Re: RIM to give in to GAK in India
Arshad Noor [EMAIL PROTECTED] writes: Even if RIM does not have the device keys, in order to share encrypted data with applications on the RIM server, the device must share a session key with the server; must it not?. Isn't RIM (their software, actually) now in a position to decrypt content sent between Blackberry users? Or, does the Blackberry encryption protocol work like S/MIME? The enterprise solution does work something like S/MIME. -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: RIM to give in to GAK in India
Quoting Perry E. Metzger [EMAIL PROTECTED]: Excerpt: In a major change of stance, Canada-based Research In Motion (RIM) may allow the Indian government to intercept non-corporate emails sent over BlackBerrys. http://economictimes.indiatimes.com/Telecom/Govt_may_get_keys_to_your_BlackBerry_mailbox_soon/articleshow/3041313.cms Hat tip: Bruce Schneier's blog. Wow, and April 1st was almost two months ago. This is just a bunch of FUD. If someone actually talked to RIM they would find out that it's technically impossible for them to do this because THEY DONT HAVE THE DEVICE KEYS. http://news.yahoo.com/s/afp/20080527/tc_afp/indiacanadacompanyrimblackberrytelecomsecurity Apparently even the security experts are suspect to sensationalism without appropriate research. I would have expected better. -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Free WiFi man-in-the-middle scam seen in the wild.
Quoting Perry E. Metzger [EMAIL PROTECTED]: Now you might wonder, why do I keep picking on Chase? A certain other security person and I had an extended argument with the folks at another company I won't name other than to say that it was American Express. At the time, they more or less said, yah, this is a problem, but fixing it is going to be a pain. However, I'll note that now, as with Fidelity, you pretty much can't go onto their web site without using https: -- kudos to Amex. Indeed, though this was all a major problem a couple of years ago with many banks, many have now fixed it. However, for a select few, like, say, Chase, the message simply isn't getting through even though these organizations have been repeatedly informed that they are leaving their customers vulnerable. One wonders what level of trouble they're going to have to get into before they actually do the right thing. I'll just point out that you CAN go to: https://chaseonline.chase.com/ And that works, and should be secure. No, it's not the same as typing chase into your browser and having the right thing happen, but honestly this is what browser caches are for. (When I type chase into my browser bar it autocompletes to the above URL). -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Can you keep a secret? This encrypted drive can...
Quoting Leichter, Jerry [EMAIL PROTECTED]: | ...Compusec is great for home / personal use. It is cheap i.e. $0.00 | (Free), and does not slow down the computer as much as the other | products. But that is because it only support 128 bit AES, which is a | major drawback as most enterprise settings require at least 256 bit | AES Just wondering about this little piece. How did we get to 256-bit AES as a requirement? Just what threat out there justifies it? There's no conceivable brute-force attack against 128-bit AES as far out as we can see, so we're presumably begin paranoid about an analytic attack. But is there even the hint of an analytic attack against AES that would (a) provide a practical way in to AES-128; (b) would not provide a practical way into AES-256? What little I've seen in the way of proposed attacks on AES all go after the algebraic structure (with no real success), and that structure is the same in both AES-128 and AES-256. It's a management requirement. The manager sees AES128 and AES256 and thinks 256 must be better than 128 and therefore the edict comes down that AES256 must be used. It's not a technical decision. It's not a decision made by analyzing the threats. It's made purely by assertion, but it's a decision that can't easily be refuted. -- Jerry -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Status of SRP
Quoting James A. Donald [EMAIL PROTECTED]: The obvious solution to the phishing crisis is the widespread deployment of SRP, but this does not seem to happening. SASL-SRP was recently dropped. What is the problem? Patents. -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP master keys
Quoting Steven M. Bellovin [EMAIL PROTECTED]: In an article on disk encryption (http://www.theregister.co.uk/2006/04/26/pgp_infosec/), the following paragraph appears: BitLocker has landed Redmond in some hot water over its insistence that there are no back doors for law enforcement. As its encryption code is open source, PGP says it can guarantee no back doors, but that cyber sleuths can use its master keys if neccessary. What is a master key in this context? ADK, the Additional Decryption Key. An enterprise with a Managed PGP Desktop installed base can set up an ADK and all messages get encrypted to the ADK in addition to the recipient's key. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: ID theft -- so what?
Quoting Perry E. Metzger [EMAIL PROTECTED]: So, rephrasing, the problem is not that secret information isn't a fine way to establish trust -- it is the pretense that SSNs, your mom's birth name or even credit card numbers can be kept secret. Identifying information cannot be kept secret. I'd amend that to things like your name, your SSN or your account numbers cannot be kept secret... I think it's worse than that -- in reality it is any static piece of information. It doesn't matter WHAT that piece of information is. You really want a challenge-response system to prove both knowledge and liveness of the information. -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: New authentication protocol, was Re: Tinc's response to Linux's answer to MS-PPTP
Guus Sliepen [EMAIL PROTECTED] writes: Compared with the entire TLS protocol it is much simpler, compared with just the handshake protocol it is about as simple and probably just as efficient, but as I said earlier, I want to get rid of the client/server distinction. You can't get rid of the distinction. You will always have a client and a server -- however you may just rename it Initiator and Responder to make it sound more peer-like, but it's just the same emperor in different clothes. The only real distinction between a _pure_ client-server protocol and a peer-to-peer protocol is that the latter is generally reversible where the former is not. By reversible I mean that either party could be the initiator and either could be the responder. HOWEVER, during the run of a protocol it behooves you to label the parties, and client/server is just as valid a naming as initiator/responder. IPsec (IKE) is clearly peer/peer. Even with TLS the protocol is reversible if you perform the name mappings and assume both ends have certificates. So, I urge you to be careful with trying to get rid of a distinction that really has little meaning in most protocols. -derek -- Derek Atkins 617-623-3745 [EMAIL PROTECTED] www.ihtfp.com Computer and Internet Security Consultant - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: authentication and ESP
you really don't want to open this can of worms I suggest you go read the archives of the IPsec mailing list over the last 9 years. That should give you some clue into the depth of the can you plan to open... -derek martin f krafft [EMAIL PROTECTED] writes: As far as I can tell, IPsec's ESP has the functionality of authentication and integrity built in: RFC 2406: 2.7 Authentication Data The Authentication Data is a variable-length field containing an Integrity Check Value (ICV) computed over the ESP packet minus the Authentication Data. The length of the field is specified by the authentication function selected. The Authentication Data field is optional, and is included only if the authentication service has been selected for the SA in question. The authentication algorithm specification MUST specify the length of the ICV and the comparison rules and processing steps for validation. To my knowledge, IPsec implementations use AH for signing though. Why do we need AH, or why is it preferred? Thanks for your clarification! -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] invalid PGP subkeys? use subkeys.pgp.net as keyserver! XP is NT with eXtra Problems. -- Derek Atkins [EMAIL PROTECTED] www.ihtfp.com Computer and Internet Security Consultant - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]