Cryptography-Digest Digest #834, Volume #13 Thu, 8 Mar 01 06:13:01 EST
Contents:
Re: PKI and Non-repudiation practicalities (Mark Currie)
Re: Super strong crypto (Mok-Kong Shen)
Re: One-time Pad really unbreakable? (Frank Gerlach)
Re: Creating serial numbers? (Niklas Frykholm)
Re: Just getting interested... (Frank Gerlach)
Re: TV Licensing (Was: => FBI easily cracks encryption ...?) ("John Niven")
Re: Just getting interested... (Arturo)
Re: TV Licensing (Was: => FBI easily cracks encryption ...?) (Arturo)
Re: So far OT: British shows (Arturo)
Re: => FBI easily cracks encryption ...? (Damian Kneale)
Re: TV Licensing (Was: => FBI easily cracks encryption ...?) ("Sam Simpson")
Re: TV Licensing (Was: => FBI easily cracks encryption ...?) ("John Niven")
Where is Security Engineering by Ross Anderson? ("Sam Simpson")
----------------------------------------------------------------------------
Subject: Re: PKI and Non-repudiation practicalities
From: [EMAIL PROTECTED] (Mark Currie)
Date: 08 Mar 2001 08:24:24 GMT
Hi,
Ok, I see now where you changed to discussing this model (AADS). I am not
familiar with this model, I guess that I will have to visit your site. It
sounds interesting.
Mark
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
>
>[EMAIL PROTECTED] (Mark Currie) writes:
>
>> The attack that you make on shared-key systems is not entirely fair though.
>> Although it may be possible to crack the central repository of
>> shared-secrets/credit card numbers, PKI has a similar problem in that if you
>> compromise a CA, or worse, a root CA, you can create millions of new
>> certificates using existing identities that you can now masquerade. The way
PKI
>> solves this is to suggest that you place your root CA in a bunker (possibly
>> under a mountain!) and in fact have multiple instances scattered around the
>> world. This increases the cost of PKI. In an earlier thread you mentioned
the
>> possible savings to be gained by having chip cards (shared across
>> institutions). This may outweight the associated infrastructure costs but I
>> don't think that PKI infrastructure costs are insignificant. Even if you
just
>> focus on the CA's, hierachical PKI's tend to create a central trust point
(root
>> CA) that millions of certs rely on. Typically a lot more users rely on the
>> central point than what you would find in shared-secret systems. This puts
>> enormous pressure on the security of this entity. If the root CA (plus
copies)
>> are attacked by an organised para-military group, the whole trust chain
>> collapses because you can't be sure that the private key wasn't compromised
in
>> the process. Preventing these types of attack are not cheap.
>>
>> Mark
>
>I'm not talking about PKI, CA's or the certification authority digital
>signature model (CADS model) ... i'm talking about the AADS (account
>authority digital signature) model. It eliminates the systemic risks
>inherent in the CADS model.
>
>random refs to the AADS model can be found at:
>http://www.garlic.com/~lynn
>
>I take a infrastructure that currently registeres shared-secrets and
>instead register public keys. No business process costs ... just some
>technology costs.
>
>Given that many back-end systems have some pretty strigent security
>and audit requirements specifically targeted at preventing things like
>insiders harvesting shared-secrets .... some of those procedures and
>associates costs can be alliviated.
>
>Also, in the ISP world ... a significant costs is service call
>associated with handling a password compromise. This is further
>aggrevated by human factors issues with people having to track &
>remember a large number of different shared-secrets ... because of the
>guidelines about not using the same shared-secrets in multiple
>different domains.
>
>i.e. the start of my comments on this thread was purely the transition
>of existing business processes (no new, changed &/or different
>business processes, no reliance on 3rd parties and all the associated
>new issues with regard to liability, vulnerabilities, and systemic
>risk, etc) from a shared-secret paradigm to a public key/secret/token
>paradigm ... and some deployment approaches that would result in lower
>costs than the current shared-secret paradigm (for instance adding a
>chip to an existing card being distributed might be able to save
>having to distribute one or more subsequent cards ... resulting in
>distributing hardware tokens actually costing the overall
>infrastructure less than distributing magstripe cards).
>
>random systemic risk refs from thread in sci.crypt in fall of 99
>http://www.garlic.com/~lynn/99.html#156
>http://www.garlic.com/~lynn/99.html#236
>http://www.garlic.com/~lynn/99.html#240
>
>random other system risk refs:
>http://www.garlic.com/~lynn/98.html#41
>http://www.garlic.com/~lynn/2000.html#36
>http://www.garlic.com/~lynn/2001c.html#34
>
>
>--
>Anne & Lynn Wheeler | [EMAIL PROTECTED] - http://www.garlic.com/~lynn/
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: Super strong crypto
Date: Thu, 08 Mar 2001 09:26:22 +0100
"Douglas A. Gwyn" wrote:
>
> Bryan Olson wrote:
> > But understand it's no small detail. Thousands have tried
> > to bridge that chasm, and so far all have failed.
>
> But in the meantime, we can try to beef up the methods we have
> by such methods as I was suggesting. In applications such as
> one I'm supporting at the moment, there are real-world
> constraints that force the security implementation to work too
> close to the edge, and efficient implementation is paramount
> (so the data encryption will be something like Rijndael with
> small parameters). Under such circumstances, anything that can
> be done to get in the way of the enemy cryptanalysts is welcome.
I have argued in a follow-up (7-th Mar) that it is preferable
to transmit the new keys with a separate dedicated key.
(This effectively means sending the new keys via another
(logical) channel.) I don't yet see the point of attempting
(hard) to safely embed the new keys in the way you proposed,
if the other way is quite clear-cut and readily available
in practice.
M. K. Shen
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: Re: One-time Pad really unbreakable?
Date: Thu, 08 Mar 2001 10:19:39 +0100
Tim Tyler wrote:
>
> Mxsmanic <[EMAIL PROTECTED]> wrote:
>
> : One-time pads are indeed unbreakable, and provably so.
>
> Only in mathematical never-never land. The OTP "specification" does not
> offer any prescription for the generation of suitable random numbers -
> and since no such recipe is likely to be forthcoming, the "provably
> secure" OTP will never make it off the paper and into the real world.
If you call the widely used SIGSALY (check www.nsa.gov for it)
"mathematical never-never land"
then you are correct.
I assume that OTPs are still used every day, especially by intelligence
services.
OTPs have the nice property that you can easily do it by hand/paper, and
nobody will be able to
break it, if you use it *disciplined* and have the keys correctly
generated.
The russian KGB and the german BND regularly used it during the cold war
to communicate
with their agents operating in enemy territory. Why should they stopped
using it ?
Your criticism boils down to technology and philosophy.
First, you argue that a lot of physical randomness sources are badly
implemented and
secondly you question the existence of randomness at all.
The first argument can be easily defied: Just print out a large number
of
sequences abc...z 0..9, cut out each character and put it in a mixing
bowl. Mix it for
five minutes by hand and then pick a character at a time and write it
down. That is your
key. The TV lottery shows us week that good OTP keys *are* possible.
I agree with the second argument in the sense that we still do not know
whether there is
determinism or not. But if someone can come up with natural laws, which
can *really* simulate that human and his/her fingers in the mixing bowl,
we have much bigger problems than just cryptography. IMO, this would
include the *accurate* capability to simulate a complete human body,
including the brain. I assume the open-source community would
immediately modify the simulated brains and that could create the
ultimate hacking tool....
Manual OTPs have even become more important with the development of
powerful antennas and signal processing equipment. Even the poorest
third-world country can use it to get the same security level as the
richest nations. Maybe they get even more security, because they
cannot be tricked into using "secure", but expensive electronic
equipment.
------------------------------
From: [EMAIL PROTECTED] (Niklas Frykholm)
Subject: Re: Creating serial numbers?
Date: Thu, 8 Mar 2001 08:09:20 +0000 (UTC)
In article <[EMAIL PROTECTED]>, Paul Rubin wrote:
>"Lior Messinger" <[EMAIL PROTECTED]> writes:
>> I need to create a very large set of unique serial numbers (10-100
>> millions). The requirements:
>> 1. No one can create but me
>> 2. Minimum number of digits. In Hex its 7 Digits, I'd like to stick to that
>
>7 hex digits = 2**28 = 256 million. If you have 100 million legitimate
>numbers, then someone picking 7 random hex digits has better than 1/3
>chance of getting a legitimate number.
>
>You need more digits.
Suggestion:
Let ID be a unique ID number in the range (0..100 million). Use a counter.
Let K be a secret key, known only by you (128 bit long).
Generate the serial number as:
ID || H(K || ID)
where H is a hash function.
To verify a serial number, split out the first half (ID), hash it with the
key and check that the result matches the second half.
Note that you need K to verify a serial number. If you want a serial
number to be verifiable by someone who doesn't know K, you must probably
use (slower) assymetric cryptography.
The ID string needs to be 27 bits long to have room for 100 million
entries. The length of the hash string determines the probability of
forging a serial number. If you are satisfied with a chance of 1 in
500 million, you can use 29 bits, giving you a total serial number
length of 56 bits or 14 hex digits.
Some people feel uneasy about hashing related values, such as H(K || 1),
H(K || 2), H(K || 3)... it is possible that there could be an attacked
based on the fact that there is a simple relation between the hashed
values. However, I've never heard of a practical attack of this type
against a strong hash function, such as SHA-1. Also, such an attack would
probably require the attacker to gather a large ammount of serial numbers.
If you want to preempt attacks of this type, you need to use more bits for the
ID field and generate the ID numbers (pseudo)randomly to reduce the chance of
finding useful relations between them.
// Niklas
------------------------------
From: Frank Gerlach <[EMAIL PROTECTED]>
Subject: Re: Just getting interested...
Date: Thu, 08 Mar 2001 10:25:51 +0100
Matt Broughton wrote:
>
> I'm just getting interested in cryptology and cryptanalysis, are there any
> books that you all would recommend on the topic? I havent gotten very
> techincal yet, but im trying to get a well rounded view on the subjects.
> Currently im reading "The Code Book" by Simon Singh and I'm enjoying it
> immensly. After that, Im wanting to move more towards the computer aspect
> of it all...any recommended reading? Please reply directly...
>
> Matt Broughton
Buy Bruce Schneier's "Applied Cryptography" - he combines theory and
practical application very well. I would even consider this book the
standard for people who have to develop secure software or do security
assessments.
------------------------------
From: "John Niven" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: TV Licensing (Was: => FBI easily cracks encryption ...?)
Date: Thu, 8 Mar 2001 09:32:38 -0000
My apologies. That was my understanding based on my (admittedly dated)
experience from the 1980's. Like you say, though, they hardly trumpet the
fact!
John
--
John Niven
(Reply through newsgroup)
"Sam Simpson" <[EMAIL PROTECTED]> wrote in message
news:1Dup6.1715$[EMAIL PROTECTED]...
> That's not true at all. The TV Licensing Authority hardly trumpets the
> fact, but "using television receiving equipment to receive or record
> television programme services you are required by law to have a valid TV
> licence." Owning a TV to watch DVD's, videos or use connected to a
computer
> DOES NOT require a license.
>
> As a student I used to sell electrical goods (including TVs!) and we were
> given these instructions by the TV Licensing.
>
> Don't believe me, call them on: 08457 77 55 44 - I just did (to confirm
that
> the rules haven't changed!).
>
>
> Regards,
>
> Sam
> http://www.scramdisk.clara.net/
>
>
>
>
------------------------------
From: Arturo <aquiranNO$[EMAIL PROTECTED]>
Subject: Re: Just getting interested...
Date: Thu, 08 Mar 2001 10:47:11 +0100
On Thu, 08 Mar 2001 10:25:51 +0100, Frank Gerlach <[EMAIL PROTECTED]>
wrote:
>Matt Broughton wrote:
>>
>> I'm just getting interested in cryptology and cryptanalysis, are there any
>> books that you all would recommend on the topic? I havent gotten very
>> techincal yet, but im trying to get a well rounded view on the subjects.
>> Currently im reading "The Code Book" by Simon Singh and I'm enjoying it
>> immensly. After that, Im wanting to move more towards the computer aspect
>> of it all...any recommended reading? Please reply directly...
>>
>> Matt Broughton
Did you get the Handbook of Applied Cryptography?
http://www.cacr.math.uwaterloo.ca/hac/
It�s good, it�s online, it�s free.
------------------------------
From: Arturo <aquiranNO$[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: TV Licensing (Was: => FBI easily cracks encryption ...?)
Date: Thu, 08 Mar 2001 10:31:23 +0100
On Wed, 07 Mar 2001 11:54:45 -0700, Sundial Services <[EMAIL PROTECTED]>
wrote:
>Ahh... so THAT'S how those sitcoms get paid for! It seems that BBC
>should be getting enough revenue from American public-television
>stations. I mean, here in the States, if there's not a pledge-drive
>going on, all you can get is British "humor," political commentaries
>from folks who look like they witnessed the Civil War first-hand, and
>Teletubbies. ;-) Which is why I prefer books. And news groups. ;-)
>;-)
Doesn�t the BBC get revenues from advertising, like most other TV
stations (public or private)? Or was it just an excuse for the Whitehall people
to know what their people are doing? Gosh, that�s thought police, isn�t it?
(BTW, in Spain my children can watch Teletubbies for free. Add that to our
wonderful weather and good wine...)
------------------------------
From: Arturo <aquiranNO$[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: So far OT: British shows
Date: Thu, 08 Mar 2001 10:33:54 +0100
On Wed, 7 Mar 2001 18:22:14 -0600, "Daniel Johnson"
<[EMAIL PROTECTED]> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
> (cross posted)
>Sam Simpson wrote in message ...
>>(At the risk of extending the life of a wayyyyyyyyyyyyyy off topic
>>thread ;)
>>
>>Out of interest, what British comedies do you guys get? More
>>importantly, which of these do you think is funny? Which don't
>>appeal?
>
In Spain, we get almost no British programs since the Benny Hill Show.
We took the Teletubbies for the kids, some documentary now and then ... do 007
movies qualify?
------------------------------
From: [EMAIL PROTECTED] (Damian Kneale)
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Thu, 08 Mar 2001 10:11:24 GMT
Once Paul Rubin <[EMAIL PROTECTED]> inscribed in stone:
>CR Lyttle <[EMAIL PROTECTED]> writes:
>> I've seen and built system for less than $100 that can read your monitor
>> from across the street. Several countries have regular patrols checking,
>> from the street, what their citizens are watching on TV or listening to
>> on radios. (Does England still do that?). Such technology has been
>> available for over 50 years. It just keeps getting cheaper.
>
>Can you post details about this? I've always thought it was an urban
>myth except under lab conditions.
Not at all, from what I have heard from reliable sources. However,
I've also heard of the standard practices to combat it. These amount
to shielding, or leaded glass and similar to simply letting the
inverse square law have its way - a fence 50 metres from the nearest
internal building of a complex is a wonderful security measure.
To wade into the whole "capabilities" debate, the choice seems fairly
simple. Have a government capable of breaking code and listening at
will, or have one that cannot. Being from Australia, a country
defended from Japan during WW2 largely due to successes in
codebreaking, I'm all for a government that has that capability.
Making sure your government is trusted with that capability is a
little tougher, but at least down here we are somewhat more relaxed
about such things, and I know most internal crimes are quite happily
combatted with conventional policing methods (to the point I have an
associate who is actively watched by ASIO, all through conventional
policing).
Damian.
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: TV Licensing (Was: => FBI easily cracks encryption ...?)
Date: Thu, 8 Mar 2001 10:12:59 -0000
Arturo <aquiranNO$[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Wed, 07 Mar 2001 11:54:45 -0700, Sundial Services
<[EMAIL PROTECTED]>
> wrote:
>
> >Ahh... so THAT'S how those sitcoms get paid for! It seems that BBC
> >should be getting enough revenue from American public-television
> >stations. I mean, here in the States, if there's not a pledge-drive
> >going on, all you can get is British "humor," political commentaries
> >from folks who look like they witnessed the Civil War first-hand, and
> >Teletubbies. ;-) Which is why I prefer books. And news groups. ;-)
> >;-)
>
> Doesn�t the BBC get revenues from advertising, like most other TV
> stations (public or private)?
No, they don't have adverts.
> Or was it just an excuse for the Whitehall people
> to know what their people are doing? Gosh, that�s thought police, isn�t
it?
> (BTW, in Spain my children can watch Teletubbies for free. Add that to
our
> wonderful weather and good wine...)
I'm sure your channels pay BBC for the privilege!
--
Regards,
Sam
http://www.scramdisk.clara.net/
------------------------------
From: "John Niven" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: TV Licensing (Was: => FBI easily cracks encryption ...?)
Date: Thu, 8 Mar 2001 10:14:58 -0000
> Doesn�t the BBC get revenues from advertising, like most other TV
> stations (public or private)?
No. The BBC *does* have private revenue streams (eg. from selling the
Teletubbies!!!) but relies primarily on "the Licence Fee". Advertising
doesn't exist on the BBC, except for products produced by, or endorsed by,
the BBC. So we see a brief advertisement for "the Radio Times" (a listings
magazine produced by the BBC), followed by a "small print" reminder that
"other TV listings magazines are available".
> (BTW, in Spain my children can watch Teletubbies for free. Add that to
our
> wonderful weather and good wine...)
Stop it! Stop it! You're making me jealous! (It's raining at the moment,
here in "sunny" Glasgow).
John
--
John Niven
(Reply through newsgroup)
"Arturo" <aquiranNO$[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> On Wed, 07 Mar 2001 11:54:45 -0700, Sundial Services
<[EMAIL PROTECTED]>
> wrote:
>
> >Ahh... so THAT'S how those sitcoms get paid for! It seems that BBC
> >should be getting enough revenue from American public-television
> >stations. I mean, here in the States, if there's not a pledge-drive
> >going on, all you can get is British "humor," political commentaries
> >from folks who look like they witnessed the Civil War first-hand, and
> >Teletubbies. ;-) Which is why I prefer books. And news groups. ;-)
> >;-)
>
> Doesn�t the BBC get revenues from advertising, like most other TV
> stations (public or private)? Or was it just an excuse for the Whitehall
people
> to know what their people are doing? Gosh, that�s thought police, isn�t
it?
> (BTW, in Spain my children can watch Teletubbies for free. Add that to
our
> wonderful weather and good wine...)
------------------------------
From: "Sam Simpson" <[EMAIL PROTECTED]>
Subject: Where is Security Engineering by Ross Anderson?
Date: Thu, 8 Mar 2001 10:25:12 -0000
I've just been informed it's been delayed by the publishers - anyone have an
idea when it's now due?
--
Regards,
Sam
http://www.scramdisk.clara.net/
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
