Re: palm beach HIV
Thus spake Eugen Leitl ([EMAIL PROTECTED]) [21/02/05 16:07]: : Calling Tim May! Calling Tim May! : : You rang? : : http://groups-beta.google.com/groups?q=start=0scoring=denc_author=8NH-JhoA : AAAfCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ For those who hate word wrap... http://groups-beta.google.com/groups?q=start=0scoring=denc_author=8NH-JhofCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ; /pet peeve
Re: palm beach HIV
On Mon, Feb 21, 2005 at 04:17:43PM -0500, Damian Gerow wrote: Thus spake Eugen Leitl ([EMAIL PROTECTED]) [21/02/05 16:07]: : Calling Tim May! Calling Tim May! : : You rang? : : http://groups-beta.google.com/groups?q=start=0scoring=denc_author=8NH-JhoA : AAAfCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ For those who hate word wrap... http://groups-beta.google.com/groups?q=start=0scoring=denc_author=8NH-JhofCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ; Funny, wrapped again! /pet peeve Yes, complain to the Al-Q. node maintainer. The same code which strips my digital signatures also wrap the lines. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgpfkmSaLAPup.pgp Description: PGP signature
Re: palm beach HIV
On Mon, Feb 21, 2005 at 08:25:47PM +, Justin wrote: Calling Tim May! Calling Tim May! You rang? http://groups-beta.google.com/groups?q=start=0scoring=denc_author=8NH-JhofCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ; -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgpgd3MNBo7Cd.pgp Description: PGP signature
Re: SHA1 broken?
On Sat, Feb 19, 2005 at 03:53:53PM +, Dave Howe wrote: I wasn't aware that FPGA technology had improved that much if any - feel free to correct my misapprehension in that area though :) FPGAs are too slow (and too expensive), if you want lots of SHA-1 performance, use a crypto processor (or lots of forthcoming C5J mini-ITX boards), or an ASIC. Assuming, fast SHA-1 computation is the basis for the attack -- we do not know that. While looking, came across http://www.ietf.org/proceedings/02jul/slides/saag-1.pdf We really DO NOT need SHA-256 for Message Authentication, mid-2002. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgpiyYiZfRHUC.pgp Description: PGP signature
palm beach HIV
Given the release of Palm Beach HIV+ patient information via accidental attachment to a widely-distributed email, should agencies with access to confidential information implement mandatory access control and role-based security so that, barring problems with the RBAC/MAC software, confidential data cannot be accessed by roles that have external network access? http://www.sun-sentinel.com/news/local/southflorida/sfl-paidslist21feb21,0,1753763.story?coll=sfla-home-headlines I haven't found the list yet, but I found this: http://www.palmbeachpost.com/opinion/content/opinion/epaper/2005/02/11/a20a_cramercol_0211.html In Palm Beach County, one of every 35 blacks is HIV-positive. That is compared with one of every 492 whites. Calling Tim May! Calling Tim May! -- Certainly there is no hunting like the hunting of man, and those who have hunted armed men long enough and liked it, never really care for anything else thereafter. --Hemingway, Esquire, April 1936
Re: palm beach HIV
Thus spake Eugen Leitl ([EMAIL PROTECTED]) [21/02/05 16:57]: : For those who hate word wrap... : : : http://groups-beta.google.com/groups?q=start=0scoring=denc_author=8NH-Jho : fCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ : : Funny, wrapped again! Not for me. Neither when I sent it nor when I received it. Your client, perhaps? : /pet peeve : : Yes, complain to the Al-Q. node maintainer. The same code which strips my : digital signatures also wrap the lines. Funny. Doesn't wrap mine.
MIME stripping
On 2005-02-21T22:40:03+0100, Eugen Leitl wrote: Yes, complain to the Al-Q. node maintainer. The same code which strips my digital signatures also wrap the lines. Really? http://groups-beta.google.com/groups?q=start=0scoring=denc_author=8NH-JhofCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ; http://groups-beta.google.com/groups?q=start=0scoring=denc_author=8NH-JhofCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ; -- Certainly there is no hunting like the hunting of man, and those who have hunted armed men long enough and liked it, never really care for anything else thereafter. --Hemingway, Esquire, April 1936 pgp8pg0P7TPy8.pgp Description: PGP signature
Re: MIME stripping
Weird. I won't sign this message. On Mon, Feb 21, 2005 at 10:57:37PM +, Justin wrote: On 2005-02-21T22:40:03+0100, Eugen Leitl wrote: Yes, complain to the Al-Q. node maintainer. The same code which strips my digital signatures also wrap the lines. Really? http://groups-beta.google.com/groups?q=start=0scoring=denc_author=8NH-JhofCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ; http://groups-beta.google.com/groups?q=start=0scoring=denc_author=8NH-JhofCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ; -- Certainly there is no hunting like the hunting of man, and those who have hunted armed men long enough and liked it, never really care for anything else thereafter. --Hemingway, Esquire, April 1936 [demime 1.01d removed an attachment of type application/pgp-signature] -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net
Re: MIME stripping
Justin [EMAIL PROTECTED] wrote: On 2005-02-21T22:40:03+0100, Eugen Leitl wrote: Yes, complain to the Al-Q. node maintainer. The same code which strips my digital signatures also wrap the lines. Really? No. Both lines came through unwrapped. AFA sigs go, if you really want your sig to get through don't (invoking Tim here) MIME-encrust it, just send it through as plain text. -- Riad S. Wahby [EMAIL PROTECTED]
Re: palm beach HIV
On Mon, Feb 21, 2005 at 05:40:13PM -0500, Damian Gerow wrote: Thus spake Eugen Leitl ([EMAIL PROTECTED]) [21/02/05 16:57]: : For those who hate word wrap... : : : http://groups-beta.google.com/groups?q=start=0scoring=denc_author=8NH-Jho : fCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ : : Funny, wrapped again! Not for me. Neither when I sent it nor when I received it. Your client, perhaps? No, Mutt doesn't wrap earls. : /pet peeve : : Yes, complain to the Al-Q. node maintainer. The same code which strips my : digital signatures also wrap the lines. Funny. Doesn't wrap mine. You don't sign. It used to be much worse, would completely reformat the messages. Wrapped earls I can live with. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgpOmksHR9bcp.pgp Description: PGP signature
Re: MIME stripping
This message is signed. On Mon, Feb 21, 2005 at 10:57:37PM +, Justin wrote: On 2005-02-21T22:40:03+0100, Eugen Leitl wrote: Yes, complain to the Al-Q. node maintainer. The same code which strips my digital signatures also wrap the lines. Really? http://groups-beta.google.com/groups?q=start=0scoring=denc_author=8NH-JhofCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ; http://groups-beta.google.com/groups?q=start=0scoring=denc_author=8NH-JhofCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ; -- Certainly there is no hunting like the hunting of man, and those who have hunted armed men long enough and liked it, never really care for anything else thereafter. --Hemingway, Esquire, April 1936 [demime 1.01d removed an attachment of type application/pgp-signature] -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgpii0nVdcs7r.pgp Description: PGP signature
Re: SHA1 broken?
- Original Message - From: Dave Howe [EMAIL PROTECTED] Subject: Re: SHA1 broken? Indeed so. however, the argument in 1998, a FPGA machine broke a DES key in 72 hours, therefore TODAY... assumes that (a) the problems are comparable, and (b) that moores law has been applied to FPGAs as well as CPUs. That is only misreading my statements and missing a very large portion where I specifically stated that the new machine would need to be custom instead of semi-custom. The proposed system was not based on FPGAs, instead it would need to be based on ASICs engineered using modern technology, much more along the lines of a DSP. The primary gains available are actually from the larger wafers in use now, along with the transistor shrinkage. Combined these have approximately kept the cost in line with Moore's law, and the benefits of custom engineering account for the rest. So for exact details about how I did the calculations I assumed Moore's law for speed, and an additional 4x improvement from custom chips instead of of the shelf. In order to verify the calculations I also redid them assuming DSPs which should be capable of processing the data (specifically from TI), I came to a cost within a couple orders of magnitude although the power consumption would be substantially higher. Joe
Re: SHA1 broken?
Joseph Ashwood wrote: I believe you substantially misunderstood my statements, 2^69 work is doable _now_. 2^55 work was performed in 72 hours in 1998, scaling forward the 7 years to the present (and hence through known data) leads to a situation where the 2^69 work is achievable today in a reasonable timeframe (3 days), assuming reasonable quantities of available money ($500,000US). There is no guessing about what the future holds for this, the 2^69 work is NOW. I wasn't aware that FPGA technology had improved that much if any - feel free to correct my misapprehension in that area though :)
SHA-1 results available
http://theory.csail.mit.edu/~yiqun/shanote.pdf No real details, just collisions for 80 round SHA-0 (which I just confirmed) and 58 round SHA-1 (which I haven't bothered with), plus the now famous work factor estimate of 2^69 for full SHA-1. As usual, Technical details will be provided in a forthcoming paper. I'm not holding my breath. -Jack
Re: SHA1 broken?
Eugen Leitl wrote: On Sat, Feb 19, 2005 at 03:53:53PM +, Dave Howe wrote: I wasn't aware that FPGA technology had improved that much if any - feel free to correct my misapprehension in that area though :) FPGAs are too slow (and too expensive), if you want lots of SHA-1 performance, use a crypto processor (or lots of forthcoming C5J mini-ITX boards), or an ASIC. Assuming, fast SHA-1 computation is the basis for the attack -- we do not know that. Indeed so. however, the argument in 1998, a FPGA machine broke a DES key in 72 hours, therefore TODAY... assumes that (a) the problems are comparable, and (b) that moores law has been applied to FPGAs as well as CPUs. I am unaware of any massive improvement (certainly to the scale of the comparable improvement in CPUs) in FPGAs, and the ones I looked at a a few days ago while researching this question seemed to have pretty much the same spec sheet as the ones I looked at back then. However, I am not a gate array techie, and most of my experience with them has been small (two-three chip) devices at very long intervals, purely for my own interest. It is possible there has been a quantum leap foward in FPGA tech or some substitute tech that can perform massively parallel calculations, on larger block sizes and hence more operations, at a noticably faster rate than the DES cracker could back then. Schneier apparently believes there has been - but is simply applying moore's law to the machine from back then, and that may not be true unless he knows something I don't (I assume he knows lots of things I don't, but of course he may not have thought this one though :)
RE: Code name Killer Rabbit: New Sub Can Tap Undersea Cables
When I was in Telecom we audited pieces of an undersea NSA network that was based on OC-3 ATM. It had some odd components, however, including reflective-mode LiNBO3 modulators and even acousto-optic modulators. (Actually, one of the components started dying which put them into a near-frenzy...it turned out we had someone who happened to know the designer of that very piece and so understood the failure mode completely.) My theory is that they were multiplexing their OC-3-collected information back over the same set of fibers the intelligence came from, or else re-routed it to another friendly cable nearby. These days, however, a la Variola I don't think that a single OC-3 will do even for specially-selected traffic, so they must do something different now (unless, of course, that OC-3 was just their OAMP/control network, which is entirely possible). -TD From: R.A. Hettinga [EMAIL PROTECTED] To: osint@yahoogroups.com, cryptography@metzdowd.com, [EMAIL PROTECTED] Subject: Code name Killer Rabbit: New Sub Can Tap Undersea Cables Date: Fri, 18 Feb 2005 20:47:02 -0500 http://wcbs880.com/topstories/topstories_story_049165912.html/resources_storyPrintableView WCBS 880 | wcbs880.com Experts: New Sub Can Tap Undersea Cables * USS Jimmy Carter Will Be Based In Washington State Feb 18, 2005 4:55 pm US/Eastern The USS Jimmy Carter, set to join the nation's submarine fleet on Saturday, will have some special capabilities, intelligence experts say: It will be able to tap undersea cables and eavesdrop on the communications passing through them. The Navy does not acknowledge the $3.2 billion submarine, the third and last of the Seawolf class of attack subs, has this capability. That's going to be classified in nature, said Kevin Sykes, a Navy spokesman. You're not going to get anybody to talk to you about that. But intelligence community watchdogs have little doubt: The previous submarine that performed the mission, the USS Parche, was retired last fall. That would only happen if a new one was on the way. Like the Parche, the Carter was extensively modified from its basic design, given a $923 million hull extension that allows it to house technicians and gear to perform the cable-tapping and other secret missions, experts say. The Carter's hull, at 453 feet, is 100 feet longer than the other two subs in the Seawolf class. The submarine is basically going to have as its major function intelligence gathering, said James Bamford, author of two books on the National Security Agency. Navy public information touts some of the Carter's special abilities: In the extended hull section, the boat can provide berths for up to 50 special operations troops, like Navy SEALs. It has an ocean interface that serves as a sort of hangar bay for smaller vehicles and drones to launch and return. It has the usual complement of torpedo tubes and Tomahawk cruise missiles, and it will also serve as a platform for researching new technologies useful on submarines. The Carter, like other submarines, will also have the ability to eavesdrop on communications-what the military calls signals intelligence-passed through the airwaves, experts say. But its ability to tap undersea fiber-optic cables may be unique in the fleet. Communications worldwide are increasingly transmitted solely through fiber-optic lines, rather than through satellites and radios. The capacity of fiber optics is so much greater than other communications media or technologies, and it's also immune to the stick-up-an-attenna type of eavesdropping, said Jeffrey Richelson, an expert on intelligence technologies. To listen to fiber-optic transmissions, intelligence operatives must physically place a tap somewhere along the route. If the stations that receive and transmit the communications along the lines are on foreign soil or otherwise inaccessible, tapping the line is the only way to eavesdrop on it. The intelligence experts admit there is much that is open to speculation, such as how the information recorded at a fiber-optic tap would get to analysts at the National Security Agency for review. During the 1970s, a U.S. submarine placed a tap on an undersea cable along the Soviet Pacific coast, and subs had to return every few months to pick up the tapes. The mission was ultimately betrayed by a spy, and the recording device is now at the KGB museum in Moscow. If U.S. subs still must return every so often to collect the communications, the taps won't provide speedy warnings, particularly against imminent terrorist attacks. It does continue to be something of a puzzle as to how they get this stuff back to home base, said John Pike, a military expert at GlobalSecurity.org. Some experts suggest the taps may somehow transmit their information, using an antenna or buoy-but those modifications are easier to discover and disable than a tap attached to the cable on the ocean floor. Unless they have some new method of relaying the information, it doesn't serve
Code name Killer Rabbit: New Sub Can Tap Undersea Cables
http://wcbs880.com/topstories/topstories_story_049165912.html/resources_storyPrintableView WCBS 880 | wcbs880.com Experts: New Sub Can Tap Undersea Cables * USS Jimmy Carter Will Be Based In Washington State Feb 18, 2005 4:55 pm US/Eastern The USS Jimmy Carter, set to join the nation's submarine fleet on Saturday, will have some special capabilities, intelligence experts say: It will be able to tap undersea cables and eavesdrop on the communications passing through them. The Navy does not acknowledge the $3.2 billion submarine, the third and last of the Seawolf class of attack subs, has this capability. That's going to be classified in nature, said Kevin Sykes, a Navy spokesman. You're not going to get anybody to talk to you about that. But intelligence community watchdogs have little doubt: The previous submarine that performed the mission, the USS Parche, was retired last fall. That would only happen if a new one was on the way. Like the Parche, the Carter was extensively modified from its basic design, given a $923 million hull extension that allows it to house technicians and gear to perform the cable-tapping and other secret missions, experts say. The Carter's hull, at 453 feet, is 100 feet longer than the other two subs in the Seawolf class. The submarine is basically going to have as its major function intelligence gathering, said James Bamford, author of two books on the National Security Agency. Navy public information touts some of the Carter's special abilities: In the extended hull section, the boat can provide berths for up to 50 special operations troops, like Navy SEALs. It has an ocean interface that serves as a sort of hangar bay for smaller vehicles and drones to launch and return. It has the usual complement of torpedo tubes and Tomahawk cruise missiles, and it will also serve as a platform for researching new technologies useful on submarines. The Carter, like other submarines, will also have the ability to eavesdrop on communications-what the military calls signals intelligence-passed through the airwaves, experts say. But its ability to tap undersea fiber-optic cables may be unique in the fleet. Communications worldwide are increasingly transmitted solely through fiber-optic lines, rather than through satellites and radios. The capacity of fiber optics is so much greater than other communications media or technologies, and it's also immune to the stick-up-an-attenna type of eavesdropping, said Jeffrey Richelson, an expert on intelligence technologies. To listen to fiber-optic transmissions, intelligence operatives must physically place a tap somewhere along the route. If the stations that receive and transmit the communications along the lines are on foreign soil or otherwise inaccessible, tapping the line is the only way to eavesdrop on it. The intelligence experts admit there is much that is open to speculation, such as how the information recorded at a fiber-optic tap would get to analysts at the National Security Agency for review. During the 1970s, a U.S. submarine placed a tap on an undersea cable along the Soviet Pacific coast, and subs had to return every few months to pick up the tapes. The mission was ultimately betrayed by a spy, and the recording device is now at the KGB museum in Moscow. If U.S. subs still must return every so often to collect the communications, the taps won't provide speedy warnings, particularly against imminent terrorist attacks. It does continue to be something of a puzzle as to how they get this stuff back to home base, said John Pike, a military expert at GlobalSecurity.org. Some experts suggest the taps may somehow transmit their information, using an antenna or buoy-but those modifications are easier to discover and disable than a tap attached to the cable on the ocean floor. Unless they have some new method of relaying the information, it doesn't serve much use in terms of warning, Bamford said. He contended tapping undersea communications cables violates a number of international conventions the United States is party to. Such communications could still be useful, although the task of sorting and analyzing so many communications for ones relevant to U.S. national security interests is so daunting that only computers can do it. The nuclear-powered sub will be commissioned in a ceremony at 11 a.m. Saturday at the submarine base at New London, Conn. The ceremony marks the vessel's formal entry into the fleet. The former president, himself a submariner during his time in the Navy, will attend. After some sea trials, the ship will move to its home port in Bangor, Wash. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and
RE: SHA-1 results available
Yiqun L Yin writes 21 February 2005 about when the full SHA-1 paper will appear: We have submitted the paper to a conference for peer review, and we should receive a notification of the review results by early May. We plan to publish the paper after incorporating the comments from the review, and will let you know around that time.
Re: palm beach HIV
Sheeit...I'm starting to think May was no longer all that interested in the Crypto stuff...seems he really just wanted to rant and terrify the clueless... -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: palm beach HIV Date: Mon, 21 Feb 2005 21:53:29 +0100 On Mon, Feb 21, 2005 at 08:25:47PM +, Justin wrote: Calling Tim May! Calling Tim May! You rang? http://groups-beta.google.com/groups?q=start=0scoring=denc_author=8NH-JhoA AAAfCMh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature]
Re: palm beach HIV
On Tue, Feb 22, 2005 at 12:25:23PM -0500, Tyler Durden wrote: Sheeit...I'm starting to think May was no longer all that interested in the Crypto stuff...seems he really just wanted to rant and terrify the clueless... I don't know why he's into Usenet trolling these days. I suspect there's a lot of disgust of where things cypherpunkly now stand. Sense of betrayal, etc. Don't do we all, if we look into which a shithole the net has degenerated these days? Ever noticed that everybody interesting has left years ago? This is true for about every great list. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgpbUAXnpa8Og.pgp Description: PGP signature
Re: Code name Killer Rabbit: New Sub Can Tap Undersea Cables
On Feb 18, 2005, at 19:47, R.A. Hettinga wrote: It does continue to be something of a puzzle as to how they get this stuff back to home base, said John Pike, a military expert at GlobalSecurity.org. I should think that in many cases, they can simply lease a fiber in the same cable. What could be simpler?
RE: SHA-1 results available
http://theory.csail.mit.edu/~yiqun/shanote.pdf No real details, just collisions for 80 round SHA-0 (which I just confirmed) and 58 round SHA-1 (which I haven't bothered with), plus the now famous work factor estimate of 2^69 for full SHA-1. As usual, Technical details will be provided in a forthcoming paper. I'm not holding my breath. A preprint was circulating at the RSA conference; Adi Shamir had a copy. Similar techniques were used by Vincent Rijmen and Elizabeth Oswald, in their paper available at .http://eprint.iacr.org/2005/010. William