Re: Diffie-Hellman 128 bit
On Fri, 14 Mar 2003, NOP wrote: Nope, it uses 128 bit primes. I'm trying to compute the discrete logarithm and they are staying within a 128 bit GF(p) field. Sickening. Thnx. Lance If they're using 128-bit primes, you don't really need to look for breaks - just throw a cpu at it and you're done. Bear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Microsoft: Palladium will not limit what you can run
Eugen Leitl writes: Unfortunately no one can accept in good faith a single word coming out of Redmond. Biddle has been denying Pd can be used for DRM in presentation (xref Lucky Green subsequent patent claims to call the bluff), however in recent (of this week) Focus interview Gates explicitly stated it does. I don't know what Gates said in this Focus interview but you have misstated the history here. Microsoft has never denied that Palladium can be used for DRM. Rather, the issue with regard to Lucky Green's supposed patent application (whatever happened to that, anyway?) was whether Palladium would be used for software copy protection. Microsoft said that they couldn't think of any way to use it for that purpose. See http://www.mail-archive.com/[EMAIL PROTECTED]/msg02554.html. Let's see, we have an ubiquitous built-in DRM infrastructure, developed under great expense and deployed under costs in an industry turning over every cent twice, and no-one is going to use it (Palladium will limit what programs people can run)? Microsoft's point with regard to DRM has always been that Palladium had other uses besides that one which everyone was focused on. Obviously they fully expect people to use the technology. I'm not sure where you get the part about it being deployed under costs. Is this more of the XBox analogy? That's a video game system, where the economics are totally dissimilar to commodity PC's. All video game consoles are sold under cost today. PCs generally are not. This is a misleading analogy. In any case, DRM does not limit what programs people can run, at least not to a greater degree than does any program which encrypts its data. Right. It's all completely voluntary. There will be no attempts whatsoever to lock-in, despite decades of attempts and considerable economic interests involved. Yes, it is completely voluntary, and we should all remain vigilant to make sure it stays that way. And no doubt there will be efforts to lock-in customers, just as there have been in the past. There is no contradiction between these two points. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Microsoft: Palladium will not limit what you can run
AARG!, having burned the nym with the moderator of this list and who is therefore now posting via the Hermes remailer commented on Microsoft, which similarly burned the Palladium name, claims: Hopefully this will shed light on the frequent claims that Palladium will limit what programs people can run, or take over root on your computer, and similar statements by people who ought to know better. It is too much to expect these experts to publicly revise their opinions, but perhaps going forward they can begin gradually to bring their claims into line with reality. Part of me wonders if it worth my time to reply to this post, but what the heck, I'll take it. So let's talk about reality. It is true, at least for the moment, that Intel's La Grande initiative, which provides the hardware foundation for Palladium, just locks pages in memory that are designate as such by the application. It if further true that Palladium, as the aforementioned OS component, just designates certain blobs of data to be inaccessible to the user who has Ring 0 privileges. Whether Palladium takes over root on a computer or merely prevents the legitimate purchaser of a PC who otherwise has required privileges from performing certain actions on the PC that he legally owns with the data he lawfully created may be a matter of philosophical debate. For conciseness and clarity it suffices to say that the owner of a PC will not have root privileges on a PC on which Palladium is active and in force. No Microsoft press release can possibly alter this fact, since this restriction is fundamental to Palladium having any value at all to any entities. As Microsoft's John Manferdelli wrote: How these new programs are built - and what they will require of the user - are questions for the application developer to answer. What John means is that Palladium in and by itself will not limit what applications you can run. Which is mostly true for the first phase. But if, in addition to Palladium, you would like to run application by vendors concerned about law-abiding, but undesirable, information flow, then you will find that the applications that you would like to run in addition to the above won't perform as expected. --Lucky - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Microsoft: Palladium will not limit what you can run
On Sat, 15 Mar 2003, Anonymous wrote: Microsoft's point with regard to DRM has always been that Palladium had other uses besides that one which everyone was focused on. Obviously Of course it's useful. Does the usefulness outweigh the support for special interests (DRM, governments, software monopolies)? There is no value for the end user which can't be achieved with smart cards, which have the additional potential of being removable and transportable. they fully expect people to use the technology. I'm not sure where you get the part about it being deployed under costs. Is this more of the XBox analogy? That's a video game system, where No, I meant it's a nonnegligible incremental cost on the system. It increases the chipcount and/or the design complexity, and requires strong encryption on interchip and intercomponent bus traffic. I don't know what the increased cost on a motherboard is, but it's probably in the dollar range at least. Very nonegligible for an industry learned caution by low profit margins. There's clearly a long-term political motivation present. the economics are totally dissimilar to commodity PC's. All video game consoles are sold under cost today. PCs generally are not. This is a misleading analogy. I notice that the technology is primarily rolled out in high-margin areas first like notbooks (and in game consoles where considerable front investments need to be protected). In any case, DRM does not limit what programs people can run, at least not to a greater degree than does any program which encrypts its data. This is a gross misrepresentation. Content (whether executable code or media, it doesn't really matter as the difference is blurring) can be keyed to individual machines. This kills copying. There's an intense battle going on between open science proponents and the likes of Elsevier. Distribution range of documents can be limited. Access to documents can be limited to specific time window. Secrets inserted at manufacture time ask for legislation demanding subpoenable records. Hardware can be made which prefers a specific vendor by selective disclosure of information. Capability for strong authentication asks for legislation making it nonfacultative, basically outlawing anonymity. Etc. etc. There are many way by which this envelope of technologies here informally called Pd will limit dissemination of information and increase control on side of governments and large companies. Above off-the-cuff list indicates it's a giant, yet untapped can of worms. Unlike subsidized smartcard readers to initial fax effect the user can only lose. Right. It's all completely voluntary. There will be no attempts whatsoever to lock-in, despite decades of attempts and considerable economic interests involved. Yes, it is completely voluntary, and we should all remain vigilant to make sure it stays that way. And no doubt there will be efforts to lock-in customers, just as there have been in the past. There is no contradiction between these two points. This is an intensely political technology, and as such ignoring the political component by just focusing on fair and useful side of it will result in a very skewed estimate of its future impacts. It doesn't pay to be naive. Under the circumstances, it is much better to just block it. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Microsoft: Palladium will not limit what you can run
Jeroen C. van Gelderen schrieb am Fri, Mar 14, 2003 at 12:38:14AM -0500: [...] Obviously a vendor can restrict what kind of software runs on the hardware he sells, either by contract or trough technical means. In the latter case the consumer is of course free to circumvent the barriers, provided that he lives in a free country. If he doesn't like the vendor's policy, he is of course free to vote with his wallet. If all vendors have agreed to the same policy [TCPA] you may experiece problems when trying to manufacture your own MB/cpu at home. Voting does not make sense without alternatives. So DRM with collusion of too many vendors will be a problem that even market forces cannot solve easily if it is hard for newcomers to enter the market segment (who has the money to set up a chip plant?). Birger - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Face-Recognition Technology Improves
Sidney Markowitz [EMAIL PROTECTED] writes: In addition, only one subject in 100 is falsely linked to an image in the data base in the top systems. Wow, 99% accuracy for false positives! That means only a little more than 75 people a year mistakenly detained for questioning in Atlanta HartsField Airport (ATL), and even fewer at the less busy airports (source Airports Council International, 10 Busiest Airports in US by Number of Passengers, 2001). Were there really 750 Million Passengers flying through ATL??? That number seems a bit high... Also, I'm not convinced that multiple trials for a single individual are independent. Indeed, one could easily assume that multiple trials for a single individual are highly correlated -- if the machine isn't going to recognize the person on the first try it's highly unliklely it will recognize the person on subsequent tries. It's not like there is a positive feedback mechanism. Therefore, a better question would be how many UNIQUE passengers flew threw ATL, and then take 1% of that for the number of false positives. I think it's safe to assume that the 99% accuracy for false-positives is over the population, not over the number of trials. -- sidney markowitz [EMAIL PROTECTED] -derek -- Derek Atkins Computer and Internet Security Consultant [EMAIL PROTECTED] www.ihtfp.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
How effective is open source crypto?
How effective is open source crypto? http://www.securityspace.com/s_survey/sdata/200302/protciph.html One measure is to look at how effective the open source crypto regime is in getting product out there. From the above, it is fairly easy to suggest that strong crypto is totally available to all, probably thanks to the efforts of open source crypto providers. How effective is the SSL cert regime? Last page showed 9,032,963 servers. This page shows 112,153 servers using certs. http://www.securityspace.com/s_survey/sdata/200302/index.html That's right, folks. In the particular case of web browsing, the USAGE of crypto has been relegated to 1% of potential opportunities. (Pprobably much less than that due to other factors, but 1% makes for a nice soundbite.) Why? Because a) it is relatively hard to get a server configured with a cert, and b) the browsers discriminate against self-signed certs, forcing administrators to go the more troublesome, costly and frustrating way of requiring purchased and approved certs. (For no measurable added value to the security.) (So they don't.) I suggest that open source crypto has won the crypto wars, and the implementations of SSL have bungled the peace for us. It is ludicrously easy to encourage more use of crypto, by repairing the browsers and servers in these two ways: Fix 1. browsers should not negatively discriminate between self-signed, CA-signed and unprotected HTTP. (For example, browsers might show one icon for the self-signed and another icon for the CA-signed - maybe a branded icon from the CA. There should be no FUD warnings when going from totally unprotected HTTP to connections secured by self-signed certs.) Fix 2. Apache and other servers should be configured out of the box automatically with SSL enabled over the default site. (Which means, a self-signed cert [unencrypted on disk] and the server listening on its port.) (There are plenty of minor fixes as well, such as renaming the self-signed certs to be self-signed. At the moment, they are sometimes incorrectly labelled as snake oil, thus confusing the users by implying that that are not definitively better than unprotected HTTP.) To conclude, open source crypto has not shown itself to be effective, at least within the one protocol examined above, but could easily be so with some changes to the implementations. -- iang PS: I don't know who Security Space is, there is also another company called Netcraft that provides similar stats, but they do not release the results in so timely a fashion, so conclusions tend to suffer from being already out of date. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]