Re: Scientists question electronic voting
On Thu, Mar 06, 2003 at 10:35:22PM -0500, Barney Wolff wrote: | On Thu, Mar 06, 2003 at 08:38:42PM -0500, Dan Riley wrote: | | But this whole discussion is terribly last century--still pictures are | passe. What's the defense of any of these systems against cell phones | that transmit live video? | | A Faraday cage. | | Seriously, what current or historic voting system would defend against | these risks? We certainly don't want an electronic system that is more | vulnerable than existing systems, but sticking with known-to-be-terrible | systems is not a sensible choice either. Break the trust of the vote buyers and sellers by making confirmation hard. Pictures in the booth of party line ballots that you can draw over the screen would be very hard to distinguish from the real thing over a cell-phone quality video picture. Adam -- It is seldom that liberty of any kind is lost all at once. -Hume - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: multiple system - Re: Scientists question electronic voting
At 12:25 PM 3/6/03 -0800, Ed Gerck wrote: Trei, Peter wrote: Ballot boxes are also subject to many forms of fraud. But a dual system (electronic backed up by paper) is more resistant to attack then either alone. The dual, and multiple, system can be done without paper ballot. There is nothing magic about paper as a record medium. I think one benefit of using paper ballots as the backup is that there are already pretty well-understood ways to deal with paper ballots. I like the idea of the election observers having at least one piece of the technology they really understand. I can send a link for a paper on this that was presented at the Tomales Bay conference on voting systems last year, using Shannon's Tenth Theorem as the theoretical background, introducing the idea of multiple witnesses. If two witnesses are not 100% mutually dependent, the probability that both witnesses may fail at the same time is smaller than that of any single witness to fail. Is the relevant question here about probabilistic failures, or about conspiracies? Clearly, the size and cost of the conspiracy gets much bigger if there's a check value on the election results that is handled completely outside the voting machine. Cheers, Ed Gerck --John Kelsey, [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Scientists question electronic voting
At 10:35 PM 3/6/03 -0500, Barney Wolff wrote: On Thu, Mar 06, 2003 at 08:38:42PM -0500, Dan Riley wrote: But this whole discussion is terribly last century--still pictures are passe. What's the defense of any of these systems against cell phones that transmit live video? A Faraday cage. Seriously, what current or historic voting system would defend against these risks? We certainly don't want an electronic system that is more vulnerable than existing systems, but sticking with known-to-be-terrible systems is not a sensible choice either. I think the real defense against vote-buying or vote-extortion schemes is external--detecting any such scheme that has much of an impact because it necessarily involves hundreds or thousands of people. This assumes that the authorities and media aren't totally corrupted, but so does any voting technology. With a lot of the more elaborate technological attacks, though, it's hard to see an attacker with current technology being able to afford them. Barney Wolff http://www.databus.com/bwresume.pdf --John Kelsey, [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Scientists question electronic voting
On Thu, Mar 06, 2003 at 10:35:22PM -0500, Barney Wolff wrote: We certainly don't want an electronic system that is more vulnerable than existing systems, but sticking with known-to-be-terrible systems is not a sensible choice either. Paper ballots, folded, and dropped into a large transparent box, is not a broken system. It's voting machines, punch cards, etc that are broken. I don't recall seeing news pictures of an election in any other western democracy where they used machines. And the Florida election was apparently affected more by eligible voters turned away from the polls than by votes sold. Maybe crypto, smart-cards, biometrics, etc would help authenticate voter eligibility and enforce one vote per live voter (zero per dead voter). -- - | 73,E-mail | [EMAIL PROTECTED] | | Lyn Kennedywebpage | http://home.earthlink.net/~lrkn | | K5QWB ICBM | 32.5 North 96.9 West| ---Livin' on an information dirt road a few miles off the superhighway--- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Comments/summary on unicity discussion
I'll hop in here, and see if I can give this a swing. IANAC (I am not
a cryptographer), but I do have access to one at work, and I did make
use of him in gaining an understanding of this area.
Some of these points are minutia, but are important, both because they
are common errors, and because they really help bring everything together.
In general, it appears that you mixed up your labels in the reference list.
[Sha49] is, indeed, the reference that you want, but that paper should
be listed as Communication Theory of Secrecy Systems (published in 1949)
On Mon, Mar 03, 2003 at 01:28:54PM -0800, Ed Gerck wrote:
1. WHAT IS UNICITY?
There are three different contexts to answer to this question!
1.a. Unicity Definition: Shannon [Sha49, page 693] defined unicity
distance (hereafter, n) as the least amount of plaintext which can be
uniquely deciphered from the corresponding ciphertext, allowing one to
determine, without doubt, the key that was used for encryption.
It doesn't deal with plaintext, just ciphertext. In fact, unicity
distance is only valid for a ciphertext only attack. Once you get a
known plaintext/ciphertext pair, a high unicity distance works against
you (more on this later). In addition, it is isn't certain that after
observing the requisite unicity distance number of ciphertext units that
you can uniquely determine the key, it is merely very likely.
So, the definition should be something more like:
1.a. Unicity Definition: Shannon [Sha49, page 693] defined unicity
distance (hereafter, n) as the least amount of ciphertext which would
reduce the likely number of spurious keys (equivocations) in a random
cipher to zero.
1.b. Unicity Model: As first given by Shannon [Sha49] under some restrictive
assumptions, specially the random cipher assumption, the mathematical
expression for unicity can be cast in the following unfolded expression
(his original expression was n = H(K)/D, where D is the redundancy):
n = H(K)/[|M| - H(M)]
I don't see this. I do see
D_N = log(G) - H(M)
Where D_N is the redundancy of the language, G is the total number of
messages in the language, and H(M) is the entropy of a message of the
language. Shannon uses log base 10, but we like to talk about 'bits'
of entropy in crypto, so we tend to talk about log base 2 (often written
lg x)
D = D_N / N
Where D is the redundancy the per unit (character/bit/whatever), D_N
is the redundancy of the language, and N is the average number of units
per message.
And finally, the unicity distance is:
n = H(K) / D
Where n is the unicity distance (expressed in units), H(K) is the
amount of entropy of a key (also in units) for the system, and D is the
redundancy per unit.
So, pulling it together
n = H(K) * N / (lg(G) - H(M))
(so, it would appear that your equation was off by a factor of the
average length of the message)
But truly, I think that it makes the most sense as just
n = H(K) / D
As an aside, you define:
H(K) = entropy of keys used in encryption
[...]
H(M) = entropy of actual message, the plaintext
This seems to imply that a particular message has entropy. This is
incorrect. A random variable has entropy ('variable' in mathspeak, not
'variable' in the sense of programming, which has an actual value as
the program is executing; this is a random variable as in X, where X
assumes the following values x_1, x_2, ... x_n with probability p_1,
p_2, ...p_n) , based on the statistical properties of the variable.
A particular value doesn't really have 'entropy', outside the context
of the system that created the value.
Now, having said that, strings (values, messages, etc.) do have
something called Kolmogorov Complexity. Kolmogorov Complexity is
the size of the smallest program that can produce a particular string.
For a string, the highest Kolmogorov Complexity it can have is the size
of the string. The lowest would be a very small program that produces
a very large string.
As you might expect, entropy and Kolmogorov Complexity are related.
You would expect a message from a high entropy system to have a high
Kolmogorov Complexity (in fact, the Kolmogorov Complexity should
be comparable to the entropy of the system). Further, you get some
intuitively nice results where the Kolmogorov Complexity of any output
of a PRNG is at most the size of the PRNG state, plus a bit for the PRNG
algorithm, which agrees nicely with the entropy of the system, which is
(at best) size of the PRNG state.
NOTE 1: The model for unicity has no probability error with a tail
to infinity because only entropy values are used in the formula of n
and by *definition* of entropy the entropy is already a limit to
infinity.
I don't understand what this note means.
NOTE 2: It does not matter how the attacker may try to decipher
the message. The attacker can of course use brute-force and try
out all keys or he can use short-cuts, it is his choice and he is entirely
free to use any
Re: Scientists question electronic voting
On Fri, Mar 07, 2003 at 12:50:44AM -0600, (Mr) Lyn R. Kennedy wrote: Paper ballots, folded, and dropped into a large transparent box, is not a broken system. It's voting machines, punch cards, etc that are broken. I don't recall seeing news pictures of an election in any other western democracy where they used machines. Surely you jest - where else did the term ballot-stuffing come from? The key, imho, is =2 independent means of counting the votes. Online, as each vote is cast, and a paper trail, for later reconciliation. It's hard for both to be skewed by the same amount, and differences will both raise suspicion and give an order of magnitude of the fraud. That seems to be the direction the experts are heading. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Proven Primes
At 9:21 PM -0800 3/6/03, Ben Laurie wrote: Bill Frantz wrote: At 3:47 AM -0800 3/6/03, Ben Laurie wrote: I'm looking for a list or lists of sensibly sized proven primes - all the lists I can find are more interested in records, which are _way_ too big for cryptographic purposes. By sensibly sized I mean in the range 512-8192 bits. I'm particularly after Sophie Germain primes right now, but I guess all primes are of interest. Having set a computer to the problem of coming up with a Sophie Germain prime for the E startup protocol (Diffie-Hellman), I offer you: static final BigInteger g = new BigInteger(2); static final BigInteger modulus = new BigInteger(11973791477546250983817043765044391637751157152328012 + 72278994477192940843207042535379780702841268263028 + 59486033998465467188646855777933154987304015680716 + 74391647223805124273032053960564348124852668624831 + 01273341734490560148744399254916528366159159380290 + 29782321539388697349613396698017627677439533107752 + 978203); And the proof? Sorry, an exercise for the student. :-) I thought that finding them was the hard part, and verifying one once found was relatively easy. I used the probable prime test in the Java BigInteger package. It sounds like, from some of the list traffic, that there are better tests. I guess I'm dumb, but how to you verify a proof of Sophie Germain primeness with less effort than to run the tests yourself? Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Re: Delta CAPPS-2 watch: decrypt boarding passes!
On Thursday 06 March 2003 02:34 pm, John Ioannidis wrote: Both JFK and SFO have stopped gate searches. Searches at security are still decided by the TSA personnel there (they don't get to see your boarding pass). FWIW, MSP initial security screening wants to see your boarding pass. I didn't see anyone try to avoid showing it. The last time I was through SFO, this new jihad hadn't started, but I got yet another lesson in the lack of sense of humor among the staff. Asked to take my creaky old ThinkPad 760XL out of its case to be x-rayed, I said Be nice to it; it's old. Whereupon I was invited out of line so the explosives residue screener could give it a wipedown. Even so, it was better than the beginning of that trip, when I'd forgotten to take my Victorinox Signature off of my keychain. (that's a 1.6 Swiss Army Knife with a pen, an LED flashlight and a 1.25 blade) At least I was given the opportunity to FedEx it back to the office. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Scientists question electronic voting
- Original Message - From: Ed Gerck [EMAIL PROTECTED] [...] For example, using the proposed system a voter can easily, by using a small concealed camera or a cell phone with a camera, obtain a copy of that receipt and use it to get money for the vote, or keep the job. And no one would know or be able to trace it. But that brings up my point once again: These problems already exist with current paper-ballot voting schemes, what exactly are you trying to achieve with an electronic voting scheme? To you simply want to make the counting of the votes more reliable, and maintain the security of all other aspects, or improve absolutely everything? --Anton - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Harnessing Atoms to Create Superfast Computers
http://www.nytimes.com/2003/03/07/books/07BOOK.html?th=pagewanted=printposition=top March 7, 2003 Harnessing Atoms to Create Superfast Computers By IAN FOSTER A SHORTCUT THROUGH TIME The Path to the Quantum Computer By George Johnson. Illustrated. 204 pages. Knopf. $24. George Johnson's Shortcut Through Time addresses one of the most excruciatingly complex, mysterious and deeply fascinating topics in modern science, namely quantum computing: the manipulation of quantum states to perform computations far faster than is possible on any conventional computer. The book's remarkable achievement is that it makes this deeply arcane topic accessible and understandable - even, I think, for the reader unsophisticated in physics or computing. It opens a door to broader understanding of this important field and sets a new standard for science writing. I was originally reluctant to review this book. I am a computer scientist with a guilty secret: I've never really understood quantum computing. How could I write a review without revealing my ignorance? However, as I began the preface, I became intrigued and then excited. Mr. Johnson, a contributing science writer for The New York Times, says he wrote the book not to profile the personalities in the field, but to lead the reader toward a tentative understanding of quantum computing. To take the reader along as he, the writer, strains to grasp an idea with an imprecise metaphor, only to discard it for another with a tighter fit, closing in on an airy notion from several directions, triangulating on approximate truth. And: I want the reader to feel that we are both on the same side - outsiders seeking a foothold on the slippery granite face of a new idea. I was hooked. So much of what passes for science writing nowadays is really human-interest journalism, focused on the quirks and conflicts of science's eccentric personalities, and is only incidentally concerned with science itself. Yet here was someone who proposed to take a problem at the forefront of science and address it on its own terms. Perhaps my ignorance was a virtue: I could serve as an experimental subject, reading the book and reporting on whether I arrived at the promised land. Approached from this perspective, the book took on the allure of a good mystery. Mr. Johnson, like a seasoned crime writer, sets the scene and then introduces a series of increasingly intriguing metaphors, each of which unveils another aspect of Q.C., as I'll call it. As the story unfolds, it becomes clear that Q.C.'s secret could be revealed at the turn of any page. For me, the initial forays covered familiar ground. But Mr. Johnson soon entered unfamiliar territory, exploring the mysteries of superposition and entanglement. Along the way, we discover that we are dealing not with an obscure and eccentric academic curiosity, but with a dangerous character. (In addition to mystery, we have drama!) Q.C., it has been shown in the last few years, could defeat some of the fundamental codes that secure many electronic communications. The security of these public key cryptography mechanisms relies on the fact that on even the fastest computers, performing a particular computation - factoring, or breaking into their constituent pieces, large numbers - takes an unimaginably long time. Yet in 1994 Peter Shor, a mathematician, showed how Q.C. could do this same operation much faster - in a few minutes. Q.C. could provide a shortcut through time. Just why this is possible is at the heart of this concise but dense book. The particulars depend on the clever manipulations of two fundamental properties of the quantum world - superposition and entanglement. Superposition lets a single quantum switch be on and off at the same time; entanglement allows the state of one quantum switch to be linked with that of another. Set up just right, a collection of such quantum switches can, in principle, be used to build a computer that manipulates many numbers at once - transforming millions of numbers in one step, or, via mind-numbingly complex manipulations, factoring the numbers that support our financial and national security. Fortunately for those who use codes to maintain secrets, we also learn that Q.C. does not exist yet, at least not in a useful form. As Mr. Johnson notes, the world record for building a quantum computer involves just seven qubits (quantum switches, pronounced like the word cubits) operating for less than a second. A quantum computer with several thousand qubits and able to run for hours is not expected anytime soon. The problems involved in scaling up are complex and hard to resolve. They relate to the tendency of superposed quantum states to collapse to a single value - either on or off - when the real world impinges. A Shortcut Through Time is not all metaphor. It also touches on the history of this young field, noting a prescient paper by the physicist Richard P. Feynman, who postulated in 1982 that quantum
Re: Scientists question electronic voting
Francois Grieu [EMAIL PROTECTED] wrote: Then there is the problem that the printed receipt must not be usable to determine who voted for who, even knowing in which order the voters went to the machine. Therefore the printed receipts must be shuffled. Which brings us straight back to papers in a box, that we shake before opening. This may be the case in france - but in england, every vote slip has a unique number which is recorded against the voter id number on the original voter card. any given vote *can* be traced back to the voter that used it. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Proven Primes
At 2:04 AM -0800 3/7/03, Ben Laurie wrote: BTW, a terminology nit - a Sophie Germain prime is one such that p and 2p+1 are prime - I'll be that what you've given me is one such that p and (p-1)/2 are prime, right? Yes. And I do know that the Sophie Germain prime is the smaller of the two related primes. Cheers - Bill - Bill Frantz | Due process for all| Periwinkle -- Consulting (408)356-8506 | used to be the | 16345 Englewood Ave. [EMAIL PROTECTED] | American way. | Los Gatos, CA 95032, USA - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Proven Primes
At 10:04 AM 3/7/2003 +, Ben Laurie wrote: Indeed. The commonly used one is ECPP which uses elliptic curves cunningly to not only prove primality, but to produce a certificate which can be quickly verified. Probabilistic prime tests are just that - probable. ECPP actually proves it. Does anyone, in practice, care about the distinction, if the probability that the prime test has failed can be proved to be far less than the chance that a hardware failure has caused a false positive ECPP test? To restate the question: all calculation methods have a certain possibility of failure, whether due to human or mechanical error, however minute that possibility may be. If I can use a probabalistic primality test to reduce the possibility of error due to algorithm failure to a point that it's well below the possibility of error due to hardware failure, what's the practical difference? Thanks, - Tim - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Scientists question electronic voting
On Fri, Mar 07, 2003 at 02:22:23AM -0500, Barney Wolff wrote: On Fri, Mar 07, 2003 at 12:50:44AM -0600, (Mr) Lyn R. Kennedy wrote: Paper ballots, folded, and dropped into a large transparent box, is not a broken system. It's voting machines, punch cards, etc that are broken. I don't recall seeing news pictures of an election in any other western democracy where they used machines. Surely you jest - where else did the term ballot-stuffing come from? Perhaps you can elaborate on how ballot-stuffing is done without the co-operation of most of the people overseeing a polling place. The key, imho, is =2 independent means of counting the votes. Online, as each vote is cast, and a paper trail, for later reconciliation. It's hard for both to be skewed by the same amount, and differences will both raise suspicion and give an order of magnitude of the fraud. That seems to be the direction the experts are heading. What is to prevent the people overseeing a polling place from casting the votes for the dead? They would be recorded properly both ways. Or they could void and re-vote for ordinary voters. Seems there is still a problem unless each eligible voter brings a smart- card, warm finger, eyeball, etc. -- - | 73,E-mail | [EMAIL PROTECTED] | | Lyn Kennedywebpage | http://home.earthlink.net/~lrkn | | K5QWB ICBM | 32.5 North 96.9 West| ---Livin' on an information dirt road a few miles off the superhighway--- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Delta CAPPS-2 watch: decrypt boarding passes!
Roy M. Silvernail [EMAIL PROTECTED] writes: On Thursday 06 March 2003 02:34 pm, John Ioannidis wrote: Both JFK and SFO have stopped gate searches. Searches at security are still decided by the TSA personnel there (they don't get to see your boarding pass). FWIW, MSP initial security screening wants to see your boarding pass. I didn't see anyone try to avoid showing it. I've not seen ANY airport that didn't have this initial check, although generally it is boarding pass, printed ticket, or printed itinerary. This is actually one of the written rules (as opposed to some of those lovely unwritten rules that TSA seems to like imposing). -derek -- Derek Atkins Computer and Internet Security Consultant [EMAIL PROTECTED] www.ihtfp.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Proven Primes
Bill Frantz wrote:
I guess I'm dumb, but how to you verify a proof of Sophie Germain primeness
with less effort than to run the tests yourself?
There are ways to prove that p is prime so that the receiver
can verify the proof more easily than it would be to construct
a proof. The verification process is deterministic (there is
no chance of error), unlike probabilistic primality tests.
Here's a simple method, due to Pratt. It turns out that p is
prime if and only if the multiplicative group (Z/pZ)^* of integers
modulo p is cyclic. To show that the group is cyclic, we can
give a generator g. To show that g is a generator, we can factor
p-1 and show that g^{(p-1)/q} != 1 (mod p) for all prime q that
divide p-1. Thus, the proof of primality for p will be
proof(p) = (g, q_1, proof(q_1), q_2, proof(q_2), ...)
where q_1, q_2, ... is the list of prime factors of p and where
proof(q_i) is a recursive proof of primality for q_i.
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Proven Primes
I thought that finding them was the hard part, and verifying one once found was relatively easy. I used the probable prime test in the Java BigInteger package. It sounds like, from some of the list traffic, that there are better tests. Chapter 4 of the HAC gives a good introduction to all of this. http://www.cacr.math.uwaterloo.ca/hac/about/chap4.pdf There are probabilistic primality tests (e.g. Miller-Rabin), there are primality proving algorithms (e.g. Jacoby Sum Test, ECPP), some of which give a certificate of primality that can be verified using a different algorithm. Some of the tests work on integers of special forms (e.g. Mersenne numbers), others work on all integers. There are also algorithms that generate integers that are guaranteed to be prime (e.g. Maurer's algorithm), these are not tests... --Anton - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: REQ: Review of Nigel Smart's Introduction to Cryptography
Actually, there's the textbook Introduction to Cryptography by Delfs and Knebl that covers provably secure encryption and digital signatures as well. Published by Springer. Jaap-Henk On Fri, 7 Mar 2003 15:14:04 -0300 Mads Rasmussen [EMAIL PROTECTED] writes: Has anyone read Nigel Smart's book from late 2002, introduction to Cryptography The latest IACR newsletter brought an overview and TOC of the book, which I found interesting. It seems to me the first time provable security is mentioned in a textbook (see part IV, 17 and 18) As the newsletter said, more info is available at http://www.mcgraw-hill.co.uk/html/0077099877.html http://www.mcgraw-hill.co.uk/html/0077099877.html -- Jaap-Henk Hoepman | I've got sunshine in my pockets Dept. of Computer Science | Brought it back to spray the day University of Nijmegen |Gry Rocket (w) www.cs.kun.nl/~jhh | (m) [EMAIL PROTECTED] (t) +31 24 36 52710/531532 | (f) +31 24 3653137 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Scientists question electronic voting
On Fri, Mar 07, 2003 at 12:45:41PM -0600, (Mr) Lyn R. Kennedy wrote: Paper ballots ... Surely you jest - where else did the term ballot-stuffing come from? Perhaps you can elaborate on how ballot-stuffing is done without the co-operation of most of the people overseeing a polling place. The key, imho, is =2 independent means of counting the votes. Online, as each vote is cast, and a paper trail, for later reconciliation. It's hard for both to be skewed by the same amount, and differences will both raise suspicion and give an order of magnitude of the fraud. That seems to be the direction the experts are heading. What is to prevent the people overseeing a polling place from casting the votes for the dead? They would be recorded properly both ways. Or they could void and re-vote for ordinary voters. Seems there is still a problem unless each eligible voter brings a smart- card, warm finger, eyeball, etc. This is a perfect example of what I'm complaining about: You're holding electronic voting to a much higher standard than you are paper ballots. Perfect is the enemy of better. We do have to take care that electronic voting does not introduce new and catastrophic vulnerabilities. Other than that, it merely has to be better (and no more expensive) than the best existing systems. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Delta CAPPS-2 watch: decrypt boarding passes!
John Gilmore writes: And, besides identifying what cities they're doing this in, we should also start examining a collection of these boarding passes, looking for the encrypted let me through without searching me information. Or the Don't let me fly information. Then we can evaluate how easy it would be to turn one into another. (Don't mistake a system that claims to provide security for one that actually does.) May I suggest as a non-violent civil disobedience measure, that if anyone gains the ability to change the insecurity level, that they should be careful to change it from green to yellow, or yellow to red. In that manner, you cannot be accused to trying to escape scrutiny. You make your point[1] more effectively by demonstrating that you are willing to suffer for your cause. Like the guy who wouldn't take off the T-shirt that he *bought* in the mall. [1] that the only thing worse than taking away our freedom is by doing it using insecure cryptography. -- -russ nelson http://russnelson.com | What Problem Are You Trying Crynwr sells support for free software | PGPok | To Solve? is a service mark 521 Pleasant Valley Rd. | +1 315 268 1925 voice | of Crynwr Software. Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: double shot of snake oil, good conclusion
On Thu, Mar 06, 2003 at 09:38:25AM -0800, Ed Gerck wrote: Tal Garfinkel wrote: The value of these type of controls that they help users you basically trust who might be careless, stupid, lazy or confused to do the right thing (however the right thing is defined, according to your company security policy). It beats me that users you basically trust might also be careless, stupid, lazy or confused ;-) That's security in the real world. You screen employee's based on their character and competence at the task you hired them to do, you typically don't rigorously drill them on security procedures, and even if you do most folks get lazy, careless or confused at some point. Example: If an executive is told by the security bozo down the hall that they should not print out sensitive documents, they might take it seriously, but then again they can make excuses for their laziness, he's just being paranoid, I want to read this report in bed, it won't hurt this one time, etc. On the other hand, if they have to do something like break out the digital camera, it should be pretty obvious to them that what they are doing is in pretty severe violation of company policy, will likely get them severely reprimanded if caught, and will likely obviate any convenience benefits they might have hoped to gain by having a hard copy of that document. I think experience with password security is a perfect example of a the principle at work here, if you make it convenient to do the wrong thing, people almost certainly will. Your point might be better expressed as the company security policy would be followed even if you do NOT trust the users to do the right thing. But, as we know, this only works if the users are not malicious, if social engineering cannot be used, if there are no disgruntled employees, and other equally improbable factors. Ok, so there are only two issues here. One is problems with intention (are they mallicous or not, this includes disgruntled employee's etc.) and the other is problems with competence (can they be relied upon to always follow procedure). In the former case, document control will probably only serve as a mild deterrent, but raising the bar doesn't hurts. At least you might have the chance to catch some employee trying to photo many pages of your sensitive data off their screen. In the latter case, document control can help quite a bit, and can serve as a deterrent against things like social engineering. Also, it seems you are assuming that all internal attackers have equal access to information, this is not the case. If employee's can make print outs and accidentally leave them lying around, throw them away, etc. it lowers the bar for an unprivileged internal attacker. At least if everything stays in electronic form a mallicous employee may have to attempt to tackle you computer systems access controls head on instead of simply rooting around in your desk. Clearly, document controls are not a silver bullet, but if used properly I believe they do provide a practical means of helping to restrict the propagation of sensitive information. --Tal - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Re: Delta CAPPS-2 watch: decrypt boarding passes!
John Ioannidis writes: (they [TSA] still picked up random people without the search string on their boarding passess). HHH! If this list was to have a subtitle it would be Practical uses of randomness. Surely they're rolling dice, or cutting a well-shuffled deck, or consulting a book of random numbers, or using some other secure source of randomness. Somebody please tell me that they're not just picking people at random. I am reminded of a six-year-old's idea of randomness: eenie, meenie, miney, moe. -- -russ nelson http://russnelson.com | What Problem Are You Trying Crynwr sells support for free software | PGPok | To Solve? is a service mark 521 Pleasant Valley Rd. | +1 315 268 1925 voice | of Crynwr Software. Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Scientists question electronic voting
(Mr) Lyn R. Kennedy wrote: On Thu, Mar 06, 2003 at 10:35:22PM -0500, Barney Wolff wrote: We certainly don't want an electronic system that is more vulnerable than existing systems, but sticking with known-to-be-terrible systems is not a sensible choice either. Paper ballots, folded, and dropped into a large transparent box, is not a broken system. The broken system is the *entire* system -- from voter registration, to ballot presentation (butterfly?), ballot casting, ballot storage, tallying, auditing, and reporting. It's voting machines, punch cards, etc that are broken. I don't recall seeing news pictures of an election in any other western democracy where they used machines. Brazil, 120 million voters, 100% electronic in 2002, close to 100% since the 90's, no paper copy (and it failed when tried). BTW, the 3 nations with largest number of voters are, respectively: - India - Brazil - US Cheers, Ed Gerck - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
