Re: New Protection for 802.11
Reading the Wifi report, it seems their customers stampeded them and demanded that the security hole be fixed, fixed a damned lot sooner than they intended to fix it. Which is sort of a shame, in a way. 802.11b has no pretense of media layer security. I've been thinking of that as an opportunity for folks to get smarter about network and application layer security - PPTP, IPSEC, proper authentication, etc. A lot of sites are putting their wireless access points outside the firewall and doing VPNs and the like to build secure links. If WiFi gets reasonable media layer security soon, that pressure will go away and we'll go back to media-based security. I think that's a bad thing in the long run; you end up with systems that may be somewhat secure at the gateway/firewall but are soft inside. [EMAIL PROTECTED] . . . .. . . . http://www.media.mit.edu/~nelson/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Palladium -- trivially weak in hw but secure in software?? (Re: palladium presentation - anyone going?)
Adam Back says: Providing almost no hardware defenses while going to extra-ordinary efforts to provide top notch software defenses doesn't make sense if the machine owner is a threat. So maybe the Palladium folks really mean it when they say the purpose of Palladium is not to enable DRM? I doubt it, though. Even a paper-thin shred of hardware protection is enough to prevent 99% of the people from circumventing DRM technology. Joe Sixpack isn't going to install a mod chip, and his local computer store can't do it for him for fear of prosecution for circumventing copyright protection. If the appliance enforces DRM when you buy it, that's good enough to guarantee revenue to the copyright holders. In the US, at least. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: unforgeable optical tokens?
I see several applications where these tokens could be really useful where biometric methods are completely useless. Main advantage seems to be that these tokens are extremely cheap. There are heaps of applications where these tokens seem to be just perfect. For a bit of perspective, this work comes out of a research lab that has worked with a variety of technologies for digital IDs for physical objects. Barcodes, RFID tags, smart cards, etc - all are ways to give a physical object a unique sequence. What's interesting about these optical tokens is that they are supposedly unforgeable, and they are very cheap. By contrast barcodes can be copied too easily. Smartcards are too expensive. Physical security tokens are the most prosaic application of this capability. Think tracking applications, object recognition on a wearable computer, ... Things That Think. [EMAIL PROTECTED] . . . .. . . . http://www.media.mit.edu/~nelson/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Thanks, Lucky, for helping to kill gnutella
Wow, this conversation has been fun. Thanks, Anonymous Aarg, for taking up the unpopular side of the debate. I'll spare any question about motives. I think most of us would agree that having a trusted computing environment makes some interesting things possible. Smartcards, afterall, are more or less the same idea as Palladium, just on a smaller scale. You're right to point out they could make things like a trusted Gnutella client possible, or do SETI@Home style distributed computing in a secure manner, or... But the context of Palladium is larger than what a few smart P2P folks could do. Palladium is a technology proposed by a convicted predatory monopolist. It is a technology that gives that monopolist even more control over the uses of its technology. And it just so happens to be exactly in line with the needs of the entertainment industry which has spent the past few years doing their best to squelch creative uses of the Internet so they can jealously protect their copyright hegemony. We'd be crazy not to be a little concerned. Let's turn the debate to a slightly more interesting place. Is there a way to create a trusted computing environment such as Palladium that does not also enable the restrictionof liberties? The optional aspect of Palladium isn't enough - the folks who own the media will ensure that it can only be played if your computer is in trusted mode. [EMAIL PROTECTED] . . . .. . . . http://www.media.mit.edu/~nelson/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: crypto question
Question. Is it possible to have code that contains a private encryption key safely? As a practical matter, yes and no. Practically no, because any way you hide the encryption key could be reverse engineered. Practically yes, because if you work at it you can make the key hard enough to reverse engineer that it is sufficient for your threat model. This problem is the same problem as copy protection, digital rights management, or protecting mobile agents from the computers they run on. They all boil down to the same challenge; you want to put some data on a computer you don't control but then restrict what can be done with that data. The digital rights management folks try to restrict the program that uses the data; region-locked DVD players, digital music software that obeys copyright restrictions (SDMI, etc), or the latest idea, having an encrypted channel all the way to your speakers and monitor which are secure tamper-proof devices. All of these schemes are defeatable, but can be made quite difficult. The mobile agent community has come up with some clever ideas on the problem, but nothing that's a practical solution yet. The version here is you want to run a program on a remote untrusted computer and you want to prevent your computation from being subverted or stolen. It's very hard, and my intuition was it'd be impossible, but in fact there are some interesting thoeretical results that show it is possible, at least in some limited domains. I haven't followed this research recently, but here are some good papers from a few years ago: Towards Mobile Cryptography (1998) Tomas Sander, Christian F. Tschudin http://citeseer.nj.nec.com/167218.html We present techniques how to achieve non--interactive computing with encrypted programs in certain cases and give a complete solution for this problem in important instances. Protecting Mobile Agents Against Malicious Hosts Tomas Sander, Christian F. Tschudin http://citeseer.nj.nec.com/329367.html - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: CFP: PKI research workshop
HTTPS SSL does not use PKI. SSL at best has this weird system in which Verisign has somehow managed to charge web sites a toll for the use of SSL even though for the most part the certificates assure the users of nothing whatsoever. To be fair, Verisign *is* a PKI. It's not the one a lot of us want, but it is in wide usage. Of course, client side certificates barely even exist, although people made substantial preparation for them early on in the history of all of this. I used to be puzzled by this. Then a couple of years ago I went through the process of getting a client-side certificate to access my student records at MIT. MIT is the only place I've ever seen to require client-side certs for authentication, bless 'em. It took me 30 minutes to establish a client side certificate, just so I could view a web page with my own data on it. *thirty minutes*. And I know a lot about cryptography. How would someone who'd never heard of a public key do? This was on Netscape 4.0 on Linux. Maybe MSIE things have improved since then, but I doubt it. (Anyone know?) PKI and the Emperor's New Clothes have a bunch in common. It's very important to look at this truth and think about why. Part of it is usability: Netscape could have made it easier for me. But a lot of it is design. PKI is complicated: chains of authority are complicated to understand, security technology is awkward for naive users to use properly, and trying to do anything with revocation or real time properties is a nightmare. The thing that makes me the most sad is that the PKI situation only seems to be getting worse, not better. Now it looks like it's going to be Passport that cracks the nut of client authentication, not PKI. And the spoils go to the victor. Three years from now when you're paying a monopolist a monthly fee for the priviledge of verifying your identity, think hard about why. [EMAIL PROTECTED] . . . .. . . . http://www.media.mit.edu/~nelson/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Yet more stego scare in the New York Times
Another sensationalist article in the NYT about the pervasiveness of steganography, with yet another lack of any evaluatable information. http://www.nytimes.com/2001/10/30/science/physical/30STEG.html?pagewanted=print In summary, evidence for stego in this article is: Some unnamed French defense ministry official says the folks they arrested for the plot to blow up the US embassy in Paris were using stego. Chet Hosmer, president CEO of WetStone Technologies, claims that 0.6% of images he found on porno sites and eBay have stego. He won't tell anyone which images or how he found them, and he can't read the secret messages. Oh, but he's paid by the Air Force. There are a bunch of stego tools available on the Internet, with over a million downloads! (Nevermind that most of those tools are the equivalent of ROT-13). The article does get better, quoting a few researchers back and forth, and finally getting to Provos' work analyzing images and finding nothing. What's so frustrating about this is that it is quite possible that high quality stego is being used out there; how would we know? But in the absence of facts, the media picks up the most scary sounding info and leads with it. I normally write letters to newspapers when I read dumb stories like this (and sometimes they publish them!), but I don't even know what to say this time. [EMAIL PROTECTED] . . . .. . . . http://www.media.mit.edu/~nelson/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]