Re: crypto question
On Fri, 22 Mar 2002, Arnold G. Reinhold wrote: I'm not sure what changes in your argument if you delete the word physical. I don't think you understand what that means. I was responsible for a multi-campus (at the time the largest private system ever built) computer controlled real-time security system connected to the fire, telephone, video, and computer networks. This involves mag switches, PIR's, thermal, ultrasonic, microwave, mag stripe cards, etc. We even had a small reactor on campus as well as a couple of Gutenburg bibles that my group was partialy responsible for. Perhaps we should all just give up with this security nonsense. I'm not suggesting that at all. I -am- suggesting that one should never under estimate ones opponents. If you could build it, so can they. If they can build it they can spend time taking it apart. Do most security organizations or systems have those sorts of time/resources? My experience is they don't. The major issue is more one of responsibility/indemnity in conflict with time. The longer a system remains unbroken the more likely it is to be broken, the only significant caveat is if the system is updated and modified often enough. Then there is a data collection issue that limits what is -reasonable-. -- There is less in this than meets the eye. Tellulah Bankhead [EMAIL PROTECTED] www.ssz.com [EMAIL PROTECTED] www.open-forge.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: crypto question
On Sun, 24 Mar 2002 [EMAIL PROTECTED] wrote: or just security proportional to risk ... random refs: There's a short coming with that view. In order to apply realistic metrics to what that risk is (eg 1 in 100 years) one must have systems being broken in order to vet it. It's one thing to state a axiom as you have done. It's a whole other one to apply it within a time schedule, budget, and general social setting. The three primary questions that occur when trying to give these real numbers become: - How long between services checks - How long between system upgrade/replacement - How have other systems stood up to intentional attacks The first is important to vet the continued opperation of an existing systems. The second is important in respect to opportunity to subvert and and the diffussion of 'classified' info out of controlled environments (eg robber's girlfriend is student...who applied for an internship...who copies the random page hither and yon...). And finaly this gives one a real graps of cost and 'friction' (to borrow a military term). A special note for three, this implies that at least some of the mechanisms of the same 'class' are(!) being broken. If not then one really has no way to make a metric. The only enginering answer is I don't know; I make the distinction between political and organizations needs and engineering ones. The vast majority of security mechanisms fail on several of these regularly. It's not intentional but unless you're running something with the dispcipline of a military base or prison you're going to have problems. I don't believe there are enough deliberate public attacks to make the third boundary condition relevant in most security situations. But on the flip side, most security situations are really overly sensitive to their probability. [1] [1] Which is probably a good thing for the industry :) -- There is less in this than meets the eye. Tellulah Bankhead [EMAIL PROTECTED] www.ssz.com [EMAIL PROTECTED] www.open-forge.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: crypto question
As someone who spent 5 years doing all the physical security for a major university I can say that ALL physical systems can be broken. No exception. The three laws of thermodynamics apply to security systems as well. There is ALWAYS a hole. On Thu, 21 Mar 2002, Arnold G. Reinhold wrote: It's not clear to me what having the human present accomplishes. While the power was out, the node computer could have been tampered with, e.g. a key logger attached. Who said you were allowed to lose power and stay secure? Laptops are pretty cheap and come with multi-hour batteries. There should be enough physical security around the node to prevent someone from tripping power. One approach might be to surround a remote node with enough sensors so that it can detect an unauthorized attempt to physically approach it. -- There is less in this than meets the eye. Tellulah Bankhead [EMAIL PROTECTED] www.ssz.com [EMAIL PROTECTED] www.open-forge.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Stegdetect 0.4 released and results from USENET search available
On Fri, 28 Dec 2001 [EMAIL PROTECTED] wrote: I download all of alt.anonymous.messages from the same news server that large numbers of people post and download child porn on. So the traffic analysis software has your link the first couple of days. Now all they've got to do is black bag your computers text editors and news readers...assuming they've got a motivation to expend the effort. The next step is to compare messages you submit with messages others submit, with respect to time not source/destination, once they've a correlation they can then move to 'other' techniques (eg trap mail, phone taps, etc.). (Hey, I do not read anything in alt.anonymous messages, I am just generating cover traffic out of pure public spirit.) Thus there is no ongoing pattern. Only because your 'cover traffic' isn't. If you wanted to help with cover traffic then you'd be sending large quantities of bogus traffic to the group daily.w But that would take a concerted commitment. Cover traffic requires an interesting characteristic to be effective, one that most don't 'get'; it must be full on all the time. The vast majority of your expended effort is bogus. The most effective cover traffic model is to send nothing but cover traffic at your full bandwidth 24x365. Then randomly inject/replace cover traffic with real traffic as it comes in. ps I'm still working on your Chomsky claims... -- Day by day the Penguins are making me lose my mind. Bumper Sticker The Armadillo Group ,::;::-. James Choate Austin, Tx /:'/ ``::/|/ [EMAIL PROTECTED] www.ssz.com.', `/( e\ 512-451-7087 -~~mm-'`-```-mm --'- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: FreeSWAN US export controls
On Mon, 10 Dec 2001, John Gilmore wrote: NSA's export controls. We overturned them by a pretty thin margin. The government managed to maneuver such that no binding precedents were set: if they unilaterally change the regulations tomorrow to block the export of public domain crypto, they wouldn't be violating any court orders or any judicial decisions. I.e. they are not BOUND by the policy change. That's not accurate. There have been several court rulings finding source code and such protected by the 1st. This would provide a lever that was not there previously. -- Day by day the Penguins are making me lose my mind. Bumper Sticker The Armadillo Group ,::;::-. James Choate Austin, Tx /:'/ ``::/|/ [EMAIL PROTECTED] www.ssz.com.', `/( e\ 512-451-7087 -~~mm-'`-```-mm --'- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: private-sector keystroke logger...
On Tue, 27 Nov 2001, Ben Laurie wrote: Yeah right - so it sets up an outgoing connection to some webserver to pass on the info. Firewall that. Easy, have your firewalling software keep a list of all the connections you allow. Each time a connection to a machine not on the list occurs it asks for permission, if you give it then it goes on the list. Couple this will a sniffer on the outside of the firewall to look for probes. -- Day by day the Penguins are making me lose my mind. Bumper Sticker The Armadillo Group ,::;::-. James Choate Austin, Tx /:'/ ``::/|/ [EMAIL PROTECTED] www.ssz.com.', `/( e\ 512-451-7087 -~~mm-'`-```-mm --'- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Proving security protocols
Might try, Modelling and Analysis of Security Protocols P. Ryan, S. Schneider ISBN 0-201-67471-8 Can't say it has exactly what you're looking for though. On Thu, 1 Nov 2001, Roop Mukherjee wrote: I have being trying to read about formally proving security protocols. I have seen the work of Needham, Paulson et. al., Meadows among others. I was wondering if anyone here has seen a comparison between these approaches to evaluate things like ease of use and effectiveness. I mean something with a little more detail than the related work section of most of these papers. Is one of these approaches considered as best-practice or is more commonly used than the other? Can someone offer some criticism of the practice formal verification in general ? -- The people never give up their liberties but under some delusion. Edmund Burke (1784) The Armadillo Group ,::;::-. James Choate Austin, Tx /:'/ ``::/|/ [EMAIL PROTECTED] www.ssz.com.', `/( e\ 512-451-7087 -~~mm-'`-```-mm --'- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: CDR: Re: anonymous digital cash and other (now) iffy stuff
No, it's the lack of a credible threat of such a system being put in place. Once the system is in place it is too late to impliment crypto to recover. There are other similar cause-effect logic errors in your arguments as well. On Sat, 22 Sep 2001, Ryan Lackey wrote: The greatest enemy of secure electronic mail, for instance, being widely deployed is the LACK of widespread monitoring. If every internet connection in the US were monitored actively, and the contents were routinely used in civil and criminal legal actions, technologies like ZKS Freedom, PGP, SSL would be in far wider use than they are now. -- Kill them all, take their land, and go there for vacation. Rage Against The Machine The Armadillo Group ,::;::-. James Choate Austin, Tx /:'/ ``::/|/ [EMAIL PROTECTED] www.ssz.com.', `/( e\ 512-451-7087 -~~mm-'`-```-mm --'- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Effective and ineffective technological measures
On Mon, 30 Jul 2001, Paul Onions wrote: Indeed, my reading of the following extract defining 'encryption research' in the DMCA seems to indicate that it is easier to prosecute someone for exposing a vulnarability in a weak system than for a stronger system. `(1) DEFINITIONS- For purposes of this subsection-- `(A) the term `encryption research' means activities necessary to identify and analyze flaws and vulnerabilities of encryption technologies applied to copyrighted works, if these activities are conducted to advance the state of knowledge in the field of encryption technology or to assist in the development of encryption products; and `(B) the term `encryption technology' means the scrambling and descrambling of information using mathematical formulas or algorithms. The reasoning being that exposing a vulnerability in a weak system will not 'advance the state of knowledge in the field of encryption technology'. It seems to me there is another loop-hole... ...encryption technologies applied to copyrighted works. If one can discuss the subject such that the applications never come up, in other words you're not drawing somebody a roadmap to crack. -- Nature and Nature's laws lay hid in night: God said, Let Tesla be, and all was light. B.A. Behrend The Armadillo Group ,::;::-. James Choate Austin, Tx /:'/ ``::/|/ [EMAIL PROTECTED] www.ssz.com.', `/( e\ 512-451-7087 -~~mm-'`-```-mm --'- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]