Re: [Cryptography] Aside on random numbers (was Re: Opening Discussion: Speculation on BULLRUN)
On Sep 6, 2013, at 10:03 AM, Perry E. Metzger pe...@piermont.com wrote: Naively, one could take a picture of the dice and OCR it. However, one doesn't actually need to OCR the dice -- simply hashing the pixels from the image will have at least as much entropy if the position of the dice is recognizable from the image. [...] One could write an app to do this, but of course the phone is not exactly a secure platform to begin with... http://gamesbyemail.com/News/DiceOMatic -wps ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
GSM eavesdropping
...In his presentation at the Black Hat Conference, German GSM expert Karsten Nohl presented a tool he calls Kraken, which he claims can crack the A5/1 encryption used for cell phone calls within seconds. http://www.h-online.com/security/news/item/Quickly-decrypting-cell-phone-calls-1048850.html -wps - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: What if you had a very good patent lawyer...
On Jul 22, 2010, at 8:59 PM, John Gilmore wrote: It's pretty outrageous that anyone would try to patent rolling barcoded dice to generate random numbers. I've been generating random strings from dice for years. I find that gamers' 20-sided dice are great; each roll gives you a hex digit, and anytime you roll a 17 thru 20, you just roll again. One die will do; you just roll it as many times as you need hex digits. Presumably pointing a camera at ordinary dice could automate the data collection -- hey, wait, let me get my patent lawyer! Too late. http://gamesbyemail.com/DiceGenerator -wps - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Secret Lock Detecting Lock
On Nov 9, 2009, at 9:25 AM, mhey...@gmail.com mhey...@gmail.com wrote: From http://www.youtube.com/watch?v=zE5PGeh2K9k Unlock your door with a secret knock. Prior to watching the video I said to myself, Great, now I can break into most of the homes on my block with 'Shave and a haircut, 2 bits'. And you thought password creativity was poor... -wps - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: consulting question.... (DRM)
This is getting a bit far afield from cryptography, but proper threat analysis is still relevant. On May 27, 2009, at 4:07 AM, Ray Dillinger wrote: On Tue, 2009-05-26 at 18:49 -0700, John Gilmore wrote: It's a little hard to help without knowing more about the situation. I.e. is this a software company? Hardware? Music? Movies? Documents? E-Books? It's a software company. Is it trying to prevent access to something, or the copying of something? What's the something? What's the threat model? Why is the company trying to do that? Trying to restrain customers? Its customers would be other software companies that want to produce monitored applications. Their product inserts program code into existing applications to make those applications monitor and report their own usage and enforce the terms of their own licenses, for example disabling themselves if the central database indicates that their licensee's subscription has expired or if they've been used for more hours/keystrokes/clicks/users/machines/whatever in the current month than licensed for. The idea is that software developers could use their product instead of spending time and programming effort developing their own license- enforcement mechanisms, using it to directly transform on the executables as the last stage of the build process. The threat model is that the users and sysadmins of the machines where the monitored applications are running have a financial motive to prevent those applications from reporting their usage. If this is really their threat model, it's ill-considered. First, no reputable company in their right mind would play games with software licensing in an attempt to save a few dollars. In fact, most companies bend over backwards with internal audits and other mechanisms to ensure they are in compliance. The risk is far too great to do otherwise -- both to reputation and to the bottom line. They may counter that they are attempting to nudge into compliance reputable companies that are simply not large enough or savvy enough to ensure their own compliance. In this case, something far less complex than what is traditionally implied by DRM can be used. Thus, the users you are now considering are members of _disreputable_ companies. Since DRM is easily circumvented, and the company is disreputable, you have a reasonable expectation that your DRM will be ineffective. Second, sysadmins have no financial motive, unless they are also the owners. It is irrelevant to the sysadmin whether the business pays an appropriate amount for licenses. His salary is still his salary. Finally, large institutions (let's take financial firms as this is my area of expertise) will not install software that has hard expirations or other restrictive licensing mechanisms. The reason is simple. These mechanisms cause outages -- sometimes because of snafus in the renewal of licenses, sometimes because of poor code quality in the enforcement mechanism. At my firm, any such scheme is an immediate non-starter. -wps - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Permanent Privacy - Snake Oil or unbreakable encryption?
On Jul 7, 2008, at 10:54 AM, Ali, Saqib wrote: Quoting the Foxbusiness article: PermanentPrivacy announces the world's first practical data encryption system that is absolutely unbreakable. And is offering a $1,000,000 challenge to anyone who can crack it. Permanent Privacy (patent pending) has been verified by Peter Schweitzer, one of Harvard's top cryptanalysts, and for the inevitable cynics Permanent Privacy is offering $1,000,000 to anyone who can decipher a sample of ciphertext. My favorite part of that web site is from their How it Works section: --- ``For example, suppose that the plain text message is simply one 5- letter word. At first glance, you would think that this must be easy to break. But there are, let us say, about 100 printable characters on a computer keyboard, so there are some 100x100x100x100x100 ways of producing a 5-letter word.'' --- So, let me get this straight. You appear to be using a one-time pad, but you discard all output that the robotic hand you send me is unable to type on my keyboard? -wps - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: delegating SSL certificates
On Mar 17, 2008, at 10:06 AM, Leichter, Jerry wrote: | So at the company I work for, most of the internal systems have | expired SSL certs, or self-signed certs. Obviously this is bad. | | You only think this is bad because you believe CAs add some value. | | Presumably the value they add is that they keep browsers from popping | up scary warning messages Apple's Mail.app checks certs on SSL-based mail server connections. It has the good - but also bad - feature that it *always* asks for user approval if it gets a cert it doesn't like. Fixed in Leopard. Certificate handling in general appears to be better -- although I can't be sure Tiger didn't let you fiddle with fine-grained entitlements as to when to trust a cert. -wps - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Fixing SSL (was Re: Dutch Transport Card Broken)
On Feb 11, 2008, at 8:28 AM, Philipp Gühring wrote: I had the feeling that Microsoft wants to abandon the usage of client certificates completely, and move the people to CardSpace instead. But how do you sign your emails with CardSpace? CardSpace only does the realtime authentication part of the market ... We (Morgan Stanley) were able to pressure them into a rapid fix, and they have committed to delivering it in SP1. Keep your fingers crossed. If anyone needs more information how to upgrade your Web-based CA for IE7: http://wiki.cacert.org/wiki/IE7VistaSource Step (2), On Vista you have to add this website to the list of trusted sites in the internet-settings. can be quite unpalatable. Depending on your customers' situations, an alternative might be more palatable: Generate the key and deliver a PKCS#12. This depends on whether you believe in the non-repudiation fairy or not -- or more accurately, whether you're already assuming the repudiation risk. -wps - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cryptome cut off by NTT/Verio
On Apr 29, 2007, at 11:47 AM, Perry E. Metzger wrote: Slightly off topic, but not deeply. Many of you are familiar with John Young's Cryptome web site. Apparently NTT/Verio has suddenly (after many years) decided that Cryptome violates the ISP's AUP, though they haven't made it particularly clear why. The following link will work for at least a few days I imagine: http://cryptome.org/cryptome-shut.htm It appears to already be dead, but still exists in Google's cache: http://tinyurl.com/yvc8k4 -wps - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Surprise! Another serious hole in Diebold voting machines...
...okay, not so much surprise. [...] Scientists said Diebold appeared to have opened the hole by making it as easy as possible to upgrade the software inside its machines. The result, said Iowa's Jones, is a violation of federal voting system rules. All of us who have heard the technical details of this are really shocked. It defies reason that anyone who works with security would tolerate this design, he said. [...] http://www.schneier.com/blog/archives/2006/05/ election_machin_1.html (http://tinyurl.com/rqw23) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cisco VPN password recovery program
On Oct 19, 2005, at 10:29 AM, Perry E. Metzger wrote: Via cryptome: http://evilscientists.de/blog/?page_id=343 The Cisco VPN Client uses weak encryption to store user and group passwords in your local profile file. I coded a little tool to reveal the saved passwords from a given profile file. If this is true, it doesn't sound like Cisco used a particularly smart design for this. No matter what their strategy for encrypting the on-disk passphrase, this simple trick will work: ltrace -i ./vpnclient connect ... 21 | fgrep 805ac57 (or similar library call tracing technique on an OS besides linux). This used to be used by http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode but apparently they've switched to the evilscientists' method. -wps - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]