Re: Windows guru requested - Securing Windows
Peter Fairbrother wrote: Bot from CD, create a memory FS, union mount it to the main windows fat-32 FS, with the fat-32 fs mounted read-only, boot Windows? That way any changes to the files would be wiped out when the power was switched off, and the fat-32 fs would remain untouched. I don't quite understand this. The concept of mounting a FS is an OS operation, so to say mount the FS read-only and then boot the OS is nonsensical. If taking the Linux live CD route isn't acceptable, your best bet would be to start looking at something like BartPE: http://www.nu2.nu/pebuilder/ You might want to contact Bart directly (http://www.nu2.nu/contact/bart/) and ask him for advice on how to proceed. -- Ivan Krstic [EMAIL PROTECTED] | GPG: 0x147C722D - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Piercing network anonymity in real time
[EMAIL PROTECTED] wrote: The Locate appliance sits passively on the network and analyzes packets in real time to garner ID info from sources like Active Directory, IM and e-mail traffic, then associates this data with network information. This is really nothing new -- I've been seeing systems like these, though home brewed, in use for years. The availability of good tools as a foundation (things like Snort, the layer7 iptables patch, and so on) makes building decent layer 8 inference not far from trivial. Calling this piercing network anonymity in real time is highly misleading; in reality, it's more like making it bloody obvious that there's no such thing as network anonymity. The best one can hope for today is a bit of anonymous browsing and IM with Tor, and that only insofar as you can trust a system whose single point of failure -- the directory service -- was, at least until recently, Roger's personal machine sitting in an MIT dorm room. -- Ivan Krstic [EMAIL PROTECTED] | GPG: 0x147C722D - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: fyi: Deniable File System - Rubberhose
Owen Blacker wrote: I wanted to create a file system that was deniable: where encrypted files looked like random noise, and where it was impossible to prove either the existence or non-existence of encrypted files. I spent some time thinking about this a few years back: http://diswww.mit.edu/bloom-picayune/crypto/15520 Rubberhose was one of the things that came up, along with StegFS and BestCrypt. Unfortunately, it seems like Rubberhose hasn't seen work in over 5 years. -- Ivan Krstic [EMAIL PROTECTED] | GPG: 0x147C722D - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: webcam encryption beats quasar encryption
James Muir wrote: Also, I vaguely recall another news story (1999?) that reported on an encryption technique that hypothesized a stream of random bits generated by an orbiting satellite. Likely Rabin's hyperencryption. I posted about it here a few years back: http://diswww.mit.edu/bloom-picayune/crypto/15423 There is still active work being done on a virtual satellite implementation. -- Ivan Krstic [EMAIL PROTECTED] | GPG: 0x147C722D - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: US Court says no privacy in wiretap law
William Allen Simpson wrote: Switches, routers, and any intermediate computers are fair game for warrantless wiretaps. It seems privacy and free speech are becoming lost concepts worldwide. This just came out today: http://www.taipeitimes.com/News/worldbiz/archives/2004/07/03/2003177559 So not only does China mercilessly filter the Internet for their residents (several weeks ago, they blocked access to Wikipedia), now they also filter SMSs. North Korea chose not to bother altogether, and after introducing cell phone service a year and a half ago, recently shut it down completely for fear of too much foreign influence. I need not say international calls were blocked, both inbound and outbound, during the period the network was operational. Is there nothing that can be done about any of this? Do we just stand by, watching some of our most important human rights go to shit? This sets my blood boiling like very few other things. Caustically embittered, Ivan. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Claimed proof of the Riemann Hypothesis released
Perry E. Metzger wrote: Actual practical impact on cryptography? Likely zero, even if it turns out the proof is correct (which of course we don't know yet), but it still is neat for math geeks. Right. He constrains his proof to dealing with a specific subset of Dirichlet zeta functions, which means he's not proving GRH or ERH, the former of which would have some - mostly theoretical - implications on crypto in the sense that it would make a number of primality algorithms, previously running in assumed P, provably polynomial-time. Even if he proved GRH, I don't think the implications for crypto would be particularly great -- yes, things like Miller-Rabin would provably run in O(ln(n)^4), but AKS already runs in provably-polynomial time without dependencies on unproved theorems, and has been improved to comparable speed: O(ln(n)^k) | k=4+epsilon for certain cases, upper bound k=6+epsilon [1], possibly faster since the last time I looked. Cheers, Ivan. [1] See Crandall, Papadopoulos: On the implementation of AKS-class primality tests (March 2003) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Software Helps Rights Groups Protect Sensitive Information
This reminds me of a question I've been meaning to ask for a while. Has there been any research done on encryption systems which encrypt two (or n) plaintexts with n keys, producing a joint ciphertext with the property that decrypting it with key k[n] only produces the nth plaintext? In the particular scenario that the article describes, activists need to protect their information from people that probably have little respect for the Geneva convention and would possibly find any evidence of encrypted information as proof enough that there is illegal activity going on. This, in turn, might lead to the police beating the key out of them. Now, if a solution such as Apple's FileVault or PGP's PGPDrive offered an interleaved drive system where one file stored multiple encrypted disks, and which one is accessed depended on which key you provided, perhaps things can be changed a bit. Password A unlocks a drive with mild dissidence information to appear credible. Password B unlocks a drive with the truly secret data. If captured, after some hours of a (probably highly unpleasant) interrogation, the dissident gives password A, interrogators try it, it works, they find nothing of tremendous use and dissident walks. If people have written on this before, I'd appreciate a few references. As for Zimmerman's comment about keyloggers - I'd hope the software offered a point-and-click method of entering the password. This can still be defeated with a custom-tailored piece of spyware, but it can be made much more difficult for the attackers to do so (depending on how well it's coded, it might actually require TEMPEST or the breaking of kneecaps to extract the password). Cheers, Ivan. R. A. Hettinga wrote: SOFTWARE HELPS RIGHTS GROUPS PROTECT SENSITIVE INFORMATION [snip] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Hyperencryption by virtual satellite
As part of the Harvard University Science Center Lecture Series, Michael O. Rabin, the T.J. Watson Sr. Professor of Computer Science at Harvard University, lectures on hyper-encryption and provably everlasting secrets. In this lecture, Professor Rabin confronts the failure of present-day computer systems to provide minimal network security. As a solution, Professor Rabin presents the theory of hyper-encryption and attempts to prove its security against an adversary possessing unlimited computer power. This hyper-encryption method provides secure data exchange even if the adversary mounts an adaptive attack and obtains the secret decryption key. This program features over an hour of video content available in RealPlayer, QuickTime, and WindowsMedia formats. View here: http://athome.harvard.edu/dh/hvs.html Cheers, Ivan. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
EU to use QC as a response to Echelon
/. reports: An article on Security.ITWorld.com[1] seems to outline a coming information arms race. The European Union has decided to respond to the Echelon project [2] by funding research into supposedly unbreakable quantum cryptography that will keep EU data out of Echelon's maw. Leaving aside the question of whether such a thing is possible, the political implications are troubling, indicating a widening rift within the Western world. Interestingly, the UK is part of the EU, but its intelligence services are among Echelon's sponsors. [1] - http://security.itworld.com/4361/040517euechelon/page_1.html [2] - http://www.echelonwatch.org/ This goes back to my discussion with Ian Grigg. Ian establishes: Effectively, if you can sell a solution to the finance industry, you have it made. It doesn't matter what it is, only that it is a solution. This hits home, as the ITWorld article states that Banks, insurance companies and law firms could be potential clients, Monyk said, and a decision will have to be made as to whether and how a key could be made available to law enforcement authorities under exceptional circumstances. So not only will they pour untold resources into something that they can arguably accomplish today, and cheaply [3] -- but ironically, they'll hand keys to authorities on request [4]. Brilliant - the bargain becomes - hide from Echelon, and instead trust that its EU counterpart won't look at your data. No, really, we promise. In discussing QC, furthermore, Ian makes the following statement: 'Engineers want to deal in the technical realities, and marketing wants to deal in the sellable properties, but there is no intersection between these. The result is that you won't easily be able to put the engineer and the marketeer together. One side or the other will win, and you will get either an unsold crypto box, or a sold solution that migrates out of the crypto field. The integrity of the marketeer and the integrity of the crypto engineer have nought in common, and one must give.' I'm still not buying this. This is based on stereotypes, not unlike all computer experts wear thick glasses, play DD, are asocial and mortally afraid of women. Sure - some combination of small pieces of the stereotype may apply to a large percentage of the affected population, but the corollary to the stereotype is that in a 6bn people world, a large percentage of the population still leaves you with many, many people that fall generously outside of it. Someone like Prof. Rivest is a good example - he certainly knows what he's talking about, and he's commercially active, be it with RSA Inc., or a venture (Peppercoin, which he did with Micali if I'm not mistaken). Or this mailing list, for instance: I'd say many members would have the knowledge and common sense to start a company tomorrow where engineering and marketing work together in a beneficial way, and where - in this particular case of QC - good, reliable non-QC solutions could be designed, implemented, tested and marketed reasonably quickly. Why hasn't it been done yet? What's the wait? Ian concludes shrewdly that the countervailing factor to all the above doom gloom is that open source bypasses a lot of the marketing and engineering dysfunctionalism, which is why probably most important crypto in the future will be in software, in open source, and initially crummy (a la skype, SSH, etc) only to be repaired and improved when the demand has been shown. The 'initially crummy' status reminds me of Peter Gutmann's not-so-old analysis of several vpn/encrypted tunneling solutions which revealed large problems, and I'm sure many of the programs involved are fixed (or are getting fixed, redesigned, etc) as a result. I agree with Ian - OSS might prove to be a dominant driving force to get things right when it comes to crypto, but it's important to keep in mind that we're still years away from removing the it must be open because it's bad/worthless stigma in the eyes of I/T decisionmakers. That, however, is a story unto itself. Finally, the appeal of QC is simply not very clear to me: expanding on my previous post, I feel that the QC as panacea to crypto ills approach is really just a very, very refined form of security through obscurity. When you go deep down enough in physics, no one really understands what's happening - so saying QC is absolutely unbreakable amuounts to saying QC is absolutely unbreakable with today's physics, which I find no stronger an argument than [insert algorithm here] is exceedingly difficult to break with today's mathematics. The former, however, involves much more money, and rests on a silly premise - that when it comes to very strong crypto, someone wanting the data will actually undertake an effort to break it. Guess what? Rubber-hose cryptanalysis, extortion, or bribery are much more effective. I posit that with the advent of anything stronger than XOR encryption, humans
Wikipedia project: Crypto
The good people at Wikipedia have started a cryptography subproject, an attempt to build a comprehensive and detailed guide to cryptography in the Wikipedia. The project page: http://en.wikipedia.org/wiki/Wikipedia:WikiProject_Cryptography features a list of open tasks and things that need cleanup or writing about. For anyone who has a few minutes to spare, their contributions would without a doubt be most appreciated. Cheers, Ivan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Bank transfer via quantum crypto
On /. today: An anonymous reader writes with today's announcement that the Austrian project for Quantum Cryptography[1] made the world's first Bank Transfer via Quantum Cryptography Based on Entangled Photons; see also Einstein-Podolski-Rosen Paradoxon[2]. (For more background, see the recent Slashdot post Quantum Cryptography Leaving the Lab.[3]) [1] http://www.quantenkryptographie.at/ [2] http://en.wikipedia.org/wiki/EPR_paradox [3] http://science.slashdot.org/science/04/04/12/1336238.shtml?tid=134 I have to agree with Perry on this one: I simply can't see a compelling reason for the push currently being given to ridiculously overpriced implementations of what started off as a lab toy, and what offers - in all seriousness - almost no practical benefits over the proper use of conventional techniques. Besides, any of the ultrasecret applications that *might* (I remain very skeptical) call for such a level of confidentiality - things like military communication or diplomatic message exchange between a country and its ambassadors - are all too likely to be out of the range currently offered by these QC setups (last I read, if I'm not mistaken, it was about 50 km or ~30 miles). Fine, the range might improve - but I doubt that the amount of money and hassle required to set these up will. Cheers, Ivan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: TCFS available for NetBSD-1.6.2
VaX#n8 wrote: I've done a survey of the various crypting file system tools, would anyone be interested in a summary of available options? This would likely be an interesting read for many on the list. Perhaps you can put up a PDF somewhere? Cheers, Ivan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Can Eve repeat?
On Fri, 26 Sep 2003 09:10:05 -0400, Greg Troxel [EMAIL PROTECTED] wrote: [snip] The current canoncial paper on how to calculate the number of bits that must be hashed away due to detected eavesdropping and the inferred amount of undetected eavesdropping is Defense frontier analysis of quantum cryptographic systems by Slutsky et al: http://topaz.ucsd.edu/papers/defense.pdf Up-front disclaimer: I haven't had time to study this paper with the level of attention it likely deserves, so I apologize if the following contains incorrect logic. However, from glancing over it, it appears the assumptions on which the entire paper rests are undermined by work such as that of Elitzur and Vaidman (see the article I linked previously). Specifically, note the following: This security is derived from encoding the data on nonorthogonal quantum states of a physical carrier particle. Since such quantum states cannot be duplicated or analyzed in transit without disturbing them, any attempt to interfere with the particle introduces transmission errors and thereby reveals itself to Alice and Bob. And: They [Alice and Bob] then assume that all errors are eavesdropping induced and estimate Eve's potential knowledge of their data in this worst-case situation. If we do away with the idea that there are no interaction-free measurements (which was, at least to me, convincingly shown by the Quantum seeing in the dark article), this paper becomes considerably less useful; the first claim's validity is completely nullified (no longer does interference with particles necessarily introduce transmission errors), while the effect on the second statement is evil: employing the proposed key distillation techniques, the user might be given a (very) false sense of security, as only a small percentage of the particles that Eve observes register as transmission errors (=15%, according to the LANL figure). Best regards, Ivan Krstic - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Can Eve repeat?
On 24 Sep 2003 08:34:57 -0400, Greg Troxel [EMAIL PROTECTED] wrote: [snip] In Quantum Cryptography, Eve is allowed to not only observe, but also transmit (in the quantum world observing modifies state, so the notion of read only doesn't make sense). Also, Eve is typically accorded unlimited computational power. [snip] The idea that observing modifies state is something to be approached with caution. Read-only does make sense in quantum world; implementations of early theoretical work by Elitzur and Vaidman achieved roughly 50% success on interaction-free measurements. Later work, relying on the quantum Zeno effect, raised the success rate significantly: Preliminary results from new experiments at Los Alamos National Laboratory have demonstrated that up to 70 percent of measurements could be interaction-free. We soon hope to increase that figure to 85 percent. The quote comes from a article by Kwiat, Weinfurter and Zeilinger published in SciAm, November 1996 -- if they were getting success rates like these back then, I wonder what the current status is. The article is well worth a read. There's a copy online at: http://www.fortunecity.com/emachines/e11/86/seedark.html Best regards, Ivan Krstic - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]