesthere I tend to come down on
the side of wanting to have some way to break some keys sometimes.

--- end forwarded text


-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Omniscient Cryptanalysis... (was Re: Knuth needs killing)

[R. A. Hettinga]

...or, Newby's Rejoinder to Knuth's Paradox.

This is just about the funniest thing I've read on cryptography in months.
Maybe years.

Outstanding. Laugh-out-loud funny.

Somewhere, I bet even St. Anselm is laughing, and Bishop Berkeley is
pouring himself a stiff one...

Still grinning,
RAH

--- begin forwarded text


Status:  U
Date: Sun, 17 Mar 2002 09:53:21 -0500
From: Greg Newby [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Knuth needs killing
User-Agent: Mutt/1.3.27i
Sender: [EMAIL PROTECTED]

Knuth used to be a logical man.  What happened?

(Religious) Logic:

- God knows all of Knuth's secrets, thus Knuth's keys are public
- Knuth is a man, and God knows all men
- Therefore, God knows all of everyone's secrets, and all keys
are public

So what's the problem?  All law enforcement needs to do, in the
case of urgent need to get keys, is pray.  It doesn't matter how
tough the crypto is, and the NSA doesn't even need to be consulted.
We already know that the God is on the US' side, so we know this
technique won't work for the foreign pagans.

In this case, a little less separation of church  state might
serve us well

  -- Greg

On Sun, Mar 17, 2002 at 05:50:20AM +0100, Nomen Nescio wrote:

 Question: What do you think of research in cryptographic algorithms? And
 what do you think of efforts by politicians today to put limits on
 ryptography research?

 Knuth: Certainly the whole area of cryptographic algorithms has been one
 of the most active and exciting a reas in computer science for the past
 ten years, and many of the results are spectacular and beautiful. I
 cant claim that Im good at that particular subject, though, because I
 cant think of sneaky attacks myself. But the key problem is, what about
 the abuse of secure methods of communication? I dont want criminals to
 use these methods to become better criminals. Im a religious person,
 and I think that God knows all my secrets, so I always feel that
 whatever Im thinking is public knowledge in some way. I come from this
 kind of background. I dont feel I have to encrypt everything I do. On
 the other hand, I would certainly feel quite differently if somebody
 started to use such openness against me, by stealing my bank accounts or
 whatever. So I am supportive of a high level of secrecy. But whether it
 should be impossible for the authorities to decode things even in
 criminal investigations, in extreme casesthere I tend to come down on
 the side of wanting to have some way to break some keys sometimes.

--- end forwarded text


-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

[Mnet-devel] Experiences Deploying a Large Scale EmergentNetwork

[R. A. Hettinga]

--- begin forwarded text


Status:  U
To: [EMAIL PROTECTED]
From: Zooko [EMAIL PROTECTED]
Reply-to: Zooko [EMAIL PROTECTED]
Subject: [Mnet-devel] Experiences Deploying a Large Scale Emergent Network
Sender: [EMAIL PROTECTED]
List-Help: mailto:[EMAIL PROTECTED]?subject=help
List-Post: mailto:[EMAIL PROTECTED]
List-Subscribe: https://lists.sourceforge.net/lists/listinfo/mnet-devel,
mailto:[EMAIL PROTECTED]?subject=subscribe
List-Id: mnet-devel.lists.sourceforge.net
List-Archive: http://www.geocrawler.com/redir-sf.php3?list=mnet-devel
Date: Sun, 17 Mar 2002 05:46:20 -0800


I gave a talk about my experiences with Mojo Nation at the First International
Workshop on Peer-to-Peer Systems [1] recently.  Here is the position paper that
accompanied the talk:

Experiences Deploying a Large Scale Emergent Network
http://www.cs.rice.edu/Conferences/IPTPS02/188.pdf

While speaking in front of this small audience of eminent systems researchers,
and while answering their questions, I realized that a simple hack should
make a
big difference in the overall reliability of the file space:  do not publish
data to a server unless you have seen that server before, more than one
hour ago!
And more generally, use the age and average availability of a server as a
general heuristic for preferring to publish to him.  This was idea was inspired
by a DHT (distributed hash table) design named Kademlia that I really like:
[2].

See my paper to understand why this heuristic would make such a big difference.

It is easy to implement something like this using a handicapper, and I
intend to
do it for the next Mnet release.

Regards,

Zooko

[1] http://www.cs.rice.edu/Conferences/IPTPS02/
[2] http://www.cs.rice.edu/Conferences/IPTPS02/109.pdf

---
 zooko.com
Security and Distributed Systems Engineering
---

___
Mnet-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/mnet-devel

--- end forwarded text


-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

CeBIT: Federal German Ministry of Economics Forces E-mailEncryption

[R. A. Hettinga]

http://www.cebit.de/top-21508.html?druckeboot=1news_article_id=350archiv=1

CeBIT 2002  18.03.2002, © Deutsche Messe AG 2002

IT Newsticker

16.03.2002 11:49

CeBIT: Federal German Ministry of Economics Forces E-mail Encryption

At the CeBIT the Federal German Ministry of Economics distributes for free
the mail encryption program GnuPP 1.1 complete with manual. The mail
roboter Adele shall provide a lead-in to the issue by practising the krypto
mail communication together with the user.

The Federal German Ministry of Economics is supporting the open source
project GnuPP ( GNU Privacy Project) since the year 2000. With that the
Ministry wants to provide the development of a cryptography infrastructure
that does not depend on manufacturers, that is safe and corresponds to
international standards. It would not be recommended to use standard
software in security sensitive areas and the Ministry explicitly warns to
do so in its press release. Only the open source principle allows the user
to look at the complete programming of a software, and that means security
to the greatest extent.

Apart from the software the package of the Ministry contains a two-piece
manual that is completely new written and designed. With the help of this
manual even laypersons shall be able to clear the first hurdle of e-mail
encryption. And something else is new: Adele ([EMAIL PROTECTED]), an
exercise roboter for practising the procedure of encryption and decryption
as often as the entry-level user will need it. Adele reacts to sent-in
public keys and encrypted e-mails, sends its own public key, and answers to
encrypted and decrypted incoming e-mails. In this way a dialog between
correspondence partners is formed so that entry-level users can practise
transactions of e-mail encryption like in real life and may gain
confidence in the safety of this procedure.

At the CeBIT one can get the GnuPP package (manual with CD-ROM) for free at
the stands of the Federal German Ministry of Economics. During the entire
fair the Ministry also provides presentations and advisory service for free.

For background informations and details on the fair please surf
tecCHANNEL.DE and read our big CeBIT Special (German only, please bear with
us). Moreover we have compiled for you all CeBIT news in category-specific
news channels. (jlu/bmu)

Federal German Ministry of Economics: pavilion11, stand D25

Pavillon D / 11, stands 76 and 5

Origin: tecCHANNEL



In cooperation with IDG Interactive

Back to the News-Overview

 

-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Secure peripheral cards

[Sean Smith]

Well, there's always the IBM 4758, which we built as a general-purpose
secure computer environment for hostile environments, with the ability
for on-device applications to prove to the outside world what they are
and where they're running.

IBM's been marketing it primarily as a crypto accelerator, unfortunately.
The official product pages make it hard to distinguish the box from the
CCA application sw.

For basic architecture stuff:

S.W. Smith, S.H. Weingart.
`Building a High-Performance, Programmable Secure Coprocessor.''
Computer Networks (Special Issue on Computer Network Security.) 31: 831-860. 
April 1999. 


For some recent creative applications:

S. Jiang, S.W. Smith, K. Minami.
``Securing Web Servers against Insider Attack.''
ACSA/ACM Annual Computer Security Applications Conference. December 2001

A. Iliev, S.W. Smith.
Prototyping an Armored Data Vault: Rights Management on Big Brother's Computer.
Privacy-Enhancing Technology 2002, Springer-Verlag, to appear.

These and more live at:
http://www.cs.dartmouth.edu/~sws/papers/


--Sean

Prof. Sean W. Smith  [EMAIL PROTECTED]   
http://www.cs.dartmouth.edu/~sws/   (has ssl link to pgp key)
Department of Computer Science, Dartmouth College, Hanover NH USA













-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: crypto question

[Pat Farrell]

At 01:45 PM 3/21/2002 +1100, McMeikan, Andrew wrote:
Question.  Is it possible to have code that contains a private encryption
key safely?  Every way I look at it the answer seems no, yet some degree of
safety might be possible by splitting an encrypting routine across several
nodes.  Can someone give me a pointer to any work in this area?

I don't believe so, but maybe someone else on the list has a better answer.
Secret splitting will clearly make it harder for Mallet to gather the key.

In the past Atalla (later Compaq, now HP) and Harris sold hardware boxes that
kept keys in tamper proof boxes. They worked because opening the box lost the
key. Banks used them heavily in the late 1990s.

The usual good solution is to make a human type in a secret.
The usual bad solution is to store it in a secret place, or encrypted with
a key kept elsewhere (source, secret file, LDAP, etc.)

The old CyberCash wallet, which used strong RSA keys, used simple 56bit DES
to protect the private key on the local PC's hard disk. The thinking was
that user won't use more entropy in their keys to really justify 3DES,
and once one has physical access to the computer and hard drive, there
are simpler attacks than breaking the crypto on the key: keystroke sniffers being
one obvious example.

I'd also love to hear of real solutions to protecting a key stored on local disk

Pat



Pat Farrell [EMAIL PROTECTED]
http://www.pfarrell.com


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: crypto question

[Mike Brodhead]

 The usual good solution is to make a human type in a secret.

Of course, the downside is that the appropriate human must be present
for the system to come up properly.  

In some situations, the system must be able to boot into a working
state.  That way, even if somebody accidentally trips the power-- I've
had this happen on production boxen --the system outage lasts only as
long as the boot time.  If a particular human (or one of a small
number of secret holders) must be involved, then the outage could be
measured in hours rather than minutes.

Don't forget that Availability is also an important aspect of
security.  It all depends on your threat model.

--mkb



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: crypto question

[dmolnar]

On Thu, 21 Mar 2002, McMeikan, Andrew wrote:

 A question and a probe.

 Question.  Is it possible to have code that contains a private encryption
 key safely?  Every way I look at it the answer seems no, yet some degree of
 safety might be possible by splitting an encrypting routine across several
 nodes.  Can someone give me a pointer to any work in this area?

There are several different possible scenarios which fit this description.
My message will overlap a little with the other reply I've seen, for which
I apologize. Here they are in rough order of what I think you're asking.

1) You are trying to distribute an obfuscated binary which
encrypts/decrypts using a secret key, with the goal that the key resist
reverse engineering. The usual application for this is DRM, but you can
also use this to do public-key encryption from any symmetric algorithm
(obfuscate the encryption function!).

(disclaimer: I work for ShieldIP, which is a DRM company. All statements
and opinions here are my own.)

There's a recent result showing that there exist some functions which
*cannot* be obfuscated, for several technical formalizations of the notion
obfuscated. That result is available as:

On the (Im)possibility of Obfuscating Programs
Boaz Barak Oded Goldreich, Russell Impagliazzo, Steven Rudich, Amit Sahai,
Salil Vadhan, Ke Yang
http://citeseer.nj.nec.com/barak01impossibility.html

It is important to note that this result doesn't necessarily apply to the
kinds of programs we want to obfuscate in practice. Rather it shows that
there is a large class of unobfuscatable functions and builds such
functions through clever means. At least that's my current take; I should
hedge here and say I haven't gone through it thoroughly -- I'd welcome
correction from anyone who's taken more time to map out the practical
implications (for instance, is it possible that a block cipher could be
obfuscated?).

Naturally this result hasn't stopped people from trying practical
techniques for code obfuscation. Cloakware (www.cloakware.com) is just one
of the companies pursuing research into software obfuscation. Doing a
google search for code obfuscation provides many links. I don't know
enough to say which of them are any good.

People have also tried to obtain a similar level of protection by
embedding code in tamper-resistant hardware. IBM's ABYSS project was an
early example of this aimed specifically at copy protection. That begat
Citadel which begat 4758 and thus was the begatting begun. As another
message mentions, Atallah/Compaq/HP and Wave Systems today do similar
things. I note that the Intertrust web page mentions a Rights|Chip which
may or may not do similar things. Bennet Yee's thesis, among other places,
is a good place to learn about secure coprocessors.
ftp://www.cs.ucsd.edu/pub/bsy/pub/th.ps.gz

2) You have an application which uses private keys and you are worried
about writing them to disk. Your adversary is not the user, but someone
who may gain lunch-time access to the machine and not plant keyloggers,
bugs, etc, but only transfers files or swap to a diskette. This is kind of
a weak adversary, but it's also about what most co-workers or kid sisters
can mount, and hey we have to protect at least against them...

The best practice here, AFAIK, is to do what PGP does. Encrypt the private
key while it's on disk using some key not on the machine. Then use a
kernel driver to obtain memory which is guaranteed not to be paged to disk
and use that memory for all sensitive operations. Get yourself a copy of
the WinPGP source code and take a look.

3) You are worried about an adversary breaking in and stealing your own
signing or decryption key from your computer. You also just happen to have
a bunch of other computers lying around that are not running the same OS
or same version (so they are unlikely to be cracked at the same time as
your first machine).

Now you're in the territory of threshold cryptography and proactive
security. The MIT Threshold Cryptography page explains it better than I
could:
http://theory.lcs.mit.edu/~cis/cis-threshold.html

Dan Boneh's group has put some of these ideas into code:
http://theory.stanford.edu/~dabo/ITTC/

With proactive security, you refresh machines from time to time so as
to limit damage from machines which are compromised and then renewed.
Here's the abstract from the paper reporting on the IBM implementation.
http://www.cs.huji.ac.il/~feit/artzi/artzi18.html#abs1
that paper citation is

B. Barak, A. Herzberg, D. Naor, and E. Shai. The proactive security
toolkit and applications. In Proceedings of the 6th ACM Conference on
Computer and Communications Security (CCS'99), pages 18--27, Kent Ridge
Digital Labs, Singapore, November 1999. ACM SIGSAC, ACM

There used to be an IBM page specifically on the topic of proactive
security and they were even going to let people download the toolkit! I
don't think that actually happened. If it did, dude, I'd like to know.

-David Molnar