Re: Lava lamp random number generator made useful?
On Tue, 2008-09-23 at 00:09 -0700, Jon Callas wrote: A cheap USB camera would make a good source. The cheaper the better, too. Pull a frame off, hash it, and it's got entropy, even against a white background. No lava lamp needed. I sort of agree, but I feel cautious about recommending that people use their holiday snaps. And then post them on line... if you see where I am going :) But it is a good suggestion. That's not at all what I suggested. There are so many ways that one can creatively screw up reasonable cryptographic advice that I don't think it's worth bothering with. The point is that if you take a cheap 640x480 (or 320x240) webcam and point it against a photographic grey card, there's going to be a lot of noise in it, and this noise is at its bottom quantum in nature. Thus, there's a lot of entropy in that noise. Photographic engineers work *hard* to remove that noise, and you pay for a lack of noise. I'm willing to bet that if I give you hashes of frames, knowing this process, you can't get pre-images. I'll bet that you can't get pre- images even if I let you put a similar camera next to the one I'm using. In short, I'm willing to bet that a cheap camera is a decent random number source, even if you try to control the image source, to the tune of 128-256 bits of entropy per frame. No lava lamps are needed, no weird hardware. Just use the noise in a CCD. Another option would be to use noise. If you have a webcam, you also have some sort of sound input usually. Crappy microphones will give you all sorts of hashable input. (My non-webcam enabled laptop has two tiny microphones above the screen. It would be good to put them to some use...) And is it every truly quiet? Not certain how long of a sample you would need. I suspect not that long. To generate a random seed, please scream at your computer for 30 seconds. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: once more, with feeling.
Peter Gutmann wrote: For existing apps with habituated users, so am I. So how about the following strawman: Take an existing browser (say Firefox), brand it as some special- case secure online banking browser, and use the new developments solution above, i.e. it only talks mutual-auth challenge-response crypto and nothing else. At that point you've reduced Reformat user and reinstall browsing habits to Train users to only use safe-browser when they do their banking, i.e. 'Never enter banking details using anything other than safe-browser'. Even if you only get a subset of users doing this, it's still a massive attack surface reduction because you've raised the bar from any idiot who buys a phishing kit to having to perform a man-in-the-browser attack. We did a version of this for CEAS this year (paper here: http://www.parc.com/research/publications/details.php?id=6496). I agree, I think it's not hard to come up with an architecture that increases user security, while reducing the amount they have to learn. Though, as per Perry's comment, you do need to be able to say that *some* (not all) of the software on your machine is not totally borked... (an interesting question is: how much, and what). --Diana - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: once more, with feeling.
Combining several replies into one... Nicolas Williams [EMAIL PROTECTED] writes: On Mon, Sep 22, 2008 at 08:59:25PM -1000, James A. Donald wrote: The major obstacle is that the government would want a strong binding between sim cards and true names, which is no more practical than a strong binding between physical keys and true names. I've a hard time believing that this is the major obstacle. [...] First, there's a business model problem. Every one wants in: the cell phone manufacturer, the software developer, the network operators, and the banks. With everyone wanting a cut of every transaction done through cell phones the result would likely be too expensive to compete with credit cards, even after accounting for the cost of credit card fraud. In my experience that's the brontosaurus in the room. There are vendors out there that'll do cellphone auth (basic SMS-based out-of-band transaction authorisation), the technology's in place, the problem is that once everyone has taken their cut it's no longer economical. To some extent the technology still sucks quite a bit (e.g. RSA's SMS-based system takes the bank-side information Request authorisation for transfer of $10,000 from your bank account to the bank account of J.Random Retailer and turns it into Enter the following PIN to unlock all further debits from your account until it's empty), but we're getting there. The killer is the cost involved. Access to the mobile networks is expensive enough that I've seen solutions in some countries like buying SMS capacity in bulk from foreign providers (it's cheaper to send the texts from a provider on the other side of the world than to do it locally) to the extreme step of setting up (or perhaps buying up) your own cellular network. James A. Donald [EMAIL PROTECTED] writes: There is always the give-your-password-over-the-phone attack, but the fact that phishers seeking WoW gold actually have to use the give-your-password- over-the-phone attack against WoW players shows the potency of a deliberately non standard, difficult to forge, user interface. Can you describe the WoW interface? It sounds like they've taken advantage of the greenfields approach and built something different that's secure from the start, but I'm not familiar with how it works. We need a similarly concise yet precise statement of what is wrong with the sort of things we are now doing - a list of principles of cryptography that working systems exemplify, and failed systems violate. It's already been done, in situation-specific ways: Marcus Ranum's Six Dumbest Ideas in Computer Security, http://www.ranum.com/security/computer_security/editorials/dumb/index.html Microsoft/Scott Culp's Ten Immutable Laws of Security, http://technet.microsoft.com/en-us/library/cc722487.aspx My own Ten Inescapable Truths of Security UI, http://www.cs.auckland.ac.nz/~pgut001/pubs/stupid.pdf (last three slides) IanG [EMAIL PROTECTED] writes: I think if there is a lot of money in it, there are some innovative solutions to making the obvious advice easier. I particularly like the Dutch central bank's approach here: https://financialcryptography.com/mt/archives/001059.html ... if you can stand the clickfest that's required to get there with FF3 (sigh). Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: More on Blackberry interception in India
Perry E. Metzger [EMAIL PROTECTED] writes: (I saw this on another mailing list -- a follow-on to earlier discussions about Blackberry in India. No idea how believable any of it is because there is a great deal of difference between the way Blackberries work in a corporate and non-corporate context -- this could just be interception at the mail server provided by the cellphone company. --Perry) http://economictimes.indiatimes.com/At_last_govt_cracks_BlackBerry_code/articleshow/3510719.cms Another followup seems to indicate they are indeed only looking at traffic that wasn't encrypted end-to-end to enterprise customers. http://www.heise-online.co.uk/security/Times-of-India-reports-alleged-BlackBerry-decryption--/news/111584 Perry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Fake popup study
On Sep 23, 2008, at 6:15 PM, Sandy Harris wrote: From Slashdot: Psychologists gave university students phony popups with various malware warning signs. Many just clicked. http://arstechnica.com/news.ars/post/20080923-study-confirms-users-are-idiots.html I think it's got to be said that it's not apparent that the end-users are the /idiots/ who should be called out for failing this study. We gave them these interfaces, protocols and technologies that allow for things to go so badly wrong. Nothing in the world required the technology ecosystem to become what it is, except design decisions that were (and are) made well out of the sphere of influence of mere idiot users. This stuff was designed and shepherded to market by the modern captains of industry, by rock star developers and wünderkinden. When a real engineer builds a bridge that falls down, we blame the engineer, not gravity. Bad people have always existed in the world. When developers pretend they don't exist and people are then victimized, we're supposed to continue to accept the bluster about technology rock stars, and therefore conclude that the customers (who outnumber the developers by what, 1,000 to 1?) are the idiots? Let's reconsider that. Seriously, let's shout it down. It's a ridiculous proposition that's tiring to hear time and again. I'll even argue from the other direction just to make it complete. Even if they are all idiots: when a population you serve outnumbers you by 1,000 to 1 and keeps blowing itself up when using your stuff, it's time to idiot- proof the product. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Fake popup study
Jim Youll [EMAIL PROTECTED] writes: I think it's got to be said that it's not apparent that the end-users are the /idiots/ who should be called out for failing this study. We gave them these interfaces, protocols and technologies that allow for things to go so badly wrong. Nothing in the world required the technology ecosystem to become what it is, except design decisions that were (and are) made well out of the sphere of influence of mere idiot users. This stuff was designed and shepherded to market by the modern captains of industry, by rock star developers and wünderkinden. When a real engineer builds a bridge that falls down, we blame the engineer, not gravity. 419 scams are not caused by bad interfaces or bad engineering. Phishing is, but clearly not all con games are, and con games are remarkably profitable. Although it is true that there are better and worse interfaces, and that many of the interfaces we use right now are rather on the worse side, it is apparent that one of the issues we have is the astonishing depth of human stupidity. I'll even argue from the other direction just to make it complete. Even if they are all idiots: when a population you serve outnumbers you by 1,000 to 1 and keeps blowing itself up when using your stuff, it's time to idiot- proof the product. To quote a common observation: You can't make things perfectly idiot proof because idiots are too ingenious. I was having a discussion over lunch about a week ago with a couple of pretty well known security people (one of them might pipe up on the list). We were considering what would happen in a particular seemingly foolproof system with a trusted channel if someone got a message via an untrusted channel saying... Now, to complete your book purchase, the trusted system is going to say If you press YES, you're going to send all the money you have in the world to a con man in Nigeria -- this is normal. Please press yes when it says that. ...a large fraction of users would just press YES. I don't want to claim that there is no place for better human factors work in security engineering. There clearly is. However, I will repeat, that is not the only story here, and it is not unreasonable to note that there are people who are clearly nearly impossible to protect with almost any level of human factors engineering and security technology. Perry -- Perry E. Metzger[EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Fake popup study
On Sep 24, 2008, at 5:45 PM, Perry E. Metzger wrote: Jim Youll [EMAIL PROTECTED] writes: I think it's got to be said that it's not apparent that the end-users are the /idiots/ who should be called out for failing this study. We gave them these interfaces, protocols and technologies that allow for things to go so badly wrong. Nothing in the world required the technology ecosystem to become what it is, except design decisions that were (and are) made well out of the sphere of influence of mere idiot users. This stuff was designed and shepherded to market by the modern captains of industry, by rock star developers and wünderkinden. When a real engineer builds a bridge that falls down, we blame the engineer, not gravity. 419 scams are not caused by bad interfaces or bad engineering. Phishing is, but clearly not all con games are, and con games are remarkably profitable. The article and the study concerned user vulnerabilities compounded by poor user interfaces and poor underlying architectures. I was addressing my comments toward the study generally, and to the inappropriate but common tone of the article, in particular, not to other out-of-band issues. There are many risks in the world. I see in that study some confirmation that poor design has made certain of those risks worse. I was having a discussion over lunch about a week ago with a couple of pretty well known security people (one of them might pipe up on the list). We were considering what would happen in a particular seemingly foolproof system with a trusted channel if someone got a message via an untrusted channel saying... Now, to complete your book purchase, the trusted system is going to say If you press YES, you're going to send all the money you have in the world to a con man in Nigeria -- this is normal. Please press yes when it says that. ...a large fraction of users would just press YES. Straw man. I don't want to claim that there is no place for better human factors work in security engineering. There clearly is. However, I will repeat, that is not the only story here, and it is not unreasonable to note that there are people who are clearly nearly impossible to protect with almost any level of human factors engineering and security technology. Considering the magnitude and frequency of losses that apparently occur through these technologies, and the fact that the crypto and security technologies are pretty far evolved and seem to work well if used well, I would counter that human factors are just about all we should be worrying about right now, if we hope to ever make online activities as safe as they should be. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Fake popup study
Jim Youll [EMAIL PROTECTED] writes: I was having a discussion over lunch about a week ago with a couple of pretty well known security people (one of them might pipe up on the list). We were considering what would happen in a particular seemingly foolproof system with a trusted channel if someone got a message via an untrusted channel saying... Now, to complete your book purchase, the trusted system is going to say If you press YES, you're going to send all the money you have in the world to a con man in Nigeria -- this is normal. Please press yes when it says that. ...a large fraction of users would just press YES. Straw man. Hardly. In fact, it is a very important thing to bear in mind, as is the output of that study. The whole point of the study (which you feel had an inappropriate tone) and of such gedankenexperiments is to understand the problem space better. At one time, we believed that with enough crypto, we would be safe, but we were disabused of that notion -- crypto is a great tool but not a panacea. Now the notion seems to be that with enough human factors, we will be safe. It appears this, too, is not a panacea. Considering the magnitude and frequency of losses that apparently occur through these technologies, and the fact that the crypto and security technologies are pretty far evolved and seem to work well if used well, I would counter that human factors are just about all we should be worrying about right now, if we hope to ever make online activities as safe as they should be. There are all sorts of things to worry about. Human factors are clearly an important component, but I think that the study (yes, the one which you feel had an inappropriate tone) is important -- some people are too stupid to trust. Clearly, by eliminating decisions people have to make (such as by removing non-secure modes of operation), eliminating means by which people can leak valuable information (such as by eliminating passwords that they can give to fake customer service representatives and the like), cleaning up the human factors, etc., we can make things much better. However, the lesson of this sort of study is that we may never be able to fix the problem. You contend the engineers are at fault, but clearly they are only partially at fault -- there are (as I said) some people who are too stupid to protect. We probably should not be surprised by this -- there are clearly people we do not allow to cross the street on their own (young children, some mentally ill people, etc), so there is perhaps a class of people who should not be allowed to do unsupervised banking on the basis that they cannot be trusted to protect themselves adequately. Perry -- Perry E. Metzger[EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Fake popup study
[EMAIL PROTECTED] (Perry E. Metzger) on Wednesday, September 24, 2008 wrote: I don't want to claim that there is no place for better human factors work in security engineering. There clearly is. However, I will repeat, that is not the only story here, and it is not unreasonable to note that there are people who are clearly nearly impossible to protect with almost any level of human factors engineering and security technology. I would suggest that, in the real world, most of the people that are nearly impossible to protect, don't have much money. Now real world scams have been around for quite a while, and we teach about them in school. However they still work with some people, which is why those people don't have much money. Online scams are newer, and many of their victims left school long before the scams became popular. I expect the online situation will stabilize in about the same way as the real world one has. Cheers - Bill - Bill Frantz| The first thing you need when | Periwinkle (408)356-8506 | using a perimeter defense is a | 16345 Englewood Ave www.pwpconsult.com | perimeter. | Los Gatos, CA 95032 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Fake popup study
On Sep 24, 2008, at 6:39 PM, Perry E. Metzger wrote: The whole point of the study (which you feel had an inappropriate tone) and of such gedankenexperiments is to understand the problem space better. Clarification: not the study. I believe the article had an inappropriate tone. Calling victims of inadequate user interfaces idiots is inappropriate and spits in the face of the evidence. It's still a fact that when a majority of a population of operators of any equipment is experiencing poor outcomes just using it as normal people do, then there is a screaming need to fix that equipment. If the blame the idiot thinking were accepted in other domains, we'd still have factory workers chopping off their limbs on a daily basis because any non-idiot should be smart enough to step back when the press is coming down. The simple fact is that normal people make mistakes and experience momentary slips as part of their ordinary existence. It's a designer's job to consider the users of an engineered device, to consider what their /entirely expected/ failings will be, and to work to prevent them. The current approaches do not work well to prevent the expected human failures. Therefore, the current approaches are inadequate. The study suggests that people should be expected to make errors using current user interfaces shoved in their faces by the stuff behind the scenes that never should have been so insecure in the first place. Why all the shock and outrage then? Security and OS builders would do well to consider how nuanced certain other things are, that just work right. As a quick example, I've not looked at the code but i can definitely tell that a hell of a lot of scrubbing is done on the trackpad inputs from this laptop, so that cursor motion is reliable and predictable, despite my imprecise finger movements. I look forward to seeing such nuance in user safety someday and will never be satisfied calling the majority of the population idiots because some human-built device has gotten lots of them into unexpected trouble. At one time, we believed that with enough crypto, we would be safe, but we were disabused of that notion -- crypto is a great tool but not a panacea. Now the notion seems to be that with enough human factors, we will be safe. It appears this, too, is not a panacea. protect themselves adequately. Human factors haven't received nearly enough attention, and as long as human factors failings are dismissed as the fault of idiot users, they never will. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Fake popup study
[EMAIL PROTECTED] (Perry E. Metzger) on Wednesday, September 24, 2008 wrote: there are clearly people we do not allow to cross the street on their own (young children, some mentally ill people, etc), so there is perhaps a class of people who should not be allowed to do unsupervised banking on the basis that they cannot be trusted to protect themselves adequately. My 96 year old mother does not have a check book or credit cards. All her bills are paid through her lawyer's office. QED. Cheers - Bill --- Bill Frantz| gets() remains as a monument | Periwinkle (408)356-8506 | to C's continuing support of | 16345 Englewood Ave www.pwpconsult.com | buffer overruns. | Los Gatos, CA 95032 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Fake popup study
Jim Youll [EMAIL PROTECTED] writes: On Sep 24, 2008, at 6:39 PM, Perry E. Metzger wrote: The whole point of the study (which you feel had an inappropriate tone) and of such gedankenexperiments is to understand the problem space better. Clarification: not the study. I believe the article had an inappropriate tone. Calling victims of inadequate user interfaces I don't think all the interfaces in question are inadequate. There are glaring exceptions, such as the various interfaces in browsers to determine if an SSL connection is trustworthy. However, not all the interfaces are inadequate. idiots is inappropriate and spits in the face of the evidence. Does it? Are there really no people to whom one can apply that involved? I have heard of cases in which, in spite of having been told point blank by security people not to send any further money to a 419 scammer, people have continued sending it because, after asking the 419 people if they were a scam, were assured by them that they were legitimate. Indeed, I've heard of worse. Short of of a court imposed conservatorship, how is one to protect someone like that? It is clear that user interfaces will always need to to allow people to do things like transferring money or installing software, and it is equally clear that such operations will always have some potential for danger. Some people will not pay attention to warning signs of danger in such interfaces regardless of how prominently they are displayed, and we cannot make such things perfectly safe. We can fancy up our language if you insist. For example, we can be more polite (by speaking of users with limited security problem detection skills and such). However, in the end, not all of these people are victims of anything other than themselves. It's still a fact that when a majority of a population of operators of any equipment is experiencing poor outcomes just using it as normal people do, then there is a screaming need to fix that equipment. Actually, a majority don't experience trouble. A majority *are* infected with malware, but not because of any fault of their own -- driveby and other infection systems are just too pervasive, and the majority use an operating system that is very full of holes. However, most people seem to recognize 419 scams, phishing email, etc. The problem is that a substantial minority do not, and a worse problem is that a fraction of those cannot regardless of how much user education is applied. As I noted, we should indeed improve our interfaces, reduce the number of opportunities such people have for causing themselves harm (thus the notion of always on security etc.) and take all other reasonable measures. However, it is important, as I said, to see the limits. Some people will always aim the gun at their feet and fire, no matter how many trigger interlocks we add. Perry -- Perry E. Metzger[EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Fake popup study
At one time, we believed that with enough crypto, we would be safe, but we were disabused of that notion -- crypto is a great tool but not a panacea. Now the notion seems to be that with enough human factors, we will be safe. It appears this, too, is not a panacea. What you mean, We? I said ages ago that you cannot produce trust with cryptography, no matter how much cryptography you use. That's a bow towards Lao Tzu's original, you cannot produce kindness with cruelty, no matter how much cruelty you use. To quote Crispin Cowan on phishing, it (and other con jobs) are a security failure on the device that sits between the keyboard and chair. Until we can issue patches on that device, we're getting nowhere. Even after, it's a long road ahead. I think you can prove that it's impossible to stop cons. What we *can* do is lower the number of them. But we're not going to get anywhere when we blame the victims. I'm with Jim Youll on this, the people who think the users are idiots just don't get it. Jon - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Fake popup study
Steven M. Bellovin [EMAIL PROTECTED] writes: Human factors haven't received nearly enough attention, and as long as human factors failings are dismissed as the fault of idiot users, they never will. Strong agreement. I don't disagree that much more needs to be done on human factors. I just don't see it as a panacea. I also think understanding just how little you can expect from the users, and what the limits are, is critical. I have a friend who's mother got conned after a stroke left her excessively credulous. He arranged for caretakers to read all her physical and electronic mail before letting her have it. Understanding the limitations of your user community is important. Perry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Fake popup study
On Wed, 24 Sep 2008 20:43:53 -0400 Perry E. Metzger [EMAIL PROTECTED] wrote: Steven M. Bellovin [EMAIL PROTECTED] writes: Human factors haven't received nearly enough attention, and as long as human factors failings are dismissed as the fault of idiot users, they never will. Strong agreement. I don't disagree that much more needs to be done on human factors. I just don't see it as a panacea. There are no panaceas in this business. As I told my class yesterday, if they learn nothing else they should remember that security is a systems property, and everything interacts. --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
