On Sat, 15 Mar 2003, Bill Stewart wrote:
They're probably not independent, but they'll be influenced by lighting,
precise viewing angles, etc., so they're probably nowhere near 100%
correlated either.
I notice the systems mentioned in the study rely on biometrics extracted
from flat images.
Anne Lynn Wheeler [EMAIL PROTECTED] writes:
There is a description of doing an SSL transaction in single round
trip. The browser contacts the domain name system and gets back in
single transmission the 1) public key, 2) preferred server SSL
parameters, 3) ip-address. The browser selects the
At 08:40 AM 3/16/2003 -0800, Eric Rescorla wrote:
You still need a round trip in order to prevent replay attacks. The
fastest that things can be while still preserving the security
properties of TLS is:
ClientHello -
ClientKeyExchange -
Finished -
- ServerHello
Anne Lynn Wheeler [EMAIL PROTECTED] writes:
At 08:40 AM 3/16/2003 -0800, Eric Rescorla wrote:
Sorry, there were two pieces being discussed.
The part about SSL being a burden/load on servers
and the shorten SSL description taken from another discussion.
This wasn't clear from your
... small side-note part of the x9.59 work for all payments in all
environments was that the transaction system needed to be resilient to
repeats and be done in a single round-trip (as opposed to the transport).
there needed to be transaction resiliency with respect to single round
At 09:30 AM 3/16/2003 -0800, Eric Rescorla wrote:
Correct.
It's considered bad form to design systems which have known replay
attacks when it's just as easy to design systems which don't.
If there were some overriding reason why it was impractical
to mount a defense, then it might be worth
Anne Lynn Wheeler [EMAIL PROTECTED] writes:
The difference is basic two packet exchange (within setup/teardown
packet exchange overhead) plus an additional replay prevention two
packet exchange (if the higher level protocol doesn't have its own
repeat handling protocol). The decision as to
At 12:39 PM 03/16/2003 +0100, Eugen Leitl wrote:
On Sat, 15 Mar 2003, Bill Stewart wrote:
They're probably not independent, but they'll be influenced by lighting,
precise viewing angles, etc., so they're probably nowhere near 100%
correlated either.
I notice the systems mentioned in the study
Bill Stewart writes:
On Thursday, Mar 13, 2003, at 21:45 US/Eastern, Jay Sulzberger wrote:
The Xbox will not boot any free kernel without hardware modification.
The Xbox is an IBM style peecee with some feeble hardware and software
DRM.
But is the Xbox running Nag-Scab or whatever
On Sun, 16 Mar 2003, Bill Stewart wrote:
You're right that airport security gates are probably a pretty good
consistent place to view the crowd, but getting the target images
is a different problem - some of the Usual Suspects may have police mugshots,
but for most of them it's unlikely that
we did something similar for AADS PPP Radius
http://www.garlic.com/~lynn/index.html#aads
AADS radius example
http://www.asuretee.com/
... with FIPS186-2, x9.62, ecdsa digital signature authentication on
sourceforce
http://ecdsainterface.sourceforge.net/
radius digital signature protocol has
Well, I'm attacking a protocol, I know the rules of DH parameters, and the
issue here is I'm trying to solve x, brute forcing that in the 128 bit
range
can be difficult, and x doesn't have to be a prime. (a = g^x mod P). Their
primes are 128 bit primes, as well as their pubkeys, I've done
- Original Message -
From: NOP [EMAIL PROTECTED]
To: Derek Atkins [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, March 14, 2003 9:32 PM
Subject: Re: Diffie-Hellman 128 bit
Well, I'm attacking a protocol, I know the rules of DH parameters, and the
issue here is I'm trying to
Dear colleagues
we would like to inform you about a new attack on SSL/TLS. For further
details see the cryptologic report at http://eprint.iacr.org/2003/052/ or
the press release at ICZ web site at http://www.i.cz/en/onas/tisk7.html.
Best regards
Vlastimil Klima and Tomas Rosa, {vlastimil.klima,
On Sat, 2003-03-15 at 05:12, Eugen Leitl wrote:
On Sat, 15 Mar 2003, Anonymous wrote:
Microsoft's point with regard to DRM has always been that Palladium had
other uses besides that one which everyone was focused on. Obviously
Of course it's useful. Does the usefulness outweigh the
At 13/03/03 23:48, you wrote:
I am looking at attacks on Diffie-Hellman.
The protocol implementation I'm looking at designed their diffie-hellman
using 128 bit primes (generated each time, yet P-1/2 will be a prime, so no
go on pohlig-hellman attack), so what attacks are there that I can look at
The German 'Regulatory Authority for Telecommunications and
Posts' has drafted the translation of a much-discussed document:
Technical Directive setting forth Requirements relating to
the implementation of Legal Measures for the Interception of
Telecommunications (TR TKÜ)
It is available at
Who's afraid of Mallory Wolf?
By common wisdom, SSL is designed to defeat
the so-called Man in the Middle attack, or
MITM for short.
Also known as Mallory, in crypto circles.
The question arises, why? For what reason is
the MITM a core part of the SSL threat model?
And, why do all the
Bill Stewart [EMAIL PROTECTED] writes:
Schmoo Group response on cryptonomicon.net
http://www.cryptonomicon.net/modules.php?name=Newsfile=articlesid=263mode=order=0thold=0
Apparently OpenSSL has code to prevent the timing attack,
but it's often not compiled in (I'm not sure how much that's for
Some clarification by Peter Gutmann [EMAIL PROTECTED] on why
cryptlib doesn't do timing attack resistance default:
Peter Gutmann [EMAIL PROTECTED]:
cryptlib was never intended to be a high-performance SSL server (the docs are
fairly clear on this), and I don't think anyone is using it to
GPG/PGP Keysigning @ Computers, Freedom and Privacy 2003
April 2nd, 9:45pm (First BoF Session)
I will be organizing a keysigning session for CFP2003. Please submit
your keys to
At 09:51 AM 03/22/2003 +0100, Eugen Leitl wrote:
Some clarification by Peter Gutmann [EMAIL PROTECTED] on why
cryptlib doesn't do timing attack resistance default:
Peter Gutmann [EMAIL PROTECTED]:
cryptlib was never intended to be a high-performance SSL server (the docs are
fairly clear on this),
On Saturday 22 March 2003 17:12, Douglas F. Calvert wrote:
I will be organizing a keysigning session for CFP2003. Please submit
your keys to [EMAIL PROTECTED] and I will print out
The list of all FIPS 140-1 and 140-2 validated modules can be
found here
http://csrc.nist.gov/cryptval/140-1/1401val.htm
(this includes software and hardware modules).
For Mitigation of Other Attacks, the FIPS 140 evaluation doesn't
look at these. Some vendors might consider these attacks and
Damien O'Rourke wrote:
I was wondering if anyone could list a number of cryptographic processors
that are compliant with the Federal information processing standard (FIPS)
140-2 Security Requirements for cryptographic modules.
NIST, the US Government Agency responsible for FIPS 140, maintains
On Sun, 16 Mar 2003, Eugen Leitl wrote:
There's a world of difference between a line of people each slowly
stepping through the gate past a sensor in roughly aligned orientation and
a fixed-orientation no-zoom low-resolution camera looking at a group of
freely behaving subjects at varying
On Sun, 23 Mar 2003, Ian Grigg wrote:
Consider this simple fact: There has been no
MITM attack, in the lifetime of the Internet,
that has recorded or documented the acquisition
and fraudulent use of a credit card (CC).
(Over any Internet medium.)
How do you view attacks based on tricking
On Sun, 16 Mar 2003, Bill Stewart wrote:
But there are two sides to the problem - recording the images of the
people you're looking for, and viewing the crowd to try to find
matches. You're right that airport security gates are probably a
pretty good consistent place to view the crowd, but
At 11:10 PM 3/23/2003 -0500, Ian Grigg wrote:
Who's afraid of Mallory Wolf?
slight observations ... i've heard of no cases of credit card number
intercepted on the internet in flight (requiring crypto) ... and no known
cases of MITM attack (requiring certificates)
However there have been some
In message [EMAIL PROTECTED], Ian Grigg writes:
Who's afraid of Mallory Wolf?
Even worse, there's not been any known MITM of
any aggresive form. The only cases known are
a bunch of demos, under laboratory conditions.
They don't count, and MITM remains a theoretical
attack, more the subject of
Regarding using blinding to defend against timing attacks, and supposing
that a crypto library is going to have support for blinding:
- Should it do blinding for RSA signatures as well as RSA decryption?
- How about for ElGamal decryption?
- Non-ephemeral (static) DH key exchange?
-
Grigg counts the benefits of living in a MITM-protected world (no MITM
attacks recorded), as though they would happen with or without MITM
protection. Is there any reason to believe that's this is, in fact,
true? That is, if zero dollars were spent on MITM protection, would
there still be no
ref:
http://www.garlic.com/~lynn/aadsm14.htm#1 Who's afraid of Mallory Wolf?
http://www.garlic.com/~lynn/aadsm14.htm#2 Who's afraid of Mallory Wolf?
(addenda)
here is discussion of armoring websites with respect to security
proportional to what is at risk
At 11:10 PM 3/23/2003 -0500, Ian Grigg wrote:
Automatically generated self-
signed FREEDOM CERTIFICATES, as a convenient
temporary measure until widespread Anonymous-
Diffie-Hellman is deployed in the field, would
appear to strike the quickest and most cost-
effective blow for Browsing Liberty
There are only about 310 fips-140-1/2 total validation certificates since
1995. http://csrc.nist.gov/cryptval/
Since the FIPS-140-2 was not signed in until mid-2001 there where very few
in 2002 - see the 2 links below.
http://csrc.nist.gov/cryptval/140-1/1401val2002.htm
From the New York Times:
Supreme Court Refuses to Review Wiretaps Ruling
March 24, 2003
By DAVID STOUT
WASHINGTON, March 24 - In a case balancing national
security with civil liberties, the Supreme Court refused to
interfere today with a lower court ruling giving the
Justice Department
On Monday 24 March 2003 11:37, Peter Clay wrote:
On Sun, 23 Mar 2003, Ian Grigg wrote:
Consider this simple fact: There has been no
MITM attack, in the lifetime of the Internet,
that has recorded or documented the acquisition
and fraudulent use of a credit card (CC).
(Over any
On Monday 24 March 2003 13:02, Steven M. Bellovin wrote:
In message [EMAIL PROTECTED], Ian Grigg writes:
Who's afraid of Mallory Wolf?
Even worse, there's not been any known MITM of
any aggresive form. The only cases known are
a bunch of demos, under laboratory conditions.
They don't
Ian Grigg wrote:
By common wisdom, SSL is designed to defeat
the so-called Man in the Middle attack, or
MITM for short.
The question arises, why?
One possible reason: Because DNS is insecure.
If you can spoof DNS, you can mount a MITM attack.
A second possible reason: It's hard to predict
what
Nomen Nescio wrote:
Regarding using blinding to defend against timing attacks, and supposing
that a crypto library is going to have support for blinding:
- Should it do blinding for RSA signatures as well as RSA decryption?
- How about for DSS signatures?
My guess is that it's not necessary,
Ian Grigg wrote:
...
The analysis of the designers of SSL indicated
that the threat model included the MITM.
On what did they found this? It's hard to pin
it down, and it may very well be, being blessed
with nearly a decade's more experience, that
the inclusion of the MITM in the threat
On Monday 24 March 2003 14:11, David Turner wrote:
Grigg counts the benefits of living in a MITM-protected world (no MITM
attacks recorded), as though they would happen with or without MITM
protection. Is there any reason to believe that's this is, in fact,
true?
That is indeed the question,
On Monday, Mar 24, 2003, at 11:00 US/Eastern, Ian Grigg wrote:
On Saturday 22 March 2003 17:12, Douglas F. Calvert wrote:
I will be organizing a keysigning session for CFP2003. Please submit
your keys to [EMAIL PROTECTED] and I will print out sheets with key
information in order to speed up the
On Mon, 24 Mar 2003, Peter Clay wrote:
On Sun, 23 Mar 2003, Ian Grigg wrote:
Consider this simple fact: There has been no
MITM attack, in the lifetime of the Internet,
that has recorded or documented the acquisition
and fraudulent use of a credit card (CC).
(Over any Internet medium.)
On Monday, Mar 24, 2003, at 11:37 US/Eastern, Peter Clay wrote:
On Sun, 23 Mar 2003, Ian Grigg wrote:
Consider this simple fact: There has been no
MITM attack, in the lifetime of the Internet,
that has recorded or documented the acquisition
and fraudulent use of a credit card (CC).
(Over any
So far, as I see it, this is not an issue of specific SSL protocol, but of
unrestrictive browser to user interfacing. The only MITM attacks that have
been practical valid attacks as of lately were specific to microsoft browser
issues when interfacing with SSL. On another note, MITM attacks on SSL,
46 matches
Mail list logo