Re: Extended certificate error
Allen [EMAIL PROTECTED] writes: I just got a warning that a certificate had expired and yet the data in it says: [From: Tue Aug 05 17:00:00 PDT 2003, To: Mon Aug 05 16:59:59 PDT 2013] The error message says: The digital signature was generated with a trusted certificate but has expired. What's the expiry date for the CA certificate that signed it, and its CA certificate? What's the clock on your PC set to? And why aren't you just clicking Continue anyway like everyone else does? :-). Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Extended certificate error
Peter Gutmann wrote: Allen [EMAIL PROTECTED] writes: I just got a warning that a certificate had expired and yet the data in it says: [From: Tue Aug 05 17:00:00 PDT 2003, To: Mon Aug 05 16:59:59 PDT 2013] The error message says: The digital signature was generated with a trusted certificate but has expired. What's the expiry date for the CA certificate that signed it, and its CA certificate? What's the clock on your PC set to? And why aren't you just clicking Continue anyway like everyone else does? :-). Hi Peter, I checked the chain - goes directly from http://online.ccsf.edu's certificate to Thwate. All of Thwate's on my list expire 12/31/2020 15:59:59 PM except for the primary root CA which is 7/16/2036 16:59:59 PM, and the Thwate Extended Validation SSL CA which is 11/16/2016 15:59:59 PM. As to my system clock, I was asked off list about this and here is what I said: (I) Connect to time.nist.gov or one of a long list every 24 hours. My clock says 3:00 PDT August 18th and I just double checked by re-syncing: SYNC-ATTEMPTHost: mizbeaver.udel.eduAug-18-2008 15:00:22 SUCCESS39678.916909722239678.9169243634 1.46411985042505E-5! 39678.9169243634 39678.9169097222 - 0.146412 (rounded) is I think quite good enough. :) As to just clicking through, either stupid for not trusting that everything is okay, cautious, or just plain curious why. Take your pick. ;- Allen - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Kiwi expert cracks chip passport
Peter, Which card reader(s) did you use? Adam and I used the Omnikey Cardman 5321 Did the Golden Reader Tool (GRT) recognize the Cardman reader w/o any modifications? The most current version I have (GRT v2.9) says in the ePassport Reader List: - Integrated Engineering Smart-ID - NMDA Tx-PR-400 - Philips Pegoda Cheers, Stefan. Symposium Wirtschaftsspionage 03.09.2008 KA/Ettlingen http://www.symposium-wirtschaftsspionage.de/ - Stefan Kelm Security Consulting Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Voting machine security
On Mon, Aug 18, 2008 at 10:16:02AM -0700, Paul Hoffman wrote: [...] Essentially no one would argue that is is quite expensive. I suspect that nearly everyone in the country would be happy to pay an additional $1/election for more reliable results. Without seeing all of the expense (and likely inability) of securing and ensuring the proper count from the machine, people look at the problem and go computers are good at counting things fast and people aren't, so it must therefore be massively cheaper to have a computer do the count. If you're just talking about summing a few lists, that's true. But of course, no one who doesn't work for a voting machine company is just talking about summing a few lists. The idea that after you factor in everything, it might actually be cheaper to have people do it after all, is a very difficult one for many people to even conceptualize. Progress demands that computers do all menial tasks. -- - Adam ** Expert Technical Project and Business Management System Performance Analysis and Architecture ** [ http://www.adamfields.com ] [ http://www.morningside-analytics.com ] .. Latest Venture [ http://www.confabb.com ] Founder [ http://www.aquick.org/blog ] Blog [ http://www.adamfields.com/resume.html ].. Experience [ http://www.flickr.com/photos/fields ] ... Photos [ http://www.aquicki.com/wiki ].Wiki - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Boston subway restraining order quashed.
http://blog.wired.com/27bstroke6/2008/08/federal-judge-t.html -- Perry E. Metzger[EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Boston subway restraining order quashed.
At 03:33 PM 8/19/2008 -0400, Perry E. Metzger wrote: http://blog.wired.com/27bstroke6/2008/08/federal-judge-t.html MBTA's claim was based on CFAA, the Computer Fraud and Abuse Act. Properly, the judge decided (in effect) that CFAA only applies to messing with computers (a legal term of fanciful art), not to speaking about software that might mess with computers. The more interesting question, which has not been addressed, is whether the CFAA definition of computer is so broad that it would include the CharlieCard and/or CharlieTicket. The Complaint alleges specifically that both are computers. James S. Tyre [EMAIL PROTECTED] Law Offices of James S. Tyre 310-839-4114/310-839-4602(fax) 10736 Jefferson Blvd., #512 Culver City, CA 90230-4969 Co-founder, The Censorware Project http://censorware.net Policy Fellow, Electronic Frontier Foundation http://www.eff.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: EFF press release on the gag order being lifted.
Perry E. Metzger wrote: http://www.eff.org/press/archives/2008/08/19 You wonder if it was MTBA exhibit 4 that tipped their case against the MTBA's injunction, using Roblimo's article on Sklyarov, quoting reactions to Dmitry Sklyarov's arrest for a DMCA violation on July 16, 2001, wherein: Jennifer Granick, the clinical director of Stanford University's Center for Internet and Society, has also criticized the move by the software industry and the FBI. American corporations have never been shy about using taxpayer money to enforce their rights, she said. Using a news article containing a quote from the defense's representation counter to your position doesn't sound like a winning strategy. Ms. Granick is the Civil Liberties Director with the EFF and has filed a declaration in the case. The Wikipedia article http://en.wikipedia.org/wiki/Dmitry_Sklyarov has a succinct summary of the Sklyarov case, where charges against him were dropped in exchange for testimony (against his employer). In December 2002, Elcomsoft (the employer) was found not guilty of violating the DMCA in a jury trial. Most notably: On July 19, 2001, the Association of American Publishers issued a press release announcing their support of his arrest. Adobe initially supported the arrest, but after a meeting with the Electronic Frontier Foundation, they issued a joint press release on July 23, 2001, recommending his release. However, Adobe still supports the case against ElcomSoft. The MTBA had no organization or employer to fall back on in prosecution, and are still alleging CFAA violations against the defendants, undoubtedly stemming from the initial conference description of their presentation, mentioning free fares, and the slide presentation showing MTBA operations centers, possibly counterfeit transit authority identification, and surreptitious access to computing facilities. The problem being either one of a bit too much security theater on the part of the defendants, or possible violations of the CFAA. It is notable that there is no criminal case to date. One could also wonder if the MTBA is taking corrective actions to protect their system both through physical plant security and proper inclusion of cryptographic protection of their ticketing system, as well. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Cube cryptanalysis?
According to Bruce Schneier... http://www.schneier.com/blog/archives/2008/08/adi_shamirs_cub.html ...Adi Shamir described a new generalized cryptanalytic attack at Crypto today. Anyone have details to share? Perry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cube cryptanalysis?
Perry E. Metzger wrote: According to Bruce Schneier... http://www.schneier.com/blog/archives/2008/08/adi_shamirs_cub.html ...Adi Shamir described a new generalized cryptanalytic attack at Crypto today. Anyone have details to share? Stunningly smart, and an excellent and understandable presentation. Basically, any calculation with inputs and outputs can be represented as an (insanely complicated and probably intractable) set of binary multivariate polynomials. So long as the degree of the polynomials is not too large, the method allows most of the nonlinear terms to be cancelled out, even though the attacker can't possibly handle them. Then you solve a tractable system of linear equations to recover key (or state) bits. His example was an insanely complicated theoretical LFSR-based stream cipher; recovers keys with 2^28 (from memory, I might be a little out), with 2^40 precomputation, from only about a million output bits. They are working on applying the technique to real ciphers... Trivium, which is a well-respected E*Stream cipher, is in their sights. My team's last LFSR-based cipher, SOBER-128, is I think well respected and fairly conservative. I can say that we are extremely lucky in the way we load the key and IV, that the degree of the polynomials piles up and is quite high; once the cipher is actually running, there are output bits which would have been attackable (degree 16 is certainly tractable), except for lucky use of addition as well as s-boxes... the addition carries represent high degree terms. Greg. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cube cryptanalysis?
Greg Rose [EMAIL PROTECTED] writes: His example was an insanely complicated theoretical LFSR-based stream cipher; recovers keys with 2^28 (from memory, I might be a little out), with 2^40 precomputation, from only about a million output bits. They are working on applying the technique to real ciphers... Trivium, which is a well-respected E*Stream cipher, is in their sights. My team's last LFSR-based cipher, SOBER-128, is I think well respected and fairly conservative. I can say that we are extremely lucky in the way we load the key and IV, that the degree of the polynomials piles up and is quite high; once the cipher is actually running, there are output bits which would have been attackable (degree 16 is certainly tractable), except for lucky use of addition as well as s-boxes... the addition carries represent high degree terms. There are a bunch of deployed mobile phone ciphers that are in the stream cipher class -- any thoughts on whether any of them look vulnerable? Perry -- Perry E. Metzger[EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cube cryptanalysis?
Perry E. Metzger wrote: Greg Rose [EMAIL PROTECTED] writes: His example was an insanely complicated theoretical LFSR-based stream cipher; recovers keys with 2^28 (from memory, I might be a little out), with 2^40 precomputation, from only about a million output bits. They are working on applying the technique to real ciphers... Trivium, which is a well-respected E*Stream cipher, is in their sights. My team's last LFSR-based cipher, SOBER-128, is I think well respected and fairly conservative. I can say that we are extremely lucky in the way we load the key and IV, that the degree of the polynomials piles up and is quite high; once the cipher is actually running, there are output bits which would have been attackable (degree 16 is certainly tractable), except for lucky use of addition as well as s-boxes... the addition carries represent high degree terms. There are a bunch of deployed mobile phone ciphers that are in the stream cipher class -- any thoughts on whether any of them look vulnerable? With the disclaimer that I think I understand the attack but might nevertheless have misunderstood something: A5/1 is difficult for this attack to apply to because of the clock-controlled shift registers (Adi said this). A5/3 and the current WCDMA f8/f9 is based on Kasumi, and I'd be surprised if the attack applys. Ditto for the AES based CDMA security. The soon-to-be-adopted spare WCDMA algorithm, SNOW-3G, may be vulnerable if used in other ways, but appears to me to be secure in the way it is used in 3G phones. Again, somewhat lucky though, the attack comes very close to working. I believe the appropriate standards committee is going to go off and check this very closely (I spoke to one of the members). Greg. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cube cryptanalysis?
Greg, assorted folks noted, way back when, that Skipjack looked a lot like a stream cipher. Might it be vulnerable? --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]