Re: crypto question
As someone who spent 5 years doing all the physical security for a major university I can say that ALL physical systems can be broken. No exception. The three laws of thermodynamics apply to security systems as well. There is ALWAYS a hole. On Thu, 21 Mar 2002, Arnold G. Reinhold wrote: It's not clear to me what having the human present accomplishes. While the power was out, the node computer could have been tampered with, e.g. a key logger attached. Who said you were allowed to lose power and stay secure? Laptops are pretty cheap and come with multi-hour batteries. There should be enough physical security around the node to prevent someone from tripping power. One approach might be to surround a remote node with enough sensors so that it can detect an unauthorized attempt to physically approach it. -- There is less in this than meets the eye. Tellulah Bankhead [EMAIL PROTECTED] www.ssz.com [EMAIL PROTECTED] www.open-forge.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
faraday cages coming to home depot RSN
http://www.nytimes.com/2002/03/21/technology/circuits/21NEXT.html ...a new concrete that can conduct electricity may make it possible to construct buildings in which the basic structure does double duty as an electromagnetic shield. cheers, t - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Comments to the Senate Judiciary Committee
Submit your comments regarding the SSSCA here: http://judiciary.senate.gov/special/input_form.cfm?comments=1 See below: From: Peter D. Junger [EMAIL PROTECTED] Subject: [DMCA_Discuss] Comments to the Senate Judiciary Committee To: [EMAIL PROTECTED], DVD Discussion List [EMAIL PROTECTED] cc: [EMAIL PROTECTED] Date: Fri, 22 Mar 2002 01:36:45 -0500 As I mentioned a couple of days ago, I sent a comment about mandating DRM technologies for general purpose computers. I just received the following message in response. : We are no longer accepting comments via e-mail, as we have created a new, : web-based submission form. I encourage you to please re-submit your : comments at http://judiciary.senate.gov/special/input_form.cfm?comments=1 . I have resent the comment using that web address and now fear that the formatting will be all messed up. The good news, however, is that when I resubmitted my message to the web site I was shown all the comments that have been received by the Committee so far---there are quite a few of them---AND NOT A SINGLE COMMENT SUPPORTS MANDATORY DRM TECHNOLOGIES. It may be worthwhile to encourage others to send their comments to the Committee. Overwhelming opposition by the public---that is publically available---may be hard for politicians to ignore. The comments are available at http://judiciary.senate.gov/special/input_form.cfm. For those of you who have connections with the press, you might inform them of this reaction by the public. I should think that it would make an interesting feature story: Public Repudiates the Mouse. -- Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH EMAIL: [EMAIL PROTECTED]URL: http://samsara.law.cwru.edu NOTE: [EMAIL PROTECTED] no longer exists ___ http://www.anti-dmca.org DMCA_Discuss mailing list [EMAIL PROTECTED] http://lists.microshaft.org/mailman/listinfo/dmca_discuss -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Secure peripheral cards
--- begin forwarded text Status: U Date: Fri, 22 Mar 2002 09:00:58 + From: Nicko van Someren [EMAIL PROTECTED] User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:0.9.4) Gecko/20011126 Netscape6/6.2.1 To: R. A. Hettinga [EMAIL PROTECTED] CC: Digital Bearer Settlement List [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Secure peripheral cards R. A. Hettinga wrote: ... I'm not sure NCipher gear is the #1 for acceleration, I think they're probably more focussed and used for secure key management. For example they quote [1] an nForce can do up to 400 new SSL connections per second. So that's CRT RSA, not sure if 1024 bit or 512 bit (it does say up to). openSSL on a PIII-633Mhz can do 265 512 bit CRT RSA per second, or 50 1024 bit CRT RSA per second. So wether it will even speed up current entry-level systems depends on the correct interpretation of the product sheet. ... [1] http://www.ncipher.com/products/rscs/datasheets/nFast.pdf While you are right that we focus these days on the key management side I would like to say that now, as ever, the speeds we quote are for 1024 bit RSA decryptions, not 512 bit. Incedentally the data sheet that you reference clearly states that the nFast800 handles Up to 800 RSA SSL handshakes per second (1024-bit RSA decryptions). Nicko --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
AW: CeBIT: Federal German Ministry of Economics Forces E-mail Encryption
Just for your information: the German government manufactured 50,000 of those GnuPP CDs right from the start. Quite a number, I think. You can order a copy including a manual for free at their PR agency: dmb agentur Spitzweggasse 6 D-14482 Potsdam-Babelsberg Germany E-Mail: [EMAIL PROTECTED] Carsten Kuckuk - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
fast SSL accelerators (Re: Secure peripheral cards)
On Fri, Mar 22, 2002 at 03:39:01PM +1100, Greg Rose wrote: But don't forget that your pentium can't do anything *else* while it's doing those RSAs... whereas the machine with the nForce can be actually servicing the requests. While that is true, the issue is the economics; depending on the figures it may be cheaper and much simpler to buy a faster pentium or better yet an even faster and better value for money Athlon. Even buy a dual processor machine. Cryptoapps seem to make a 2000 key per second clearly stated as 1024 bit (CRT) RSA for $1400 [1]. That might be harder to compete with with Athlons as one of those PCI cards is around 13x faster than the fastest i86 compatible processor you can buy right now. Of course this is now straying off the original discussion of secure hardware to and focussing on the fastest most economical way to do lots of SSL connections per second rather than the most secure way to store keys in hardware, so I changed the subject line. Adam [1] http://www.cryptoapps.com/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Phil Karn: It's war, folks --- SSSCA formally introduced
--- begin forwarded text Status: U From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: It's war, folks --- SSSCA formally introduced Reply-to: [EMAIL PROTECTED] Date: Thu, 21 Mar 2002 17:33:36 -0800 Sender: [EMAIL PROTECTED] The story just hit Slashdot -- Senators Hollings, Stevens, Inouye, Breaux, Nelson, and Feinstein have introduced the so-called Consumer Broadband and Digital Television Act of 2002, formerly known to most of us as the SSSCA. The text of Hollings' comments are available here: http://www.politechbot.com/docs/cbdtpa/hollings.cbdtpa.release.032102.html The Slashdot article (with links to other coverage) is here: http://slashdot.org/article.pl?sid=02/03/21/2344228mode=threadtid=103 I cannot overstress the awful implications of this bill if it becomes law. The personal computer, as we know it, will be destroyed. The Internet, as we know it, will be destroyed. Hollings doesn't say that, of course. But all through his statement he claims that there exist technological solutions to the piracy problem. These apparently consist entirely of do not copy bits added to copyrighted materials. The fact that any do-not-copy-bit can be trivially cleared on any personal computer that can be programmed by its user does not seem to have registered yet with the authors of this bill. And when it does, the logical next step will then become obvious to them: the licensing of programmers and/or the prohibition of open source software as too easily modified by end users. And when *that* fails, a total ban on any personal computer that can be programmed by its user. It's time for the IETF, its members and the IAB to react, and react quickly and forcefully. We need to say clearly that there is simply no such thing as an Internet copy prevention technology that can actually work in a world with programmable personal computers. We need to steer policy makers in a different direction, toward watermarking technologies that do not block copies from being made but allows them to be traced after the fact. Yes, effective watermarking is technically difficult, and several have already been broken. But at least it's *possible* to build an effective watermarking scheme without utterly destroying both the personal computer and the Internet. Phil --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: crypto question
There are groups with lots of money and dedicated, trained agents who are willing to die that would dearly like to steal a nuclear weapon. So far, they have not succeeded (if they do, I fear we will know about it quickly). So someone has been able to do physical security right. The problem is doing it in a way that is affordable and doesn't require an army. Designing computers that can detect an attack seems worth exploring. FIPS-140 envisions such an approach when it talks about wrapping security modules in a mesh of insulated wire whose penetration tells the module to zeroize. I'm not sure what changes in your argument if you delete the word physical. Perhaps we should all just give up with this security nonsense. Arnold reinhold At 11:28 PM -0600 3/21/02, Jim Choate wrote: As someone who spent 5 years doing all the physical security for a major university I can say that ALL physical systems can be broken. No exception. The three laws of thermodynamics apply to security systems as well. There is ALWAYS a hole. On Thu, 21 Mar 2002, Arnold G. Reinhold wrote: It's not clear to me what having the human present accomplishes. While the power was out, the node computer could have been tampered with, e.g. a key logger attached. Who said you were allowed to lose power and stay secure? Laptops are pretty cheap and come with multi-hour batteries. There should be enough physical security around the node to prevent someone from tripping power. One approach might be to surround a remote node with enough sensors so that it can detect an unauthorized attempt to physically approach it. -- There is less in this than meets the eye. Tellulah Bankhead [EMAIL PROTECTED] www.ssz.com [EMAIL PROTECTED] www.open-forge.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: crypto question
The problem is doing it in a way that is affordable and doesn't require an army. [snip] I'm not sure what changes in your argument if you delete the word physical. Perhaps we should all just give up with this security nonsense. :) Agreed. It's not about perfect security, it's about Good Enough security. Risk is not something we can eliminate, but it is something we can manage. It does not surprise me when non-security people forget that point, but I am really surprised at how often security people seem to forget it. --mkb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: crypto question
At 01:04 PM 3/21/02 -0500, Nelson Minar wrote: Question. Is it possible to have code that contains a private encryption key safely? As a practical matter, yes and no. Practically no, because any way you hide the encryption key could be reverse engineered. Practically yes, because if you work at it you can make the key hard enough to reverse engineer that it is sufficient for your threat model. This problem is the same problem as copy protection, digital rights management, or protecting mobile agents from the computers they run on. They all boil down to the same challenge; you want to put some data on a computer you don't control but then restrict what can be done with that data. The fundamental issue is: who benefits from keeping the secret secret? If the holder of the bankcard (or whatever) is liable for abuse due to cracking, you are in a much better position than if the bank loses when a cracker cracks the card in his possession. This of course does not help when an adversary *steals* access to the secret in the bankcard. It only helps when the holder of the secret has an interest in keeping the secret. One gathers from this discussion that the content-creator is worried about content-users cracking their system; that is in general hopeless, modulo the cost factors. (And remembering what Schneier wrote about all it takes is one cracker + the internet, if a crack tool is readily copied.) dh - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [Announce] Announcing a GnuPG plugin for Mozilla (Enigmail)
From: R. Saravanan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Wed, 20 Mar 2002 12:50:51 -0700 Enigmail, a GnuPG plugin for Mozilla which has been under development for some time, has now reached a state of practical usability with the Mozilla 0.9.9 release. It allows you to send or receive encrypted mail using the Mozilla mailer and GPG. Enigmail is open source and dually licensed under GPL/MPL. You can download and install the software from the website http://enigmail.mozdev.org Enigmail is cross-platform like Mozilla, although binaries are supplied only for the Win32 and Linux-x86 platforms on the website.At the moment there is no version of Enigmail available for Netscape 6.2 or earlier, which are based on much older versions of Mozilla.There will be a version available for the next Netscape release, which is expected to be based on Mozilla 1.0. You may post enigmail-specific comments to the Enigmail newsgroup/mailing list at mozdev.org ___ Gnupg-announce mailing list [EMAIL PROTECTED] http://lists.gnupg.org/mailman/listinfo/gnupg-announce - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Foghorn Fritz, the CBDTPA, and the revenge of the Wave-oids (Re:Secure peripheral cards)
At 9:45 AM -0500 on 3/22/02, Roop Mukherjee wrote: Wave.com touts this security system called Embassy. By the way Wave has been around since the flood, and their primary MO has always been exactly what Fritz Hollings, who Rush Limbaugh likes to imitate with a Warner Brothers 'Foghorn Leghorn' voice, is trying to pass a law to do. That is, end-to-end (end-to-monitor, actually) is-a-person book-entry settlement of content transactions originally over dial-up lines and cable boxes, and now over the internet itself. Huber wrote a glowing article about them in Forbes as early as 1992-3, IIRC. Wave was started by a former chairman of some large chip-firm (National Semi?), essentially wanted to create a law-mandated chip monopoly. He actually wanted to come speak at FC97, if we comped his fee, and then didn't send any of his scientific people when we told him it was a peer-reviewed conference with proceedings published in Springer-Verlag LNCS. During the internet stock bubble, his investors, self-described Wave-oids, would haunt the investor web-chats and shout down anyone who talked about actual revenue as a short focused on the Next Big Thing in Entertainment Technology. Long before the bubble popped, Wave was delisted, then re-listed, but I don't know where it is now... If there was any chance that Foghorn Fritz Hollings' little bit of probably unconstitutional legislative lunacy is going to win, of course, the Wave boys, and their respective oids, are going to make out like bandits -- if some other digital rights management system doesn't buy its place to the front of the line first. It would be real interesting to see whether anyone at Wave actually contributed to Hollings' campaigns, or whether this is dumb luck. In honor of Pournelle's dictum about not crediting to conspiracy that which can easily be attributed to stupidity, I'd probably choose the later, but you never know... Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
