At 2:15 PM -0500 4/1/03, Ian Grigg wrote:
Some comments from about a decade ago.
The way it used to work in the Army (that I
was in) within a battalion, is that there was
a little code book, with a sheet for a 6 hour
stretch. Each sheet has a simple matrix for
encoding letters, etc. Everyone had
At 2:10 PM -0500 3/31/03, reusch wrote:
...
Nosing around on the same site, one finds
How military radio communications are intercepted
http://www.aeronautics.ru/news/news002/news071.htm
Searching for SINCGARS indicates that all US military radios have
encryption capabilities, which can be turned
While Googling for material on SINCGARS, I found an article about
crypto in the India/Pakistan conflict. Old style cryptanalysis isn't
dead yet:
http://www.tactical-link.com/india_pakistan.htm
Arnold Reinhold
-
The
At 11:43 PM -0800 3/10/03, Bill Stewart wrote:
At 09:14 AM 03/10/2003 -0500, Arnold G. Reinhold wrote:
On the other hand, remember that the earliest Tempest systems
were built using vacuum tubes. An attacker today can carry vast amounts
of signal processing power in a briefcase.
And while some
At 9:35 PM -0500 3/8/03, Dave Emery wrote:
On Fri, Mar 07, 2003 at 10:46:06PM -0800, Bill Frantz wrote:
The next more complex version sends the same random screen over and over in
sync with the monitor. Even more complex versions change the random screen
every-so-often to try to frustrate
At 10:46 PM -0800 3/7/03, Bill Frantz wrote:
It has occurred to me that the cheapest form of protection from tempest
attacks might be an active transmitter that swamps the signal from the
computer. Such a transmitter would still be legal if its power output is
kept within the FCC part 15 rules.
At 4:57 PM -0500 3/5/03, John S. Denker wrote:
Tim Dierks wrote:
In order to avoid overreaction to a nth-hand story, I've attempted to
locate some primary sources.
Konop v. Hawaiian Airlines:
http://laws.lp.findlaw.com/getcase/9th/case/9955106pexact=1
[US v Councilman:]
At 2:18 PM -0800 2/19/03, Ed Gerck wrote:
Anton Stiglic wrote:
The statement was for a plaintext/ciphertext pair, not for a random-bit/
random-bit pair. Thus, if we model it terms of a bijection on random-bit
pairs, we confuse the different statistics for plaintext, ciphertext, keys
and
At 1:09 PM +1100 2/18/03, Greg Rose wrote:
At 02:06 PM 2/17/2003 +0100, Ralf-Philipp Weinmann wrote:
For each AES-128 plaintext/ciphertext (c,p) pair there
exists exactly one key k such that c=AES-128-Encrypt(p, k).
I'd be very surprised if this were true, and if it was, it might
have bad
At 5:45 PM -0600 2/18/03, Matt Crawford wrote:
... We can ask what is the
probability of a collision between f and g, i.e. that there exists
some value, x, in S such that f(x) = g(x)?
But then you didn't answer your own question. You gave the expected
number of collisions, but not the
I took a look at the MIT Guide to Lock Picking August 1991 revision at
http://www.lysator.liu.se/mit-guide/mit-guide.html
It says:
9.10 Master Keys
Many applications require keys that open only a single lock and keys
that open a group of locks. The keys that open a single lock are
called
At 10:48 PM -0500 11/29/02, Donald Eastlake 3rd wrote:
Arnold,
If you want to play with this as in intellectual exercise, be my guest.
But the probability of changing the underlying IEEE 802.11i draft
standard, which would take a 3/4 majority of the voting members of IEEE
802.11, or of making
At 4:57 AM +0100 11/19/02, Niels Ferguson wrote:
At 21:58 18/11/02 -0500, Arnold G Reinhold wrote:
...
Third, a stronger variant of WPA designed for 11a could also run on
11b hardware if there is enough processing power, so modularization is
not broken.
But there _isn't_ enough processing
[please ignore previous mesage, sent by mistake -- agr]
On Sat, 16 Nov 2002, Niels Ferguson wrote:
At 18:15 15/11/02 -0500, Arnold G Reinhold wrote:
I agree that we have covered most of the issues. One area whre you have
not responded is the use of WPa in 802.11a. I see no justification
At 11:40 PM +0100 11/11/02, Niels Ferguson wrote:
At 12:03 11/11/02 -0500, Arnold G. Reinhold wrote:
[...]
One of the tenets
of cryptography is that new security systems deserve to be beaten on
mercilessly without deference to their creator.
I quite agree.
I hope you won't mind another round
Here are some thoughts that occur to me for improving the security of
802.11 WPA message authentication (MIC), based on what I read in
Jesse Walker's paper
http://cedar.intel.com/media/pdf/security/80211_part2.pdf.
One approach is to second guess Niels Ferguson and try to find a
different
The new Wi-Fi Protected Access scheme (WPA), designed to replace the
discredited WEP encryption for 802.11b wireless networks, is a major
and welcome improvement. However it seems to have a significant
vulnerability to denial of service attacks. This vulnerability
results from the proposed
like the fire
protection regulations that every architect has to either follow or
request a waver.
Arnold Reinhold
At 6:38 AM -0500 11/4/02, Jonathan S. Shapiro wrote:
I'm answering this publicly, because there is a surprise in the answer.
On Sun, 2002-11-03 at 13:12, Arnold G. Reinhold
See the following two Intel links with detailed discussions of TKIP
and Michael which i found via Google:
Increasing Wireless Security with TKIP
Forwarded from: eric wolbrom, CISSP, sa ISN-a...
http://www.secadministrator.com/Articles/Index.cfm?ArticleID=27064
Mark Joseph Edwards
October 23,
At 4:52 PM +0100 10/22/02, Adam Back wrote:
Remote attestation does indeed require Palladium to be secure against
the local user.
However my point is while they seem to have done a good job of
providing software security for the remote attestation function, it
seems at this point that hardware
At 10:52 PM +0100 10/21/02, Adam Back wrote:
On Sun, Oct 20, 2002 at 10:38:35PM -0400, Arnold G. Reinhold wrote:
There may be a hole somewhere, but Microsoft is trying hard to get
it right and Brian seemed quite competent.
It doesn't sound breakable in pure software for the user, so
At 7:15 PM +0100 10/17/02, Adam Back wrote:
Would someone at MIT / in Boston area like to go to this [see end] and send a
report to the list?
I went. It was a good talk. The room was jam packed. Brian is very
forthright and sincere. After he finished speaking, Richard Stallman
gave an
I can see a number of problems with using mobile phones as a second
channel for authentication:
1. It begs the question of tamper resistant hardware. Unless the
phone contains a tamper resistant serial number or key, it is
relatively easy to clone. And cell phones are merging with PDAs. If
At 8:40 AM -0700 10/11/02, Ed Gerck wrote:
Arnold G. Reinhold wrote:
I can see a number of problems with using mobile phones as a second
channel for authentication:
Great questions. Without aspiring to exhaust the answers, let me comment.
1. It begs the question of tamper resistant hardware
It might be possible to get the same effect using a conventional
silicon chip. I have in mind a large analog circuit, something like a
multi-stage neural network. Random defects would be induced, either
in the crystal growing process or by exposing the wafer at one or
more stages with a spray
At 12:20 PM -0700 7/29/02, David Honig wrote:
Whether there is a need for very high bandwidth RNGs was discussed
on cypherpunks a few months ago, and no examples were found.
(Unless you're using something like a one-time pad where you need
a random bit for every cargo bit.) Keeping in mind that
Language wars have been with us since the earliest days of computing
and we are obviously not going to resolve them here. It seems to me
though, that cryptographic tools could be use to make to improve the
reliability and security of C++ by providing ways to manage risky
usages.
I have in
At 12:23 PM -0700 3/24/02, [EMAIL PROTECTED] wrote:
or just security proportional to risk ...
While a valid engineering truism, I have a number of issues with that dictum:
1. It is too often used as an excuse for inaction by people who are
poorly equipped to judge either risk or cost. We've
say that ALL physical systems can be broken. No
exception. The three laws of thermodynamics apply to security systems as
well.
There is ALWAYS a hole.
On Thu, 21 Mar 2002, Arnold G. Reinhold wrote:
It's not clear to me what having the human present accomplishes.
While the power was out, the node
At 8:52 PM -0800 3/20/02, Mike Brodhead wrote:
The usual good solution is to make a human type in a secret.
Of course, the downside is that the appropriate human must be present
for the system to come up properly.
It's not clear to me what having the human present accomplishes.
While the
At 11:49 AM -0800 2/25/02, bear wrote:
...
The secure forever level of difficulty that we used to believe
we got from 2kbit keys in RSA is apparently a property of 6kbit
keys and higher, barring further highly-unexpected discoveries.
Highly-unexpected? All of public key cryptography is build
At 4:42 PM -0500 2/17/02, R. A. Hettinga wrote:
http://www.lewrockwell.com/orig2/bamfordreport.html
Report on a
James Bamford Talk at Berkeley
James Bamford is the author of The Puzzle Palace and Body of Secrets, books
about the National Security Agency. He is visiting Berkeley in the School
At 5:12 PM +0100 2/8/02, Jaap-Henk Hoepman wrote:
I think there _are_ good business reasons for them not wanting the users to
generate the keys all by themselves. Weak keys, and subsequent
compromises, may
give the CA really bad press and resulting loss of reputation (and this
business is built
At 6:18 PM -0500 2/5/02, Ryan McBride wrote:
On Tue, Feb 05, 2002 at 11:16:40AM -0800, Bill Frantz wrote:
I expect you could initialize the random data in that memory during
manufacture with little loss of real security. (If you are concerned about
the card's manufacturer, then you have
I'd argue that the RSA and DSA situations can be made equivalent if
the card has some persistent memory. Some high quality randomness is
needed at RSA key generation. For the DSA case, use 256 bits of
randomness at initialization to seed a PRNG using AES, say. Output
from the PRNG could be
At 7:38 AM -0800 1/29/02, Eric Rescorla wrote:
Ben Laurie [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
BTW, I don't see why using a passphrase to a key makes you vulnerable to
a dictionary attack (like, you really are going to have a dictionary of
all possible 1024 bit keys crossed with
There is some interesting information at http://www.finger-scan.com/
They make the point that finger scanning differs from finger printing
in that what is stored is a set of recognition parameters much
smaller than a complete fingerprint image. So there is no need for a
lengthily process to
At 5:16 PM -0500 1/21/02, Will Rodger wrote:
Arnold says:
You can presumably write your own programs to decrypt your own
files. But if you provide that service to someone else you could
run afoul of the law as I read it. The DMCA prohibits trafficking
in technology that can be used to
At 4:12 PM -0500 1/18/02, Will Rodger wrote:
This law has LOTS of unintended consequences. That is why many
people find it so disturbing. For example, as I read it, and I am
*not* a lawyer, someone who offered file decryption services for
hire to people who have a right to the data, e.g. the
At 7:38 PM -0500 1/19/02, Steven M. Bellovin wrote:
In message
[EMAIL PROTECTED], Sampo
Syreeni writes:
On Thu, 17 Jan 2002, Steven M. Bellovin wrote:
For one thing, in Hebrew (and, I think, Arabic) vowels are not normally
written.
If something, this would lead me to believe there is less
At 9:41 AM -0500 1/18/02, Will Rodger wrote:
Arnhold writes:
Another interesting question is whether the reporters and the Wall
Street Journal have violated the DCMA's criminal provisions. The al
Qaeda data was copyrighted (assuming Afghanistan signed one of the
copyright conventions--they
At 9:15 AM -0500 1/16/02, Steve Bellovin wrote:
A couple of months ago, a Wall Street Journal reporter bought two
abandoned al Qaeda computers from a looter in Kabul. Some of the
files on those machines were encrypted. But they're dealing with
that problem:
The unsigned report,
This result would seem to raise questions about SHA1 and MD5 as much
as about the quality of /dev/random and /dev/urandom. Naively, it
should be difficult to create input to these hash functions that
cause their output to fail any statistical test.
Arnold Reinhold
At 3:23 PM -0500 1/15/02,
The PAIIN model (privacy, authentication, identification, integrity,
non-repudiation) is inadequate to represent the uses of cryptography.
Besides the distinction between privacy and confidentiality, I'd like
to point out some additional uses of cryptography which either don't
fit at all or
At 2:59 PM -0800 12/30/01, John Gilmore wrote:
Along these lines I can't help but recommend reading one of the best
crypto books of the last few years:
Between Silk and Cyanide
Leo Marks, 1999
This wonderful, funny, serious, and readable book was written by the
chief
At 4:33 AM -0500 12/28/01, Niels Provos wrote:
In message v04210101b84eca7963ad@[192.168.0.3], Arnold G. Reinhold writes:
I don't think you can conclude much from the failure of your
dictionary attack to decrypt any messages.
We are offering various explanations. One of them
It seems to me that a very similar argument can be made regarding the
need (or lack there of) for a national identity card. Organizations
that require biometric identity can simply record that information in
their own databases. The business most widely cited as needing
national ID cards,
This is an nice piece of work, but I have a couple of comments:
1. The paper asserts Even if the majority of passwords used to hide
content were strong, there would be a small percentage of weak
passwords ... and we should have been able to find them. That might
be true if there are a large
At 12:18 AM -0600 12/11/01, Jim Choate wrote:
On Mon, 10 Dec 2001, John Gilmore wrote:
NSA's export controls. We overturned them by a pretty thin margin.
The government managed to maneuver such that no binding precedents
were set: if they unilaterally change the regulations tomorrow to
This story smells of revisionism. The events leading up to Pearl
harbor are throughly chronicled in the first chapter of David Kahn's
classic, The Codebreakers. In particular:
o The Tojo government, regarded as militarist, came into power in
October 1941 (Togo was Tojo's foreign minister)
o
Noah Silva recently brought this interesting 1994 article on DMV data
exchange by Simson Garfinkel to the attention of the
[EMAIL PROTECTED] list:
http://www.wired.com/wired/archive/2.02/dmv_pr.html
The article discusses the AAMVAnet system and the extent to which
the threat of revocation
At 12:09 AM + 10/16/2001, David Wagner wrote:
It seems the FBI hopes the law will make a distinction between software
that talks directly to the modem and software that doesn't. They note
that PGP falls into the latter category, and thus -- they argue -- they
should be permitted to snoop on
There is an interesting article in Federal Computer Week
http://www.fcw.com/fcw/articles/2001/0910/news-nsa-09-10-01.asp that
says NSA planning a major effort to modernize the nation's
cryptoystems which are rapidly growing obsolete and vulnerable.
They quote Michael Jacobs, head of NSA's
At 11:10 AM -0800 1/5/2001, [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] said:
I have found significant information about PKI as it exists today,
but am looking for some background information. I'm looking for
information about the history of PKI, how and where it started, how it
developed,
I too am very nervous about the prospect of national ID cards. I
have an idea for a possible compromise, but I have not made up my
mind on it. I'm interested in hearing other people's opinions.
The idea is a federal standard for secure drivers' licenses. These
would be cards containing a
At 10:34 AM -0400 9/20/2001, Perry E. Metzger wrote:
R. A. Hettinga [EMAIL PROTECTED] writes:
[1] New encryption technology closes WLAN security loopholes
Next Comm has launched new wireless LAN security technology called
Key Hopping. The technology aims to close security gaps in Wired
At 9:20 AM +0300 9/13/2001, Amir Herzberg wrote:
...
In fact, if giving up crytpto completely would help substantially to protect
against terror, I'll support it myself. But...
The real argument is simple: there is no evidence or convincing argument why
shutting down crypto will substantially
At 9:25 AM -0400 8/1/2001, Derek Atkins wrote:
There are many alternative conferences than Crypto, and many of them
are already outside the US. Indeed, the IACR already runs EuroCrypt
and AsiaCrypt.
Personally, I think that trying to move Crypto is just an
over-reaction to the current
At 11:20 AM +0200 7/29/2001, Alan Barrett wrote:
The DMCA said:
1201(a)(1)(A):
No person shall circumvent a technological measure that effectively
controls access to a work protected under this title.
What does effectively mean here?
The law attempts to define it:
'1201(a)(3)(B) a
At 1:56 AM -0400 7/27/2001, Declan McCullagh wrote:
On Thu, Jul 26, 2001 at 10:53:02PM -0400, David Jablon wrote:
With these great new laws, there is no longer any risk of being legally
criticised for using even the most glaringly flawed cryptography
-- just use it
for Copy Protection, and
At 11:09 AM -0700 7/12/2001, Jurgen Botz wrote:
...
Set up a PC with CA software and a smart card reader and put
your CA cert/key on a smart card and you have your tamperproof
CA master... the only weak link in the certificate generation
process is the CA's secret key, so that's really the only
At 12:16 PM +0200 6/20/2001, Barry Wels wrote:
Hi,
In James Bamford's new book 'Body of Secrets' he claims the NSA is
working on some FAST computers.
http://www.randomhouse.com/features/bamford/book.html
---
The secret community is also home to the largest collection of
hyper-powerful
At 8:57 AM -0700 6/12/2001, John Young wrote:
The Supreme Court's decision against thermal imaging appears
to be applicable to TEMPEST emissions from electronic devices.
And is it not a first against this most threatening vulnerability
in the digital age? And long overdue.
Remote acquisition of
63 matches
Mail list logo