Cryptography-Digest Digest #676, Volume #10 Fri, 3 Dec 99 17:13:02 EST
Contents:
Re: NSA should do a cryptoanalysis of AES (Eric Lee Green)
Re: NSA should do a cryptoanalysis of AES ("Douglas A. Gwyn")
Re: How can you tell? ("Douglas A. Gwyn")
Re: What part of 'You need the key to know' don't you people get? ("Douglas A. Gwyn")
Re: NSA should do a cryptoanalysis of AES (Eric Lee Green)
Re: NSA should do a cryptoanalysis of AES ("karl malbrain")
Re: Peekboo Ideas? >> Question ... ([EMAIL PROTECTED])
Re: cookies ("Douglas A. Gwyn")
Re: NSA should do a cryptoanalysis of AES ("Douglas A. Gwyn")
Re: NSA should do a cryptoanalysis of AES ("Douglas A. Gwyn")
Re: cookies ("karl malbrain")
Re: NSA should do a cryptoanalysis of AES ("karl malbrain")
----------------------------------------------------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: NSA should do a cryptoanalysis of AES
Date: Fri, 03 Dec 1999 14:02:07 -0700
"SCOTT19U.ZIP_GUY" wrote:
>
> In article <[EMAIL PROTECTED]>, "Brian Gladman"
><[EMAIL PROTECTED]> wrote:
> >
> >Jim Gillogly <[EMAIL PROTECTED]> wrote in message
> >news:[EMAIL PROTECTED]...
> >> Keith A Monahan wrote:
> >> > My concern is that if they DID break one of the algorithms and
> >> > didn't tell us(or NIST) about it. I don't know how likely that
> >> > is, but it is certainly a possible case.
> >> >
> >> > It wouldn't be _as_ bad as if the NSA broke it, told us about it,
> >> > but didn't tell us how. That would still keep me wondering, but
> >> > at least we'd know the cipher isn't secure. Even without telling
> >> > us how they did it, we might be able to draw some conclusions about
> >> > ciphers of that same nature.
> >>
> >> If they say they broke it and demonstrate that they can break an
> >> arbitrary challenge, then I agree that's useful information. If
> >> they say they have an attack that reduces a 128-bit keyspace to
> >> a 70-bit keyspace, I'd want to see the attack before making a
> >> decision to eliminate the candidate. Sorry if this appears paranoid,
> >> but we must always remember that NSA has two responsibilities: to
> >> read traffic, and to protect US infrastructure (mainly military).
> >> If you're going to accept their help uncritically, you'd better
> >> know which side of the house is giving it to you. There's no
> >> question that they could provide valuable insight on the candidates;
> >> the only question is how they can convey it credibly.
> >
> >As others have said, those that distrust NSA are not going to be swayed by
> >their arguments but for those of us who believe that they are a force for
> >good in respect of the strength of cryptographic algorithms would consider
> >what they have to say very seriously. I also believe that they should say
> >something and I don't see much reason why they should not do so this time
> >round.
> >
> >In retrospect, all the ***covert*** actions that NSA took on DES improved
> >the algorithm and it is not obvious why they would behave differently now.
> >The US is the most advanced 'information economy' in the world and this
> >means that the US has more to loose than anyone if AES turns out to be weak.
> >And this also allows those of us outside the US to trust AES since we are in
> >a sort of 'Mutually Assured Destruction (MAD) situation' where any NSA
> >action to bring us down would bring the US down as well.
> >
> >NSA did reduce the key length of DES from 64 to 56 bits and many thought
> >that this was so that they could break it but I very much doubt this. Given
> >the technology available at the time, and their 'volume' cracking needs, I
> >cannot see that this conclusion stands up under retrospective scrutiny.
> This is one fact where your wrong the design of MECL logic boards
> was will known at that time. It would be foolish to think they did not build
> hardware to conviently break the 56 bit keys.
> >
> >Although I do not know the answer here, I suspect what it might be. My
> >guess is that NSA were breaking much poorer algorithms than DES at the time
> >and desperately needed a way of convincing their targets not to move to DES.
> >The key length reduction, leaving people to draw the (wrong) conclusions,
> >was a masterful bit of psychological warfare that did exactly this.
> You have got to be joking. Who would belive such nonsense.
> >
> >As a result of this brilliant deception I suspect that NSA targets went on
> >using broken algorithms for years even though a great algorithm - DES - was
> >right in front of their very eyes. And the fact that DES was strong and yet
> >seemed to outsiders to be weak provided a rare occasion in which the good
> >guys were able to 'have their cake and eat it' by being able to use DES for
> >true protection while ensuring that the bad guys were far too suspicious of
> >it to ever contemplate its use.
> You are not even close to reality.
> >
> >The sad fact is that computer security is many orders of magnitude less
> >effective than algorithmic security and this will increasingly mean that
> >there is little point in climbing almost infinitely high walls when there
> >are plenty of gaping holes to exploit (i.e. I agree with Bruce Schneier's
> >previous comments here).
> >
> > Brian Gladman
>
>
> I sure that the NSA is laughing out loud about your rediculous statements.
I've been designing a secure protocol. It is hard work. You have to worry
about replay attacks, initial key handshakes, and a number of other things.
Then there is the question of the keys themselves -- how do you know that
server Y is, in fact, server Y? Sure he sent a digest signature encrypted with
server Y's private key and you read it with server Y's public key, but how do
you know that you have server Y's public key and not, in fact, server Z's? Ok,
so you're going to store it in a public key depository somewhere, and you have
the public key depository's public key hard-wired into your program. How do
you know the public key depository has not been compromised? How do you know
that someone hasn't infected your computer with a virus that changed that
hard-wired public key and then redirected key services to another (their)
server?
And what good does this all do if the data being sent is stored on your hard
drive "in the clear", ready to be read by anybody who compromises the security
of your computer? And what good does that do if you use your birthday as your
password, a date that everybody in your office knows? IMHO, infecting your
computer with the NSA Virus (a hypothetical[?] virus that sends a CC: copy of
all your EMAIL to NSA headquarters prior to encrypting it) is a lot easier to
do than breaking the encryption on the already-encrypted EMAIL. Just look at
how swiftly the Melissa virus spread!
Fact: Computer security inconveniences users. They want to be able to do
anything, anywhere, without being prompted for passwords or limited in any
manner. This is inherently incompatible with the demands of security,
something I had to fight daily as a network administrator, and I'm ashamed to
say that I, too, sacrificed security many times for the sake of convenience.
For example, I had a password checker installed that would not allow users to
use easy-to-guess passwords (like their user name). I almost got lynched! My
boss came to me and told me to take out the password checker because of all
the complaints he got after I explained to people that using simple English
dictionary words or their user name as their password was NOT a good idea. So
now on that network if you want to log in as "jerry", there's probably a 90%
chance that the password is "jerry" :-(. With security like that, who needs to
break encryption?
--
Eric Lee Green [EMAIL PROTECTED]
Software Engineer Visit our Web page:
Enhanced Software Technologies, Inc. http://www.estinc.com/
(602) 470-1115 voice (602) 470-1116 fax
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NSA should do a cryptoanalysis of AES
Date: Fri, 03 Dec 1999 21:08:08 GMT
"SCOTT19U.ZIP_GUY" wrote:
> ... Why do you think the dam tiolet seats are so expensive
> when the government buys them.
The infamous "toilet seat" was a limited production of fiberglass
moldings for a military transport plane, and would have cost about
as much as it did no matter what. Similarly for most of Proxmire's
"Golden Fleece" awards, such as the expensive hammer (which had to
be a special nonsparking allow for use in an explosive environment)
and the tiny metal rod (which was a superfine-finish gyro bearing).
There is no doubt some waste and fraud in government contracting,
but it's not nearly as pervasive a problem as you are led to think.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: How can you tell?
Date: Fri, 03 Dec 1999 21:09:39 GMT
John wrote:
> Say you had an encrypter and no source. How would you go about
> verifying it?
You haven't said what you want to verify. If it is the resistance
to cryptanalysis, the only sure-fire way is to turn loose the world's
best cryptanalysts on it, preferably with complete information about
the inner workings of the encryptor.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: What part of 'You need the key to know' don't you people get?
Date: Fri, 03 Dec 1999 21:25:35 GMT
wtshaw wrote:
> (Johnny Bravo) wrote:
> > It is easier to make claims that to support or
> > disprove them, why should the community be tasked with debunking
> > every crackpot theory that anyone could ever come up with.
> What if is an important strategy to test your position. Science
> requires routine reevaluation of positions, not being prejudiced ...
You're missing the point. There are *plenty* of ideas, far more
than we scientists can ever pursue. Therefore, some intelligent
*pre-filtering* is required to keep the pursuit of new ideas
manageable. One important criterion for this filtering is that
the idea should have some supporting evidence. If it is a mere
unsubstantiated assertion, then it deservedly will be ignored.
An exception is sometimes made when the proponent of a wacky idea
has a proven track record, which in effect substitutes trust in
his intuition for immediate evidence.
There is also a *negative* evaluation of the likelihood of
productive inquiry when the proponent of the idea *acts* like a
crackpot. If you study the history of crank ideas in science,
you'll find that they tend to have a lot of common characteristics,
such as failure to reconcile the new claims with established
knowledge that they blatantly contradict, and the proponents
complaining about a conspiracy of the orthodoxy when their
proposals are ignored.
If you want to propose a new idea and have it taken seriously,
it is simply a fact that you need to present the idea in a way
that addresses the legitimate criteria that scientists have to
apply to filter incoming proposals.
------------------------------
From: Eric Lee Green <[EMAIL PROTECTED]>
Subject: Re: NSA should do a cryptoanalysis of AES
Date: Fri, 03 Dec 1999 14:22:50 -0700
Brian Gladman wrote:
> In my career I have seen the move from defence to civil dominance in a
> number of areas - in computer systems, in integrated circuits, in software
> operating systems, in high level languages, in computer networking, in
> display technologies, and now, in my view, in computer and cryptographic
> security.
But you'll notice that this does not apply to things that are high on the
government's military priorities list. For example, the civil sector does not
have anything NEAR the experience with supersonic aerodynamics of small jet
craft as the military sector does :-). (I consider General Dynamics to be an
unofficial arm of the U.S. government, BTW, so don't point to them as a
"private sector" company).
Cryptography is an area with a major military component. While there are civil
designers of technologies with major military use (e.g., the designers of the
Concorde, if we're talking supersonic jet design), the fact remains that the
military-industrial complex still has large capabilities in this area, and
their total spending probably is similar to that of the private sector (but
MUCH better focussed). And don't forget, they had a forty year head start.
BTW, don't assume that all private sector cryptographers in academia are
actually independent. Back in the mid 80's, at least, I remember one group at
the university that was supposedly doing advanced computational numerics
studies but the rumor was that they were actually doing a "black" project for
the NSA. At least, they were getting an ungodly amount of money funneled
through the National Science Foundation (far more than would be justified for
that particular narrow area of study), all members of the group were required
to pass background checks and be U.S. citizens (very hard to do, in a CS
graduate department where most students and at least half of the instructors
were foreign, but they managed it!), and the section of the graduate studies
building that held their offices was explicitly remodelled with special
security doors, something that no other section of the building had. So don't
assume that the NSA is constrained to use only their own personnel...
I don't agree with the paranoids who believe that all algorithms currently in
use are easily crackable by the NSA, but I do think that we shouldn't
underestimate their expertise. I tend to agree with Bruce Schneir's recent
comments about the gap having been largely closed in the last decade -- but
understimating the NSA is not a good idea even so.
--
Eric Lee Green [EMAIL PROTECTED]
Software Engineer Visit our Web page:
Enhanced Software Technologies, Inc. http://www.estinc.com/
(602) 470-1115 voice (602) 470-1116 fax
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Subject: Re: NSA should do a cryptoanalysis of AES
Date: Fri, 3 Dec 1999 13:28:14 -0800
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> "SCOTT19U.ZIP_GUY" wrote:
> > ... Why do you think the dam tiolet seats are so expensive
> > when the government buys them.
>
> The infamous "toilet seat" was a limited production of fiberglass
> moldings for a military transport plane, and would have cost about
> as much as it did no matter what.
Pure nonsense. We're talking about how the military specified a non-COTS
toilet seat in the first place. Karl M
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Peekboo Ideas? >> Question ...
Date: Fri, 03 Dec 1999 16:26:17 -0500
Question
When you are creating password with 'Use Key' is this operation creating THE
SAME password for the same public + private keys selected, time after time ?
--
Thanks, Richard
======================================================
Tom St Denis wrote:
>
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] wrote:
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: cookies
Date: Fri, 03 Dec 1999 21:38:53 GMT
karl malbrain wrote:
> Refusing COOKIES does not in any way reduce the capabilities of
> WINSOCK to transmit anything from your computer anywhere on the net.
> A `security breach' can come from ANY program you run as long as you
> are CONNECTED to the outside world. Only OFFENSIVE security has any
> real value.
You're not really helping the poor fellow who was asking about
cookies. The point of a cookie is to store information that can
later be retrieved, but it doesn't pick up information from outside
the cookie, so for example your secret files aren't in danger from
enabling cookie support in a browser. Much more of a risk is to
enable "active" support such as ActiveX and JavaScript; while these
were supposed to contain protections against malicious use, time
has shown that they have had (and presumably continue to have)
security problems. When accessing a hacker or otherwise suspect
site, you should first disable ActiveX, Java, and JavaScript
support in your browser.
There are numerous other vulnerabilities in the old Internet
protocols, but in almost every case it takes the active
participation of a program on your own computer to exploit them,
not just some procedure initated by the remote site. In particular,
simply being attached to the Internet does *not* put your files at
risk, if your system is not providing any "services" to the net
and you are not initiating net protocols yourself. (In many cases,
notably Windows, people have no clue what Internet processes their
computer is supporting.)
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NSA should do a cryptoanalysis of AES
Date: Fri, 03 Dec 1999 21:45:11 GMT
karl malbrain wrote:
> Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> > The infamous "toilet seat" was a limited production of fiberglass
> > moldings for a military transport plane, and would have cost about
> > as much as it did no matter what.
> Pure nonsense. We're talking about how the military specified a
> non-COTS toilet seat in the first place.
It wasn't a "toilet seat", dammit, it was a *necessarily* custom
molding to fit a specific tight space in a packed aircraft. How
many other aircraft components are COTS consumer items? Proxmire
was grandstanding for political purposes, and shame on you for
falling for it.
------------------------------
From: "Douglas A. Gwyn" <[EMAIL PROTECTED]>
Subject: Re: NSA should do a cryptoanalysis of AES
Date: Fri, 03 Dec 1999 21:50:49 GMT
Eric Lee Green wrote:
> And what good does this all do if the data being sent is stored on your hard
> drive "in the clear", ready to be read by anybody who compromises the security
> of your computer? And what good does that do if you use your birthday as your
> password, a date that everybody in your office knows? IMHO, infecting your
> computer with the NSA Virus (a hypothetical[?] virus that sends a CC: copy of
> all your EMAIL to NSA headquarters prior to encrypting it) is a lot easier to
> do than breaking the encryption on the already-encrypted EMAIL.
This points up a supremely important fact: Real computer security
has to be built in from the ground up, with no loopholes anywhere.
You could probably achieve it with a capability-based architecture
and extremely good security review throughout system design, but
even so, at some level some user will screw up and hand over the
keys to an untrustworthy agent.
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Subject: Re: cookies
Date: Fri, 3 Dec 1999 13:53:17 -0800
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> karl malbrain wrote:
> > Refusing COOKIES does not in any way reduce the capabilities of
> > WINSOCK to transmit anything from your computer anywhere on the net.
> > A `security breach' can come from ANY program you run as long as you
> > are CONNECTED to the outside world. Only OFFENSIVE security has any
> > real value.
>
> You're not really helping the poor fellow who was asking about
> cookies. The point of a cookie is to store information that can
> later be retrieved, but it doesn't pick up information from outside
> the cookie, so for example your secret files aren't in danger from
> enabling cookie support in a browser. Much more of a risk is to
> enable "active" support such as ActiveX and JavaScript; while these
> were supposed to contain protections against malicious use, time
> has shown that they have had (and presumably continue to have)
> security problems. When accessing a hacker or otherwise suspect
> site, you should first disable ActiveX, Java, and JavaScript
> support in your browser.
>
> There are numerous other vulnerabilities in the old Internet
> protocols, but in almost every case it takes the active
> participation of a program on your own computer to exploit them,
> not just some procedure initated by the remote site. In particular,
> simply being attached to the Internet does *not* put your files at
> risk, if your system is not providing any "services" to the net
> and you are not initiating net protocols yourself. (In many cases,
> notably Windows, people have no clue what Internet processes their
> computer is supporting.)
You claim your hodge-podge is helpful??? 1. What is a `hacker or otherwise
suspect' site, anyway? 2. There is NO basis to presume that ActiveX and Java
are the only way to coerce your browser to transmit information. 3. Windows
so complicated you cannot demonstrate that somewhere in the 40MB of mapped
code from hundreds of various and assorted DLL files is not 2 or 3 system
calls transferring who knows what data where. Your sense of SECURITY is
entirely mis-placed.
OFFENSIVE security doesn't really care who reads which information when or
where, as the WRONG conclusion will result, in all events. Karl M
------------------------------
Reply-To: "karl malbrain" <[EMAIL PROTECTED]>
From: "karl malbrain" <[EMAIL PROTECTED]>
Subject: Re: NSA should do a cryptoanalysis of AES
Date: Fri, 3 Dec 1999 13:59:18 -0800
Douglas A. Gwyn <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> karl malbrain wrote:
> > Douglas A. Gwyn <[EMAIL PROTECTED]> wrote:
> > > The infamous "toilet seat" was a limited production of fiberglass
> > > moldings for a military transport plane, and would have cost about
> > > as much as it did no matter what.
> > Pure nonsense. We're talking about how the military specified a
> > non-COTS toilet seat in the first place.
>
> It wasn't a "toilet seat", dammit, it was a *necessarily* custom
> molding to fit a specific tight space in a packed aircraft. How
> many other aircraft components are COTS consumer items? Proxmire
> was grandstanding for political purposes, and shame on you for
> falling for it.
Your logic reminds me how BART decided to abandon rail-road signaling
standards, and specify their VERY own VOLTAGE level between the rails.
Nothing but problems ever since. And where did you ever get the idea that
I'm not POLITICAL? Karl M
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
