crypto/web impementation tradeoffs
Hi I'm passing some data through a web client [applet-like] and am planning on using some crypto to help ensure the data's integrity when the applet sends it back to me after it has been processed. The applet has the ability to encode data with several well known symmetric ciphers. The problem I'm having has to do with key management. Is it better to have the key encoded in the binary, or to pass it a plain text key as one of the parameters to the applet? I know that the way most cryptosystems work is that the security is in the key. But having a compiled-in key just seems like a time bomb that's going to go off eventually. Is it better to have a variable key passed in as data [i.e. not marked as key] or to have a static key that sits there and waits to be found. Thanks. -- \js 'People who work sitting down get paid more than people who work standing up.' - Ogden Nash (1902-1971) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Horseman Number 3: IRC and crypto and stego, oh, my...
http://news.bbc.co.uk/low/english/sci/tech/newsid_2082000/2082657.stm BBC News Online: Sci/Tech Tuesday, 2 July, 2002, 13:30 GMT 14:30 UK Accessing the secrets of the brotherhood Police using the internet to lure paedophiles As police break an internet paedophile ring known as the Shadowz Brotherhood, News Online looks at how they did it. The arrest of 50 people all over Europe and the seizure of scores of computers, hard drives and thousands of disks is the culmination of a complex and elaborate operation. The National Hi-Tech Crime Unit and their colleagues in Europol had to use all their technical know-how to break into the Shadowz Brotherhood. Paedophiles are naturally suspicious of newcomers into their social circle and, like many criminal groups operating in cyberspace, are skilled at counter-surveillance. Child pornography constitutes a disgrace to human dignity. Gilles Leclair Europol Neither Europol or the National Hi-Tech Crime Unit would comment on whether undercover police officers posed as paedophiles in order to infiltrate the ring. But, reading between the lines, that is the only way the police could have accessed the Shadowz Brotherhood's website and gained the confidence of the other members. A Europol spokesman said the group's activities centred around a website which had an archive of child abuse images. He said that when uploading and downloading images to and from the site they used sophisticated encryption techniques, often hiding obscene material in apparently innocent picture files. The website was run by a group of hardcore paedophiles called administrators who operated a star-rating system. Girl identified The administrators would vet new members, who would then receive a one star rating allowing them to enter fairly tame newsgroups and bulletin boards. To gain further stars they had to upload images of child sex abuse for viewing and downloading by other members. As they gained more stars they were allowed access to restricted sites and protected rooms containing the most perverted material. An administrator would be on duty 24 hours a day to assess new images. Proxy servers were used to disguise where members were accessing the site from and it is believed that special software was used to give those involved cyber anonymity. BBC News Online's technology correspondent Mark Ward said criminal groups often used servers run by other innocent organisations to host illegal images. Criminal groups take advantage of the high-tech technology to attack the principles and the values of our democratic systems Gilles Leclair Europol He said many universities and other vulnerable organisations spent a lot of effort making sure their servers were not used by such groups. He said paedophiles often met each other in prison and kept in contact afterwards, passing on codewords, information about sites online and advice about how to avoid scrutiny online Most of those involved are believed to have taught themselves computer encryption techniques. But Europol had its own team of intelligence analysts, working in a secure operations room in The Hague equipped with the latest technology. They processed information received on a daily basis from investigators in the different participating states. In March police monitoring the site identified a six-year-old girl and went to the US to take her away from a suspected paedophile. Team of analysts Detectives are expected to spend months trawling the suspects' hard drives in an attempt to locate images which would lead to convictions. Europol said the Shadowz Brotherhood was formed in 2000, but some of its members had been in contact on the internet before that date. Europol's deputy director Gilles Leclair, head of Serious Crime Department, said: Child pornography constitutes a disgrace to human dignity. Criminal groups take advantage of the high-tech technology to attack the principles and the values of our democratic systems. But, once more, the international law enforcement co-operation proved very effective and gave a strong and decisive answer against organised crime. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Smart ID Cards Planned for Sailors to Spot Terrorists
http://quote.bloomberg.com/fgcgi.cgi?ptitle=Top%20World%20Newss1=blktp=ad_topright_topworldT=markets_box.hts2=ad_right1_windexbt=ad_position1_windexbox=ad_box_alltag=worldnewsmiddle=ad_frame2_windexs=APSMyZRY2U21hcnQg Bloomberg News Top World News 07/03 13:20 Smart ID Cards Planned for Sailors to Spot Terrorists (Update1) By Amy Strahan Butler Washington, July 3 (Bloomberg) -- The identities of more than 500,000 commercial sailors worldwide would be verified through thumb or iris scans under tough, new anti-terrorism standards backed by the U.S. and other industrialized nations. ``The whole idea is to come up with a worldwide system for positive, verifiable identification of seafarers,'' said Mary Covington, associate director of the Washington office of the International Labor Organization, a United Nations-affiliated group that's developing the standards. The labor organization got a big boost when representatives of the Group of Eight nations -- the U.S., Japan, Germany, the U.K., France, Canada, Italy and Russia -- endorsed the standards during a meeting in Canada last week. The plans have drawn criticism from seafarer's groups concerned that port authorities may insert information in so- called ``smart'' identification documents without the cardholder's knowledge. Those concerns are being swept aside as the drive to close loopholes in shipping security has gained momentum since Sept. 11 in the U.S., where less than 2 percent of cargo entering ports is inspected by the U.S. Customs Service. After the terrorist attacks, the Coast Guard began requiring ships to notify ports 96 hours prior to arrival and to submit a list of crew members. Card-Carrying Sailors Commercial sailors in countries that ratify the ILO standards would be required to carry identification cards similar to driver's licenses that also contain biometric information, such as a thumbprint or iris scan. Under the proposal, port authorities would be able to verify the identity of the card bearer by scanning his thumb or eye. The credentials could be issued to more than a half-million shipping employees as governments attempt to tighten port security to prevent terrorist activities. ``This would help produce uniform treatment of seafarers,'' said Chris Koch, president of the World Shipping Council, a trade association representing more than 40 shipping companies, including Atlantic Container Line AB and Crowley Maritime Corp. ``That's in the interest of not only seafarers but of commerce.'' The current ILO convention for identifying shipping employees entering foreign ports asks that countries to provide seafarers with documents, such as passports, that include their name, date of birth, nationality and photo. Technology Lag Once the identification standards are drafted, individual governments would be responsible for ratifying and enforcing them. Only 61 countries have ratified the ILO's existing documentation standards for commercial sailors. Critics of the proposal say that technology sophisticated enough to differentiate between the characteristics of thousands of irises, for example, is still years away. ``There is no perfect biometrics technology,'' the Automatic Identification Manufacturers Association of Japan wrote to the ILO. An accurate system would lengthen inspection times while a cheaper, faster one would be more inaccurate and possibly a target for terrorists, the agency said. Still, it's important to set the standards and then let the technology catch up, said Joseph Cox, president of the Chamber of Shipping of America. Biometric characteristics within the identification cards are essential for security, Cox said. ``There's no question we're going to have something like that,'' Cox said. ``We will get there because we have to get there.'' -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Montgomery Multiplication
On Tue, 2 Jul 2002, Damien O'Rourke wrote: I was just wondering if anyone knew where to get a good explanation of Montgomery multiplication for the non-mathematician? I have a fair bit of maths but not what is needed to understand his paper. Bear replied: Montgomery Multiplication is explained for the computer scientist in Knuth, _Seminumerical Methods_. Briefly: The chinese remainder theorem proves that for any set A1...AN of integers with no common divisors, any integer X which is less than their product can be represented as a series of remainders X1...XN, where Xn is equal to X modulo An. if you're using the same set of integers with no common divisors A1...AN to represent two integers X and Y, you have a pair of series of remainders X1...XN and Y1...YN. Montgomery proved that Z, the product of X and Y, if it's in the representable range, is Z1...ZN where Zn equals (Xn * Yn) mod An. That's not Montgomery multiplication; that's what Knuth called modular arithmetic, described in section 4.3.2 of Seminumerical Methods. Montgomery multiplication is well described at http://www.ciphergoth.org/writing/postings/news-992.txt, as Paul Crowley posted. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: crypto/web impementation tradeoffs
I'm passing some data through a web client [applet-like] and am planning on using some crypto to help ensure the data's integrity when the applet sends it back to me after it has been processed. Help us to understand your threat model. Do you trust the user and his/her machine, but are worried about Mallory altering the communications between client and server? Do you need confidentiality too, or just integrity? How serious an attacter are you concerned with? Curious and semi-technical? Determined hacker? NSA? Is it better to have the key encoded in the binary, or to pass it a plain text key as one of the parameters to the applet? Both strategies seem like doom to me. Either way, the key is in a form which allows Eve or Mallory to learn it. You need to find a way to keep from sending the key in the clear. What about using Diffie-Hellman key exchange? What about SSL? Depending on your needs, SSL might be overkill, but it has the advantage of having been prodded quite a bit at the protocol and (often) implementation level. SSH may be an option too. Is the web client sent to the user over HTTP? Can you ensure that the connection uses SSL? If so, the key does not have to travel in plaintext form. There is still the issue of key re-use. How much control do you have over the server from which the java client is sent? You could send a different symmetric key with each client, though that is a little strange. A better strategy might be to send a private key with the client which it can then use to negotiate session keys with the server. Having said all that, I still lean towards using a library with an existing protocol like SSL or SSH. Whether either of those is applicable really depends on the specifics of your app, to whom it is distributed, etc. --mkb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: crypto/web impementation tradeoffs
Without more knowledge of the parameters of the system (especially the threat model), it's hard to say -- however, this sounds like a case for the Diffie-Hellman key agreement protocol. Have the client and server each pick a random number, and then use those numbers to generate a key dynamically. Bear On Wed, 3 Jul 2002, John Saylor wrote: Hi I'm passing some data through a web client [applet-like] and am planning on using some crypto to help ensure the data's integrity when the applet sends it back to me after it has been processed. The applet has the ability to encode data with several well known symmetric ciphers. The problem I'm having has to do with key management. Is it better to have the key encoded in the binary, or to pass it a plain text key as one of the parameters to the applet? I know that the way most cryptosystems work is that the security is in the key. But having a compiled-in key just seems like a time bomb that's going to go off eventually. Is it better to have a variable key passed in as data [i.e. not marked as key] or to have a static key that sits there and waits to be found. Thanks. -- \js 'People who work sitting down get paid more than people who work standing up.' - Ogden Nash (1902-1971) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: crypto/web impementation tradeoffs
John Saylor wrote: Hi I'm passing some data through a web client [applet-like] and am planning on using some crypto to help ensure the data's integrity when the applet sends it back to me after it has been processed. The applet has the ability to encode data with several well known symmetric ciphers. The problem I'm having has to do with key management. Is it better to have the key encoded in the binary, or to pass it a plain text key as one of the parameters to the applet? I know that the way most cryptosystems work is that the security is in the key. But having a compiled-in key just seems like a time bomb that's going to go off eventually. Is it better to have a variable key passed in as data [i.e. not marked as key] or to have a static key that sits there and waits to be found. If all you want to ensure is integrity, why are you using symmetric encryption? Surely a keyed HMAC would make more sense? Not that this changes your question. However, you haven't specified your threat model, so I feel unable to answer. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
