Re: [Cryptography] Petnames Zooko's triangle -- theory v. practice (was Email and IM are...)
On Wed, Aug 28, 2013 at 5:33 AM, ianG i...@iang.org wrote: Yes. I was never scared of the NSA. But the NSA and the FBI and the DEA and every local police force ... that's terrifying. That's a purer essence of terror, far worse than terrorism. We need a new word. It's a boot stamping on a human face, forever. ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Today's XKCD is on password strength.
On Wed, Aug 10, 2011 at 10:12 AM, Perry E. Metzger pe...@piermont.com wrote: Today's XKCD is on password strength. The advice it gives is pretty good in principle... http://xkcd.com/936/ For a single password on a system with flexible rules, it's good advice. Real world, with a dozen non-reused passwords needed on systems with limited password lengths, not so much. correct stable horse battery? -- Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: Anyone make any sense out of this skype hack announcement?
I don't know if the new crack reveals anything new. We have a writeup about the Skype protection techniques in Surreptitious Software, our book on security-through-obscurity. (Sorry for the blatant self-promotion). I appreciate the self-promotion. My only request is that you include ISBN, link to your home page, and so on. Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection Christian Collberg, Jasvir Nagra Paperback, 792 pages Addison-Wesley Professional; August 3, 2009 ISBN-10: 0321549252 ISBN-13: 978-0321549259 -- Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: From Ivory Tower to Iron Bars: Scientists Risk Jail Time for Violating Export Laws
On Fri, Sep 18, 2009 at 4:32 AM, Alec Muffett alec.muff...@gmail.com wrote: Perry: plasma physics is wildly OT but I believe the relevance will be obvious to those who remember the crypto wars, especially when they hit the fifth paragraph: It’s a difficult subject: many people I interviewed felt Roth showed blatant disregard for the law — he was warned his work fell under the State Department’s munitions list — but they expressed deep frustration with the ambiguity of the laws. Hypothetically, if I were to write an open source library or application involving crypto, I'd send the source and docn through an anonymizing remailer to someone overseas who could then put it on appropriate websites. Or I'd go through a web anonymizer and post on appropriate sites myself. Time was, hypothetically, that I'd anonymously put source on alt.* Usenet groups, but they're dead in the US. Even with relaxed interpretation of the crypto export laws, anyone in the US would be a fool to rely on that interpretation. Never never never put your name on publicly available crypto unless you've jumped through all the hoops written into the law. (And I wouldn't do so even then.) Regards, SRF -- Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: SHA-3 Round 1: Buffer Overflows
This just emphasizes what we already knew about C, even the most careful, security conscious developer messes up memory management. However I think it is not really efficient at this stage to insist on secure programming for submission implementations. For the simple reason that there are 42 submissions, and 41 of those will be thrown away, more or less. There isn't much point in making the 41 secure; better off to save the energy until the one is found. Then concentrate the energy, no? Or stop using languages which encourage little oopsies like that. At the least, make it a standard practice to mock those who use C but don't use memory-safe libraries and diagnostic tools. Regards, SRF -- Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: crypto for the average programmer
My question is, what is the layperson supposed to do, if they must use crypto and can't use an off-the-shelf product? When would that be the case? The only defensible situations I can think of in which a non-crypto-specialist programmer would need to write crypto routines would be an uncommon OS or hardware, or a new or rare programming language which doesn't have libraries available from SourceForge etc. Or maybe implementing an algorithm that's new enough it doesn't have a decent free implementation, but I'm not sure such an algorithm should be used in production code. Indefensible situations include the programmer wanting to write his own crypto because it's cool or because he just knows he can do better than all the specialists (in which case he's too arrogant or ignorant to benefit from a common gotchas list) or the manager telling the programmer to implement it himself for some bad reason (in which case the programmer should explain why that's a bad idea). -- Oooh, so Mother Nature needs a favor?! Well maybe she should have thought of that when she was besetting us with droughts and floods and poison monkeys! Nature started the fight for survival, and now she wants to quit because she's losing. Well I say, hard cheese. -- Montgomery Burns - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [Clips] Can writing software be a crime?
On 10/5/05, R.A. Hettinga [EMAIL PROTECTED] wrote: Can writing software be a crime? ... The Perez-Melara case, in comparison, represents the first time the government has attempted to prosecute the developer of a software that can be used for both lawful purposes (surreptitiously monitoring conversations with the consent of one party, or with the implied consent of an employee or a minor) or for unlawful purposes (eavesdropping without the consent of either party). ... What exactly did Perez-Melara do that was illegal? Was it writing the software? Selling it? Advertising it? Some years ago, when Clinton was still Prez, I skirted the US's crypto (munitions) export rules by writing crypto code as a literate program (http://www-cs-faculty.stanford.edu/~knuth/lp.html). Because the digital file was a document rather than source code, it skirted the then laws concerning export. That's wouldn't help here. Nowadays any source code I write which might meet with official disapproval resides encrypted on my hard drive. I distribute it pseudonymously. (crypto sign the tgz and the email cover letter, then email it through an anonymizer.) It won't do me much good for job hunting or other reputation-based benefits, but it should keep me out of legal trouble. For now. But, as has been asked before by people I used to consider paranoid, how long before the US government considers a PGP keyring or an encrypted partition to be prima facie evidence of criminalty? (YMMV for non-US residents.) -- There are no bad teachers, only defective children. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Java: Helping the world build bigger idiots
On 9/20/05, Rich Salz [EMAIL PROTECTED] wrote: This is wandering way far afield of the list charter. In an effort to maintain some relevance, I'll point out that code reviews, and crypto programming, are rarely done, and arguably shouldn't, by programming wizards. If by that you mean, Program dumb: avoid tricky code, avoid odd usage, stick to the basics, I agree. Save your clever tricks for hobby code and the snippets you use to score hot chicks. Critical code, potentially dangerous code, and professional code should be written simply and with the idioms standard to the language. On a related note, I've worked a bit with avionics and embedded medical software. The certification requirements for those bits of critical code might be helpful for crypto programming. -- There are no bad teachers, only defective children. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Clearing sensitive in-memory data in perl
On 9/11/05, Jason Holt [EMAIL PROTECTED] wrote: Securely deleting secrets is hard enough in C, much less high level languages. But, but..Java is the be-all end-all! Three years ago I advised a business/tech guy to avoid Java for crypto and related purposes. I'll revise that somewhat in light of greater experience and developments: Java is ok if you control the platform it's running on and if the programmers were very careful. In practice, that means I'd be willing to do the server-side programming in Java if I (or my employer or client) controlled the server. I'm not happy about doing client-side programming in Java for arbitrary users, but users in a controlled business environment is ok. From a user's perspective, I'd be _really_ cautious about using a crypto app written in Java. FWIW, lately I've been earning my daily bread with Java server-side programming. Fortunately for me, it's been mostly crap work, where it doesn't really matter if data leaks or someone cracks in. Considering that I don't control any of the J2EE or database servers and for the most part they're administered by poorly-trained monkeys, I'd have a really tough ethical call if my clients wanted me to do some work where security really mattered. -- There are no bad teachers, only defective children. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Clearing sensitive in-memory data in perl
On 9/13/05, Steven M. Bellovin [EMAIL PROTECTED] wrote: There's an interesting tradeoff here: which is a bigger threat, crypto secrets lying around memory or buffer overflows? What's your threat model? For the average server, I suspect you're better off with Java, especially if you use some of its client-side security mechanisms to lock down the server. Under some circumstances, you could do a call-out to a C module just for the crypto, but it's by no means obvious that that's a major improvement. Again -- what is your threat model? Other important questions for programmers are, how good are you? How good does the process allow you to be? My answers are, I'm quite a good programmer. (Pardon the ego.) I'm careful and methodical and very seldom have buffer overruns or unfreed memory even in my first drafts. For me, my expected code quality in C and C++ is balanced against the black box behaviour of Java's runtime engine. (To be clear: I don't suspect Sun of putting back doors in their engine.) And I'm experienced enough and old enough that I can hold my own in pissing contests with project managers who want to cut corners in order to ship a day earlier. Implementation quality could be considered in the threat model. I've generally taken the programmers into account when designing a system, but I hadn't explicitly thought of well-meaning-but-incompetent programmers as part of the threat. Guess I should. -- There are no bad teachers, only defective children. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Another entry in the internet security hall of shame....
On 8/25/05, Trei, Peter [EMAIL PROTECTED] wrote: Self-signed certs are only useful for showing that a given set of messages are from the same source - they don't provide any trustworthy information as to the binding of that source to anything. Which is just fine. Pseudonymity is good. If, hypothetically, I were interested in writing and distributing cypto source code which skated right at the edge of current US export regs, I might want to let users verify that the updates came from the same source as the original, without giving them or any gov't busybodies the ability to trace the code back to me. -- There are no bad teachers, only defective children. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: online MD5 crack database
On 8/22/05, Steven M. Bellovin [EMAIL PROTECTED] wrote: In message [EMAIL PROTECTED], [EMAIL PROTECTED] writes : ...the folks at Fort Meade had every possible BSD password indexed by its /etc/passwd representation. I'm sorry, I flat-out don't believe that. snip calculations Probably some details were left out in the telling. Such as all possible alphanumeric passwords of length 1-16 characters. -- There are no bad teachers, only defective children. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cross logins
On 8/3/05, James A. Donald [EMAIL PROTECTED] wrote: -- Is it possible for two web sites to arrange for cross logins? snippety-do-dah Does this question have a practical end in mind? If so, can you simplify matters by running both web sites on the same host? (cc-ing JAD because I never see any responses to messages sent from my GMail acct. I don't know if the GMail traffic is making it to the list.) -- There are no bad teachers, only defective children. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: draft paper: Deploying a New Hash Algorithm
[Moderator's note: ... attackers are often cleverer than protocol designers. ... Is that true? Or is it a combination of (a) a hundred attackers for every designer, and (b) vastly disparate rewards: continued employment and maybe some kudos for a designer or implementer, access to $1,000,000,000 of bank accounts for an attacker SRF -- There are no bad teachers, only defective children. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Some companies are just asking for it.
On 6/24/05, Perry E. Metzger [EMAIL PROTECTED] wrote: For the record, the guys at Fidelity Investments have always seemed to me to have their act together on security, unlike lots of other A few years ago I did some consulting at Fidelity Investments, writing code to spider their own websites for, among other things, security. The fact that they were willing to pay for a few months of my time, plus the obscene markup for the company I billed through and putting me up in Boston, suggests they were serious about it. -- There are no bad teachers, only defective children - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Papers about Algorithm hiding ?
On 6/3/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Another alternative is the cyphersaber type of thing, where you could just implement your crypto-code on the fly, as needed. Yes, I could, and have. Presumably you could. Ben Laurie probably could blindfolded with both hands tied behind his back. But Alice Philanderer, Bob Pedophile, Charlie Terrorist, and Generic Joe User can't. Your alternative is more practical than if everybody would xxx (sorry, Ian) but still not good enough. If only techies are able to protect themselves from the JBTs, then merely being a techie will be grounds for suspicion. (As well as throwing our non-programming brethren to the wolves.) The only realistic solutions are those which allow the concerned but non-technical user to take measures to protect himself against the perceived threat, without requiring major changes to human nature or to society. As it happens, I have really good test cases to refine my solutions: my extended family is a bunch of mountain hicks with internet access. They're not especially educated and certainly not technically adept, and are concerned about the gummint grabbing their computers or snooping their traffic. Once I've got an acceptable suite of tools and a training package put together, I'll post it somewhere. (Don't hold your collective breath; making a living takes most of my time.) Regards, SRF -- There are no bad teachers, only defective children. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Papers about Algorithm hiding ?
On 5/31/05, Ian G [EMAIL PROTECTED] wrote: I don't agree with your conclusion that hiding algorithms is a requirement. I think there is a much better direction: spread more algorithms. If everyone is using crypto then how can that be relevant to the case? This is so, in the ideal. But if everyone would only... never seems to work out in practice. Better to rely on what you can on your own or with a small group. In response to Hadmut's question, for instance, I'd hide the crypto app by renaming the executable. This wouldn't work for a complex app like PGP Suite but would suffice for a simple app. Rename the encrypted files as well and you're fairly safe. (I've consulted with firms that do disk drive analysis. From what I've seen, unless the application name or the data file extensions are in a known list, they won't be seen. But my work has been in the realm of civil suits, contract disputes, SEC claims, and the like; the investigators might be more thorough when trying to nail someone for kiddie porn.) Or use another app which by the way has crypto. Winzip apparently has some implementation flaws (http://www.cse.ucsd.edu/users/tkohno/papers/WinZip/ ) but a quick google doesn't show anything but brute force and dictionary attacks against WinRar. -- There are no bad teachers, only defective children. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Quantum cryptography gets practical
On Wed, 2004-10-06 at 06:27, Dave Howe wrote: I have yet to see an advantage to QKE that even mildly justifies the limitations and cost over anything more than a trivial link (two buildings within easy walking distance, sending high volumes of extremely sensitive material between them) But it's cool! More seriously, it has no advantage now, but maybe something will come up. The early telephones were about useless, too, remember. In the mean time, the coolness factor will keep people playing with it and researching it. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Al Qaeda crypto reportedly fails the test
On Mon, 2004-08-02 at 15:03, John Denker wrote: News article http://news.bbc.co.uk/2/hi/americas/3528502.stm says in part: The BBC's Zaffar Abbas, in Islamabad, says it appears that US investigators were able to unscramble information on the computers after Pakistan passed on suspicious encrypted documents. Bah. They were probably Word documents with the password required option turned on. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Question on the state of the security industry
On Wed, 2004-06-30 at 06:49, Ian Grigg wrote: Here's my question - is anyone in the security field of any sort of repute being asked about phishing, consulted about solutions, contracted to build? Anything? Nothing here. Spam is the main concern on people's minds, so far as I can tell. Please note, though, that I'm not specifically a computer security consultant but rather a broad-spectrum computer consultant who does some security work and a private security guy who does some computer work. Topical anecdote: my last full-time but short-term consulting* gig was at a bank. You know, money and stuff. Computer security in the development shop consisted of telling the programmers to run NAV daily. They used Outlook for email, with no filters on incoming mail that I could track down. I did some minor testing from my home system. Didn't send myself any viruses, but I did send a few executable attachments. They all made it through. * Not really consulting. They wanted a warm-body programmer, and not only ignored the process improvement suggestions I was putatively hired to provide, but seemed offended that I had suggestions to make at all. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]