The obituary has, at long last, prompted me to write a brief review of
Marks' book "Between Silk and Cyanide". The capsule summary: read it,
and try to understand what he's really teaching about cryptography,
amidst all the amusing anecdotes and over-the-top writing.
The main lesson is
In message [EMAIL PROTECTED], John Young write
s:
This loops back to NONSTOP and the question of what may
be the signatures and compromising emanations of today's
cryptosystems which reveal information in ways that go beyond
known sniffers -- indeed, that known sniffers may divertingly
In message [EMAIL PROTECTED], John Young writ
es:
NIST states on its Web site that a draft FIPS for AES would
be issued for comment "shortly after announcement of the
winner (probably in November 2000)." Anything scandalous
behind the delay?
From what I've heard, it's just process issues. (I
In message [EMAIL PROTECTED], David Honig writ
es:
At 10:27 PM 1/1/01 +0530, Udhay Shankar N wrote:
Did this slip between the cracks in holiday season or has it already been
discussed here ?
Udhay
Its just yet another 'secure' scheme that uses quantum theory
(here, discrete photons; elsewhere,
In message [EMAIL PROTECTED], "P
.J. Ponder" writes:
from: http://www.ibm.com/news/2000/11/30.phtml
IBM develops algorithm that encrypts and authenticates simultaneously
More precisely, this is a new mode of operation that does encryption
and authentication in one pass. It's also amenable
In message [EMAIL PROTECTED], [EMAIL PROTECTED] writ
es:
Yahoo's new system works like this: Once a message is composed, it
travels, unencrypted, to Yahoo,
So feel no fear in sending anything you wouldn't mind being read before
it's encrypted?
I'm surprised AOL isn't offering this "security
In message [EMAIL PROTECTED], Willi
am Knowles writes:
Snakeoil?
[Smells like it. --Perry]
http://www.ireland.com/newspaper/finance/2000/1110/fin10.htm
I don't know if it's really snake-oil -- it's possible, of course, that
they've developed a new, useful encryption algorithm, though of
In message [EMAIL PROTECTED], [EMAIL PROTECTED] writes:
http://csrc.nist.gov/encryption/aes/
will we see official DOI # for IPsec/IKE right after this?
itojun
Certainly, very soon thereafter.
--Steve Bellovin
You're being a mathematician. Be a cop instead.
Police manage to arrest people all the time for, say, murder, even
though mathematically there are lots of people who could have committed
the crime. Perhaps 10 different people have had to disclose shares of
the key to Inspector Lestrade.
In message [EMAIL PROTECTED], Dan Geer writes:
How do they exchange public keys? Via email I'll bet.
Note that it is trivial(*) to construct a self-decrypting
archive and mail it in the form of an attachment. The
recipient will merely have to know the passphrase. If
transit
In message [EMAIL PROTECTED], Chris
Duffy writes:
I was searching around and chanced upon your list. I am trying to compare
RC4 vs RC5 encryption. Can someone fill me in on the
advantages/disadvantages of these two? Thanks,
They're not related.
RC4 is a stream cipher. It's very fast per
In message [EMAIL PROTECTED] 4.1.2721150740.00
[EMAIL PROTECTED], John Kelsey writes:
-BEGIN PGP SIGNED MESSAGE-
At 10:37 PM 7/19/00 -0400, Steven M. Bellovin wrote:
The important thing is that the random number really has to be
random and unguessable.
There was a clever trick
In message [EMAIL PROTECTED], Eric Murray writes:
Why not send then a SDA that contains a copy of PGP, installs it,
generates a key for the user, posts it to a keyserver, sets up the
correct MIME content-type hooks in the user's browser, and then send
them the real PGP-encrypted file 10 minutes
In message [EMAIL PROTECTED], Meyer Wolfs
heim writes:
-BEGIN PGP SIGNED MESSAGE-
On Fri, 14 Jul 2000, Steven M. Bellovin wrote:
According to the AP, the ACLU has filed a Freedom of Information Act
request for information on Carnivore. See http://www.aclu.org/news/2000/n07
According to the AP, the ACLU has filed a Freedom of Information Act
request for information on Carnivore. See http://www.aclu.org/news/2000/n071400a.html
and http://www.nytimes.com/aponline/w/AP-FBI-Snooping.html
--Steve Bellovin
I had posted a note saying that pen register usage in New York was
barred by the courts unless a wiretap warrant had been issued. I need
to update that posting.
First, that opinion was rendered in People vs. Bialostok, 80 NY2d 738,
http://www.law.cornell.edu/cgi-bin/nyctap.cgi?80+738 But it
In message [EMAIL PROTECTED], Meyer Wolfs
heim writes:
-BEGIN PGP SIGNED MESSAGE-
I guess this explains the FBI's opposition to the Verio merger. I wonder
if a colocation company or service provider could be forced to disclose
its participation in the Carnivore project. Any
In message [EMAIL PROTECTED], Marc Horowitz writes:
"Steven M. Bellovin" [EMAIL PROTECTED] writes:
In this situation, everyone's email has to be scanned in order to
isolate the desired traffic.
I've seen this claim before, and I don't think it's true. It's like
saying to wireta
In message [EMAIL PROTECTED], Damien
Miller writes:
On Fri, 7 Jul 2000, Bill Stewart wrote:
The current UK effort is why we also need "Perfect Forward Secrecy
In Everything"; it's hard to force someone to turn over their
decryption keys when their equipment doesn't store them past a
In message [EMAIL PROTECTED], "Axel H Horns" writes:
1. The first striking item (page 3, section 3.1) is that despite
relaxation of crypto regulations, a clause is provided according to
which "an industrial property Office or recognized Certification
Authority may decide to offer Key
In message [EMAIL PROTECTED], "
P.J. Ponder" writes:
I think Perry is right, generally speaking. An argument could certainly
be made - with or without this federal act, or without any of the various
state laws on the books - that a _real_ digital signature (like an RSA
digital signature) is
In message [EMAIL PROTECTED] 4.1.2607054551.00
[EMAIL PROTECTED], John Kelsey writes:
At 10:33 PM 6/6/00 -0400, Arnold G. Reinhold wrote:
...
The patent appears much broader than just focusing a camera on a Lava
lamp. They claim digitizing the state of any chaotic system and then
hashing
In message [EMAIL PROTECTED], Dennis Glatting writes:
There is an article (somewhere) on the net of digital cameras focused
on lava lamps. Photos are taken of the lava lamps and mixed into a
hash function to generate random data. I believe the author had some
algorithm for turning the lamps
In message v04210109b5531fa89365@[24.218.56.92], "Arnold G. Reinhold" writes:
At 11:17 AM -0500 5/25/2000, Rick Smith wrote:
o There is the proposed legislation I cited earlier to protect these
methods from being revealed in court. These are not aimed at news
reports (that would never get
In message 001a01bfc599$355fc440$31cf54ca@emnb, "Enzo Michelangeli" writes:
John Gilmore wrote:
Anybody tested the primes in major products lately?
Interesting point ... of course, these days one can produce checkable
certificates of primality - but I'm not aware of any free software to
In message [EMAIL PROTECTED], Eivind Eklund writes:
On Sat, May 20, 2000 at 10:40:01AM -0700, David Honig wrote:
At 11:07 AM 5/20/00 -0400, Steven M. Bellovin wrote:
concern buggy crypto modules, and ask yourself how using triple AES
would have helped.))
Was this a slip of the finger
In message [EMAIL PROTECTED], "Perry E. Metzger" writes:
As interpreted by the FCC, the act also would require telecommunications
providers to turn over "packet-mode communications" - such as those that
carry Internet traffic - without the warrant required for a phone wiretap.
I think that
In message [EMAIL PROTECTED], Paul C
rowley writes:
Rick Smith [EMAIL PROTECTED] writes:
If you can control the risk of off-line attacks (i.e. theft of the password
file) then attackers are stuck performing on-line attacks. The system under
attack can usually detect on-line attacks and take
In message [EMAIL PROTECTED], Ron Rivest writes:
Steve --
Don't your statistics support the argument that key agility is
*not* likely to be terribly important by itself?
With a cache capable of storing only 5 key setups, you get at least a
75% hit rate, by your statistics.
This effectively
In message [EMAIL PROTECTED], "Perry E. Metzger" writes:
Anyone know anything about this?
--
See http://www.inria.fr/Presse/pre67-eng.html or
http://www.inria.fr/Presse/pre67-fra.html -- it was an attack on an
instance of elliptic curve cryptography.
--Steve Bellovin
I'll try to reply in more detail tomorrow; for now, let me say that the network
traffic situation is vastly more complex than you describe.
First, the papers you and Hari cite are for wide-area traffic. IPsec VPNs
will probably have characteristics much more like LAN or site-local traffic.
In message [EMAIL PROTECTED], Matt Blaze writes:
But I still don't believe there are secret back-doors in commercial OSes
because such things are too hard to keep secret. And I think the Lotus
incident is more evidence that NSA isn't going to try to keep something
like that secret since they
The AP reports that a U.S. judge has issued an injunction against the
Canadian and Swedish authors of cphack, the program that unlocks and
displays the blocked site list from CyberPatrol. The order extends to
distribution by others as well, including -- according to the plaintiff's
attorney --
In message [EMAIL PROTECTED], John Kelsey writes:
Nor do I. But there's a related engineering question: Does
it make sense to build large systems in which there's no way
for humans to overrule the actions of programs once they're
set in motion? *That* is the question I'm raising, not
In message [EMAIL PROTECTED], "Matt Crawford" writes:
If you're going to trust that CryptoSat, inc. hasn't stashed a local
copy of the private key, why not eliminate all that radio gear and trust
CryptoTime, inc. not to publish the private key associated with date D
before date D?
The
In message [EMAIL PROTECTED], Steve Schear writes:
At 09:56 AM 3/2/00 -0500, Steven M. Bellovin wrote:
It is worth noting that some bans on running servers are based on technology
,
not the business model of the provider. In IP over cable systems, there is
much less bandwidth available
In message [EMAIL PROTECTED], Bill Stewart writes:
It would be very nice if there were a Freenet _client_
instead of, or in addition to, the Freenet _server_.
What's the functional difference? None, actually :-)
The problem is that many US cable modem networks,
and some US xDSL networks,
The mainstrem American press has finally noticed Echelon. See
http://www.nytimes.com/library/tech/00/02/biztech/articles/24spy.html
http://www.nytimes.com/library/tech/00/02/biztech/articles/24secure.html
http://www.washingtonpost.com/wp-dyn/articles/A24275-2000Feb23.html
In message [EMAIL PROTECTED], Ian Farquhar writes:
5. Sony spends millions on recalls, PR damage control, etc.
Look at it this way:
"Sony, you'd better do a pretty good job of securing your keys, as if
your systems are compromised you'll wear the financial consequences."
It's worth
In message [EMAIL PROTECTED], Marc Horowitz writes:
In short, is steganography the ultimate surveillance tool?
Like most surveillance technologies, this is a game of constant
incremental improvements. You watch me through a window, I put up
curtains. You listen through a hidden
The AP reports that GCHQ -- the British cryptologic agency -- has posted a
puzzle on its Web site. If you can solve the puzzle (it's at
http://www.gchq.gov.uk/challenge.html), they want to talk to you...
Of course, the AP quoted a former MI5 agent as saying "The kind of people
with lively
In message [EMAIL PROTECTED], Declan McCullagh wri
tes:
While much of it resonates as true, the timing -- just before crucial
oversight hearings and concerns about illegal NSA spying -- might be a
little coincidental:
http://www.wired.com/news/politics/0,1283,32770,00.html
Last week's
In message [EMAIL PROTECTED], "Marcus Leech" writes:
The Thawte folks are busily promoting their "SuperCerts" which enable
128-bit
symmetric modes in "International" versions of the various browsers.
I guess I've been out of touch--is there an extension in web certs that
enables
In message 00ee01bf3c40$08c1df00$[EMAIL PROTECTED], "Matthew Ham
rick" writes:
This moves the problem of what gets
exported from the application developer to the CA issuing the super
cert. While I'm not sure, I'm guessing that VeriSign can't issue a
super cert to Uncle Saddam, but Thawte
In message [EMAIL PROTECTED], EKR writes:
I'm assuming it's compiled into the code, since if it were in the
cert database, it could be tampered with.
Sure -- just like Fortify can't exist...
--Steve Bellovin
[ Steve asked me to add:
Perry, could you amend my posting to include the following URL, too:
http://www.nytimes.com/aponline/f/AP-Internet-Bookseller-Settlement.html ]
Naturally, those of us on this list advocate routine use of cryptography. But
cases where cryptography or the lack
In message v04220814b457e31782c9@[204.167.101.35], Robert Hettinga writes:
--- begin forwarded text
To: [EMAIL PROTECTED]
Subject: a smartcard of a different color
Date: Tue, 16 Nov 1999 22:15:07 -0500
From: Dan Geer [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
Yesterday I saw a
In message v0421012db4321dc2f55c@[204.167.101.62], Robert Hettinga writes:
The solution to this madness, is, of course, bearer credentials, as
Stephan Brands points out in his recently published doctoral dissertation
"Rethinking Public Key Infrastructures and Digital Certificates --
In message [EMAIL PROTECTED], Steve Reid writes:
On Wed, Oct 13, 1999 at 03:08:49PM -0400, Steven M. Bellovin wrote:
But it's also clear that folks who manufacture this gear for sale in
the U.S. market are going to have to support CALEA, which in turn
means that someone is going to have
In message [EMAIL PROTECTED], Declan McCullagh wr
ites:
This followup might be relevant too. Has the FBI ever publicly weighed in
on an IETF debate before? Are there any implications here in other areas,
such as taxes, content, or encryption?
There are clearly many aspects to this
In message [EMAIL PROTECTED], "P.
J. Ponder" writes:
Is it a given that IETF standard protocols will contain backdoors? I
support the idea of bringing the issue before the IETF. Surely the vast
majority will oppose weakening the protocols.
No, it is by no means a settled question.
In message [EMAIL PROTECTED], Bill Stewart writes:
At 04:35 PM 10/6/99 , Phillip Hallam-Baker wrote:
That means that you can only succeed against web-users whose browsers
still accept SSL2.0, which is most Netscape users by default;
I don't know if IE also defaults to that, but it probably
According to the AP, the Defense Department has opened a new center to help
deal with electronic evidence in case of serious crimes involving the military
(http://www.nytimes.com/aponline/a/AP-Defense-Computer-Crime.html). Among
their purported capabilities are being able to track hackers
In message v04210104b40d7088a106@[24.218.56.100], Arnold Reinhold writes:
And what is the value proposition for the consumer? SSL works swell.
Bingo. Consumers will adopt this if and only if cost savings are passed on to
them, which in turn can only happen if the credit card companies (a)
In message [EMAIL PROTECTED], Howie Goodell writes:
It's (2) that's the real problem. They have this message they
claim came from you, but the link to you is secret (maliced
keyboards; Windows 2000 backdoors, etc.) This has nothing to do
with encryption -- since the evidence is plaintext --
In message [EMAIL PROTECTED], Adam Shostack write
s:
| I suspect his security experts realized that export controls were
| ineffective in keeping crypto out of the hands of bad guys and that
| the DOD was suffering because the commercial products on which it
| depends lack strong
In message [EMAIL PROTECTED], Declan McCullagh wr
ites:
What I found most interesting was what Attorney General Reno said about the
government's cryptanalysis abilities. When asked if she can break strong,
64 bit equivalent crypto, she said, "We have carefully looked at this and
think it's
In message [EMAIL PROTECTED], Peter Gutmann writes:
Revealing the fact that CryptEncrypt() maps to a function in the
crypto hardware called ENCRYPT probably isn't a major threat to national
security. Existing PKCS #11 drivers also reveal details of classified crypto
algorithms like
Readers of this list may be interested in
http://www.nandotimes.com/technology/story/body/0,1634,89923-142316-981920-0,00.html,
which discusses Echelon and its impact in Europe. It's also the first mention
I've seen of Echelon in mainstream American-based media.
--Steve
In message [EMAIL PROTECTED], "MIKE SHAW" writes:
It's my understanding that in order to exploit this, you'd have to essentiall
y
set yourself up as a proxy after sending the RDP advert If this is the case,
wouldn't the fact that the man in the middle did not have the cert that
In message [EMAIL PROTECTED], EKR writes:
"Steven M. Bellovin" [EMAIL PROTECTED] writes:
Now, this does require that the CAs that your browser trusts follow
the Common Name=domain name convention, but that's just a special
case of trusting your CAs.
The attacker could al
The L0pht has issued a new advisory for an routing-type attack that can,
they say, allow for man-in-the-middle attacks against SSL-protected sessions
(http://www.l0pht.com/advisories/rdp.txt).
The implication -- that there's a flaw in SSL -- is probably wrong. But
they're dead-on right that
It's going to be hard to pick one of the five finalists. But if
the criteria remain (substantially) the same, I think the field
may be narrowed significantly. I'm making one very crucial assumption
here, of course -- that to the extent it is knowable, all five
finalists (Rijndael, MARS, RC6,
Folks, this list has been getting rather noisy of late, mostly with
discussions of political philosophy. Can we move those discussions somewhere
else?
Most of us on this list want free crypto. Loudly proclaiming that you do,
too, isn't particularly new or useful. And while we have
In message [EMAIL PROTECTED], Declan McCullagh wri
tes:
I have a more detailed report on Wired News:
http://www.wired.com/news/news/politics/story/20333.html
My favorite part of the brief (I quote it):
Another argument: That this type of
regulation is an executive-branch policy
In message [EMAIL PROTECTED], [EMAIL PROTECTED] wr
ites:
Also remember that hushmail is acting as the CA, with all that implies
for ultimate security.
In message [EMAIL PROTECTED], Jim Thompson writes:
Here in my hands, I have an "Atom-Age" HW RNG device.
Sounds interesting -- do you have a URL or other contact info?
But -- and it's a big "but" -- what assurance mechanisms does their device provide?
The Intel folks say that being sure
In message [EMAIL PROTECTED], Bjorn Remseth writes:
On Sat, Apr 17, 1999 at 05:41:56PM -0400, Lynne L. Harrison wrote:
Another issue that bugs me is the fact that viruses are an essentially
unnecessary. They are a consequence of basically flawed security
mechanisms in a few operating
In message [EMAIL PROTECTED], "Perry E. Metzger" writes:
Anyone know anything about this?
Thursday March 11 11:15 AM ET
Bill To Relax U.S. Controls On Encryption Advances
WASHINGTON (Reuters) - A bill to relax strict U.S. export controls on
computer data-scrambling products passed a
In message [EMAIL PROTECTED], Ben Laurie writes:
Steve Bellovin wrote:
Intel has announced a number of interesting things at the RSA conference.
The most important, to me, is the inclusion of a hardware random number
generator (based on thermal noise) in the Pentium III instruction set.
According to http://www.nytimes.com/library/tech/99/11/cyber/articles/19encrypt.html,
the German government is going to help fund the GPG effort. GPG is an
open-source program that is compatible with (some versions of) PGP.
The U.S. government doesn't seem to be amused...
In message [EMAIL PROTECTED], John Young writes:
Ron Rivest received on November 10 "US Patent 5835600:
Block encryption algorithm with data-dependent rotations:"
http://jya.com/rivest111098.htm (22K)
Has anyone compared this with the earlier IBM patent that is cited in their
AES
72 matches
Mail list logo