Re: debunking snake oil
On Mon, Sep 03, 2007 at 04:27:22PM -0400, Vin McLellan wrote: Thor Lancelot quoted that, and erupted with sanctimonious umbrage: I think it's important that we know, when flaws in commercial cryptographic products are being discussed, what the interests of the parties to the discussion are. So, I'll ask again, as I did last time: when you post here, both in this instance and in past instances, is it at your own behest, or that of RSA? This is puerile. One moderator is not enough? Now you want to set yourself up as the Inquisition to vet for ideological purity? No one at RSA (or EMC, now RSA's parent firm) even knows about this discussion, you ninny. Who would care? [And a couple of hundred more lines -- but no actual direct answer to the question!] I'll try again: yes, you've identified yourself as a consultant to RSA. When you have posted here, both in this most recent thread and in other threads, in particular the SecurID 800 thread, has it been at your own behest, or that of RSA? In other words, when you post here defending RSA products against criticism, often with very emphatic language and in a way that belittles the person making the criticism rather than engaging with the actual technical critique, can we assume that it is not the case that RSA asked you to do so? Or is it, in fact, sometimes the case that RSA asks you to post about their products here, and thus we should read your words as being RSA's words? I don't think it's an unreasonable question, and I ask it one more time because, despite all the vitriol you directed at me (including the rather odd choice to refer to me by my middle name rather than in a more normal way) you did not, in fact, answer it. Thor - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: debunking snake oil
I apologize for misstating your name, Mr. Simon. I thought I had answered your question. No one asked me to reply to Ruptor, or to you -- and you chose the tone of this exchange. As I said, I would be shocked if anyone at RSA or EMC even knows about this discussion. No one tells me what to post, or when to post. I've been doing this for a long time, and while I have to honor common-sense guidelines about secrets and upcoming products, I operate pretty independently when it comes to what I publish on the Net. My words are my own -- but when it is on-topic, I try to offer RSA's perspective, if I know it, along with the facts, as I know them. Personally, I think discussions here, and elsewhere online, would be a lot more constructive if vendors did not shun the Net's open forums. I'm grateful that RSA gives me leave to talk publicly about their products and technologies. If I sound prideful in discussing those products, as Mr. Simon says, in some cases I've been working on them for decades. I rarely initiate a discussion about RSA's products or technology. As in this case, I almost always respond to questions, claims, or comments from others --- and the tone of these discussions is almost always set by others. I generally just try to be helpful and informative; relatively low-key. Given my history, of course, it is also true that the product managers and others at RSA now expect me to contribute to any major online discussion about the RSA products. (I sometimes I decide it is counterproductive to do so.) No one at RSA told me to get into the SID800 debate, but they were certainly not surprised when I showed up to ask about it. As an internal consultant to RSA, I had some say in defining the SID800's evolving product specs. Some of what I suggested was adopted, some not. Online, I tried to talk about the goals of the SID800 product that was the result of the process, the balance it struck between security and accessibility, and offered my interpretation of how it fit within the market. Generally speaking, I don't expect to convert someone like Ruptor or Thor -- who start with a strong bias about a particular product -- so I try to address myself to the much larger community that just reads a forum like this. I don't think anyone gains points with objective observers by being nasty or arrogant; I think you gain credibility by being honestly informative and helpful. I try. Suerte, _Vin -- in response to Thor Lancelot Simon [EMAIL PROTECTED] wrote: snip I'll try again: yes, you've identified yourself as a consultant to RSA. When you have posted here, both in this most recent thread and in other threads, in particular the SecurID 800 thread, has it been at your own behest, or that of RSA? In other words, when you post here defending RSA products against criticism, often with very emphatic language and in a way that belittles the person making the criticism rather than engaging with the actual technical critique, can we assume that it is not the case that RSA asked you to do so? Or is it, in fact, sometimes the case that RSA asks you to post about their products here, and thus we should read your words as being RSA's words? snip - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: debunking snake oil
I am all for humor... Can you give us a hand with how to find this patent? On Sep 2, 2007, at 2:27 PM, Axel Horns wrote: On Fri, August 31, 2007 18:54, Stephan Neuhaus wrote: Fun, See German patent document DE10027974A1 (application was refused in 2006). Axel H. Horns - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: debunking snake oil
Try this: http://v3.espacenet.com/textdoc?DB=EPODOCIDX=DE10027974F=0 Then, click the tab Original Document and look at the top navigation bar for a link Save Full Document. Afterwards, you will need to pass some captcha test in order to be allowed to download a free PDF file with that Document but without any DRM clutter. Axel H. Horns Original-Nachricht Datum: Sun, 2 Sep 2007 21:10:14 -0700 Von: james hughes [EMAIL PROTECTED] An: Axel Horns [EMAIL PROTECTED] CC: james hughes [EMAIL PROTECTED], cryptography@metzdowd.com Betreff: Re: debunking snake oil I am all for humor... Can you give us a hand with how to find this patent? On Sep 2, 2007, at 2:27 PM, Axel Horns wrote: On Fri, August 31, 2007 18:54, Stephan Neuhaus wrote: Fun, See German patent document DE10027974A1 (application was refused in 2006). Axel H. Horns - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: debunking snake oil
Am Donnerstag, den 30.08.2007, 20:43 -0500 schrieb travis [EMAIL PROTECTED]: If you have a break of some scheme you wish to contribute, please do forward me a URL and I'll link to it. Sorry, german, but definitely worth reading: http://www.kryptochef.de/ signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Re: debunking snake oil
On Sat, Sep 01, 2007 at 02:39:49PM +0200, Marcos el Ruptor wrote: You can start with RSA SecurID, Texas Instruments DST40, Microchip Technologies KeeLoq, Philips/NXP Hitag2, WEP RC4, Bluetooth E0, GSM A5... I didn't realise the current SecurID tokens had been broken. A quick Google doesn't show anything, but I'm probably using the wrong terms. Do you have references for this that I could have a look at? Thanks, -- Paul - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: debunking snake oil
I didn't realise the current SecurID tokens had been broken. A quick Google doesn't show anything, but I'm probably using the wrong terms. Do you have references for this that I could have a look at? http://eprint.iacr.org/2003/162.pdf This attack may not be as practical as an algebraic attack would be, but it shows that SecurID keyed hash function is in fact weaker than what its claimed 64-bit security level demands. AFAIK, algebraic cryptanalysis of the RSA SecurID keyed hash function by the academic sector hasn't even been performed yet. Their new tokens use AES-128. Maybe they do learn after all... Ruptor http://defectoscopy.com/ - There is no need to design weak ciphers. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: debunking snake oil
On Fri, August 31, 2007 18:54, Stephan Neuhaus wrote: Fun, See German patent document DE10027974A1 (application was refused in 2006). Axel H. Horns - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: debunking snake oil
On Sun, Sep 02, 2007 at 06:26:33PM -0400, Vin McLellan wrote: At 12:40 PM 9/2/2007, Paul Walker wrote: I didn't realise the current SecurID tokens had been broken. A quick Google doesn't show anything, but I'm probably using the wrong terms. Do you have references for this that I could have a look at? I'd also be interested in any evidence that the SecurID has been cracked. Any credible report would have the immediate attention of tens of thousands of RSA installations. Not to speak of EMC/RSA. itself, for which I have been a consultant for many years. That's right, you have. As I recall, the last time you posted here was when you tried to defend RSA's decision to sell no-human-interaction tokens. At that time, I asked you whether you were posting for yourself or whether someone at RSA had asked you to post here, and you declined to respond. I think it's important that we know, when flaws in commercial cryptographic products are being discussed, what the interests of the parties to the discussion are. So, I'll ask again, as I did last time: when you post here, both in this instance and in past instances, is it at your own behest, or that of RSA? Thor - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: debunking snake oil
On 31 August 2007 02:44, travis+ml-cryptography wrote: I think it might be fun to start up a collection of snake oil cryptographic methods and cryptanalytic attacks against them. I was going to post about crypto done wrong after reading this item[*]: http://www.f-secure.com/weblog/archives/archive-082007.html#1263 I can't tell exactly what, but they have to be doing *something* wrong if they think it's necessary to use file-hiding hooks to conceal... well, anything really. The hash of the fingerprint should be the symmetric key used to encrypt either files and folders directly on the thumbdrive, or perhaps a keyring file containing ADKs of some description, but if you do crypto right, you shouldn't have to conceal or obfuscate anything at all. cheers, DaveK [*] - See also http://www.f-secure.com/weblog/archives/archive-082007.html#1264 http://www.f-secure.com/weblog/archives/archive-082007.html#1266 -- Can't think of a witty .sigline today - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: debunking snake oil
I'd like to start with the really simple stuff; classical cryptography, systems with clean and obvious breaks. You can start with RSA SecurID, Texas Instruments DST40, Microchip Technologies KeeLoq, Philips/NXP Hitag2, WEP RC4, Bluetooth E0, GSM A5... It's much harder to find a product or technology that implements proper ciphers, proper hashes, proper RNGs or proper protocols. And I don't mean small mistakes like in SSH1 or SSL. I mean look at all those proprietary weak ciphers sold for millions! Will they ever learn? Ruptor http://defectoscopy.com/ - There is no need to design weak ciphers. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: debunking snake oil
Crossroads is an undergraduate journal. We'd do well to single out more worth targets for public ridicule than CS undergrads. If you want to help the author, why not educate, rather than mocking? He's obviously been motivated to think about the subject matter and to even take the bold step up publishing something. If you must scold, aim at the advisor, then. But I don't see much to be gained by scolding in this case. Pick someone who's asking for it - the vendors of all the products that don't do what their buyers hope and wish they would do... On Aug 31, 2007, at 11:35 PM, Ben Pfaff wrote: [EMAIL PROTECTED] writes: So, when you find a particularly obnoxious dilettante going on about his bone-headed unbreakable scheme, please forward it to me and I'll see about breaking it, and then publish the schemes and the results on a web site for publicly educating them. Honestly, there's probably no better way to educate people than to see schemes submitted and broken, and I'm not sure there's a good site for it, although there are plenty of books. Unfortunately, these types won't be bothered to buy books since they already know everything. Here's a particularly moronic scheme: http://www.acm.org/crossroads/xrds11-3/xorencrypt.html -- If a person keeps faithfully busy each hour of the working day, he can count on waking up some morning to find himself one of the competent ones of his generation. --William James - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: debunking snake oil
I don't think fingerprint scanners work in a way that's obviously amenable to hashing with well-known algorithms. Fingerprint scanners produce an image, from which some features can be identified. But, not all the same features can be extracted identically every time an image is obtained. I know there's been research into fuzzy hashing schemes, but are they sufficiently secure, fast, and easy to code that they would be workable for this? --nash On 8/31/07, Dave Korn [EMAIL PROTECTED] wrote: On 31 August 2007 02:44, travis+ml-cryptography wrote: I think it might be fun to start up a collection of snake oil cryptographic methods and cryptanalytic attacks against them. I was going to post about crypto done wrong after reading this item[*]: http://www.f-secure.com/weblog/archives/archive-082007.html#1263 I can't tell exactly what, but they have to be doing *something* wrong if they think it's necessary to use file-hiding hooks to conceal... well, anything really. The hash of the fingerprint should be the symmetric key used to encrypt either files and folders directly on the thumbdrive, or perhaps a keyring file containing ADKs of some description, but if you do crypto right, you shouldn't have to conceal or obfuscate anything at all. cheers, DaveK [*] - See also http://www.f-secure.com/weblog/archives/archive-082007.html#1264 http://www.f-secure.com/weblog/archives/archive-082007.html#1266 -- Can't think of a witty .sigline today - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: debunking snake oil
On 02 September 2007 01:13, Nash Foster wrote: I don't think fingerprint scanners work in a way that's obviously amenable to hashing with well-known algorithms. Fingerprint scanners produce an image, from which some features can be identified. But, not all the same features can be extracted identically every time an image is obtained. I know there's been research into fuzzy hashing schemes, but are they sufficiently secure, fast, and easy to code that they would be workable for this? Well, if fingerprint scanners aren't reliable enough to identify the same person accurately twice, it's even moreso snake oil to suggest they're suitable for crypto... or even biometric authentication, for that. (I wonder if the level of variability is manageable enough that you could generate a set of the most-probable variations of the trace of a given fingerprint and then use a multiple key/N-out-of-M technique.) cheers, DaveK -- Can't think of a witty .sigline today - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]