[cryptography] Crowdfunding USB Security Key for Encryption - Nitrokey Storage

[Jan Suhr]

Hi!

Nitrokey Storage is a USB device which operates as a “digital latchkey”
to protect your data and user accounts. It allows for the secure
encryption of emails, files and hard drives, secure login on the web and
contains encrypted mass storage. The encryption keys are stored securely
in the hardware at all times.

Nitrokey is made entirely in Germany and stands out on the market
because it is 100% open-source and uses 100% open hardware

It is also the first hardware worldwide with hidden storage, which
enables users to plausibly deny the existence of additional encrypted
data. This can be useful during border controls or similar threatening
situation.

The firmware and hardware of Nitrokey Storage have already been verified
by Cure59, a professional third-party security auditor.

Use Cases:

* Encryption of emails, hard drives, SSH, and other data via a highly secure
smart card. Secure keys are protected by the hardware. Up to RSA 4096
bit is supported.
* Secure login on the web and protection against identity theft via
one-time passwords.
* Secure transport and exchange of sensitive files via encrypted mass
storage (up to 64 GB). (AES-256 in CBC mode)

Our crowdfunding campaign just started and needs your support:
http://igg.me/at/nitrokey
Also, please help promoting it.


Kind Regards,
Jan Suhr


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

[cryptography] Diffie-Hellman after the Logjam paper versus IETF RFCs ...

[Thierry Moreau]

Hi!

The Logjam paper (https://weakdh.org/) makes three recommendations for 
Diffie-Hellman parameters: transition to ECC-DH, use larger (>=2048 
bits) DH primes, and avoid fixed 1024-bits DH primes.


In reviewing the current standardized DH parameters, I came across two 
questions.


First some references with an historical perspective.

Oakley primes were introduced in RFC2409 section 6 (768 and 1024 bits). 
Larger primes were standardized in RFC3526 (confirmed widely used 1536 
bits plus 2048, 3072, 4096, 6144, and 8192 bits). The DH generator is 2.


Very recently 
(https://datatracker.ietf.org/doc/draft-ietf-tls-negotiated-ff-dhe/ 
appendix A) the Oakley prime number generation strategy is replayed, 
substituting the Euler constant binary extension for the pi binary 
extension as an unbiased trusted pseudo-random sequence. Note that the 
DH generator remains at 2 in this new document.


In the meantime, two standardization actions took place.

The authors of an EAP variant RFC6124 (section 7.1) found useful to 
modify the Oakley standard parameters by changing the DH generator value 
from 2 to a small prime number specific to each DH prime number 
(respectively 5, 31, 11, 5, and 5 for Oakley primes of 1024, 1536, 2048, 
3072, and 4096).


Finally, RFC5114 seems to scoop NIST on its own ground, introducing DH 
parameter sets with a defined and reduced size "prime order subgroup" 
with a generator value as large as the DH prime. I wonder if this 
standardization action actually turned a test vector example (originally 
intended as an example of a random parameter generation) into a fixed DH 
parameter set of the type found problematic in the Logjam paper. Indeed, 
the RFC5114 text refers to the NIST CSRC page 
http://csrc.nist.gov/groups/ST/toolkit/examples.html from which one may 
come to the document 
http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/KS_FFC_All.pdf 
which is over 100 pages of test data without textual explanations or 
author attribution.


Then the two questions:

Q.1 Is the generator value selection per RFC6124 a better alternative 
than the fixed generator value 2?


Q.2 Is there any benefit in the size reduction for the prime order 
subgroup standardized by RFC5114 (beyond complying to the NIST addiction 
to cryptographic parameters exactly fit to a given security parameter)?


Conclusion

The default answers are yes to Q.1 and no to Q.2. Therefore, ongoing 
standardization work is a dubious place for basic wisdom on using a 
cryptographic primitive. RFC6124 has it almost right (it should have 
omitted the 1024 prime size) but seems outside of mainstream IETF work.


Apologies to IETF'ers for not making a contribution out of my opinion 
(you may use this message as you see fit).


Thanks in advance for comments!

- Thierry Moreau
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

[cryptography] Diffie-Hellman after the Logjam paper versus IETF RFCs ...

[Thierry Moreau]

Hi!

The Logjam paper (https://weakdh.org/) makes three recommendations for 
Diffie-Hellman parameters: transition to ECC-DH, use larger (>=2048 
bits) DH primes, and avoid fixed 1024-bits DH primes.


In reviewing the current standardized DH parameters, I came across two 
questions.


First some references with an historical perspective.

Oakley primes were introduced in RFC2409 section 6 (768 and 1024 bits). 
Larger primes were standardized in RFC3526 (confirmed widely used 1536 
bits plus 2048, 3072, 4096, 6144, and 8192 bits). The DH generator is 2.


Very recently (
https://datatracker.ietf.org/doc/draft-ietf-tls-negotiated-ff-dhe/ 
appendix A) the Oakley prime number generation strategy is replayed, 
substituting the Euler constant binary extension for the pi binary 
extension as an unbiased trusted pseudo-random sequence. Note that the 
DH generator remains at 2 in this new document.


In the meantime, two standardization actions took place.

The authors of an EAP variant RFC6124 (section 7.1) found useful to 
modify the Oakley standard parameters by changing the DH generator value 
from 2 to a small prime number specific to each DH prime number 
(respectively 5, 31, 11, 5, and 5 for Oakley primes of 1024, 1536, 2048, 
3072, and 4096).


Finally, RFC5114 seems to scoop NIST on its own ground, introducing DH 
parameter sets with a defined and reduced size "prime order subgroup" 
with a generator value as large as the DH prime. I wonder if this 
standardization action actually turned a test vector example (originally 
intended as an example of a random parameter generation) into a fixed DH 
parameter set of the type found problematic in the Logjam paper. Indeed, 
the RFC5114 text refers to the NIST CSRC page 
http://csrc.nist.gov/groups/ST/toolkit/examples.html from which one may 
come to the document
http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/KS_FFC_All.pdf 
which is over 100 pages of test data without textual explanations or 
author attribution.


Then the two questions:

Q.1 Is the generator value selection per RFC6124 a better alternative 
than the fixed generator value 2?


Q.2 Is there any benefit in the size reduction for the prime order 
subgroup standardized by RFC5114 (beyond complying to the NIST addiction 
to cryptographic parameters exactly fit to a given security parameter)?


Conclusion

The default answers are yes to Q.1 and no to Q.2. Therefore, ongoing 
standardization work is a dubious place for basic wisdom on using a 
cryptographic primitive. RFC6124 has it almost right (it should have 
omitted the 1024 prime size) but seems outside of mainstream IETF work.


Apologies to IETF'ers for not making a contribution out of my opinion 
(you may use this message as you see fit).


Thanks in advance for comments!

- Thierry Moreau
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Paris Attacks Blamed on Strong Cryptography and Edward Snowden

[John Young]

At 01:21 AM 11/19/2015, you wrote:


how did hominids manage prior to crypto?


Pretty much the way most hominids do today. And will continue
to do the same way until crypto becomes normalized (if ever)
and less esoteric, cultish, obnoxious, condescending, vain,
whiney, excuse making. And above all these negative traits,
eager to sell products to authoritarians, governments, cults,
criminals, oligarchs, banks, gamblers, drug dealers, yadda.

Plenty of ways to avoid crypto as it has existed for its
very long history of serving the most evil, treacherous,
manipulative, deceptive, cheating, lying hominids on
earth and interstellar.

Crypto has a wretched history of helping a few harm millions.

Maybe it will change, but there has been a counter authority
of violence effort for only a couple of decades, and during
those decades the common practice of secretkeeping, lying
and cheating for crypto money making has grown even among
those loudly proclaiming the public benefits. PKC has indeed
enriched some, and others striving to get on that evil-doing
train of dual-hats and dual-use and dual-pontification.

As the NY Times said of John Brennan, hard to believe anything
crypto advocates have to say due to the far greater number of
crypto sleazeball hominids reaping rewards of aiding governments
than crypto hominid honorables aiding one another.

Spies and cryptographers spread secrets pox. Stay far away for good
health. Do not adopt that language everywhere.




___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

[cryptography] Fwd: Re: Paris Attacks Blamed on Strong Cryptography and Edward Snowden

[Givon Zirkind]

we have always had crypto.
sign language.  secret handshakes.  letter and symbol codes. lingua 
franca.  specialized vocabularies.

three yellow flags for vegan restaurants.
certain types of architecture indicating members of religions/beliefs 
and safety for slaves.
if you think of it on a macro level, crypto is just a kind of advanced 
language or alphabet you don't know yet.


On 11/19/2015 1:21 AM, mtm wrote:


how did hominids manage prior to crypto?

On Nov 18, 2015 11:26 PM, "grarpamp"  wrote:

On Wed, Nov 18, 2015 at 8:51 PM, Ted W. > wrote:
> And yet, we find that the Paris attackers did not communicate via
> encrypted channels for most of their planning. Surprise surprise:

Which means absolutely nothing to these anti crypto people.
And is no excuse for you to quit deploying crypto and fighting them.
___
cryptography mailing list
cryptography@randombit.net 
http://lists.randombit.net/mailman/listinfo/cryptography



___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography




___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Paris Attacks Blamed on Strong Cryptography and Edward Snowden

[Givon Zirkind]

i'm in the middle of reading Bruce Schneier's lastest book, "Data and 
Goliath".  sheds a lot of light on this subject.  very interesting 
book.  very insightful.   a good read.  i recommend it.  i picked it up 
to understand Google, scroogling, big data and the computer mechanics of 
corporate spying better.  but, he goes deeply into this subject of 
spying on citizens.  being able to kill with metadata alone.  [CIA 
quote] etc.


he makes a good point that we as mammals, fell like prey if being 
watched and can't function fully.  and, the younger generation is quite 
desensitized to most of this spying.  they post their love lives on 
facebook and are flamed when breaking up. the younger generation is much 
more accepting of what the older generation would consider embarassing 
and private.


all of this stuff is a double edged sword.  we can spy on citizens for 
terrorism or to silence political dissidents.  if we limit free speech 
to prevent terrorism, human rights activists won't be able to speak 
either.  best analogy, bank robbers use cars, roads, diners and 
electricity.  but, we don't illegalize cars, roads, diners and 
electricity.  because, most people don't use them for robbing banks.  
ditto crypto.


people still use envelopes; have locks on their doors, close the 
bathroom and get hotel rooms for "adult activities".  they are, in the 
majority of the time, doing nothing illegal.


imho, his analogy with the heightened airport security does apply to 
crypto and mass surveillance.  they've caught a lot of petty theives.  
but, no terrorists.  this is intuitive.  the population at large has 
noticed this.  ditto crypto n mass surveillance.


the corrollary is, the billions of dollars spent spying on citizens in 
the name of protecting us from terrorism, is more than just a waste of 
money--it's a dereliction of duty!  i don't care how much the gov't 
spends on fighting terrorism or; how it is done.  but, it should work!  
they shouldn't be sitting on their behinds reading oujie boards to find 
terrorists either!  this isn't the TVA workfare pgm.


also, he confirms my simple logic, if there is a backdoor, anyone can go 
through it.  "What one man can do, another man can undo." whether a 
foreign gov't or criminal, sooner or later, someone body you don't want 
to, will come through that backdoor.  either we make it safe for 
everyone.  or, we make it insecure and surveilable for everyone.


and, finally, someone else talks about the defects of profiling, all the 
false positives [and false negatives].  not to mention the incorrect 
math and statistical analysis. profiles are guidelines at best.  not 
definitions.  [my 2c]  he adds the cost of the human intervention and 
investigation necessary to correct the incorrect assessments.


do they not profile political activists?  your medical condition? from 
logged purchases?  where is the right and wrong in this?


and, they collect so much data, no one knows what's in it. unless, a 
flag goes off.  which, may not happen.  but, when it does, digging 
through the archives might help. [my 2c]


we have already opened our world to a new kind of discrimination that is 
non-combatible.  apply for a job.  they put your name in google and 
twitter and facebook and; see what comes up.  even if it is private.  my 
hunch is, they give it to PIs who do break the laws to find this info.  
and then, "we found someone more qualified for the job."  even if you 
scrub your google listings, there are always bread crumbs.


with everyone looking for the right search terms, sending ridiculous job 
offers to ppl based upon chumming resumes without human intervention.  
you may be lucky, if they never considered you anyway.


imho, this crypto warmongering is just using fear for control and 
justification of huge bureaucracies that are inefficacious to the task 
assigned.


On 11/19/2015 12:25 AM, grarpamp wrote:

On Wed, Nov 18, 2015 at 8:51 PM, Ted W.  wrote:

And yet, we find that the Paris attackers did not communicate via
encrypted channels for most of their planning. Surprise surprise:

Which means absolutely nothing to these anti crypto people.
And is no excuse for you to quit deploying crypto and fighting them.
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Paris Attacks Blamed on Strong Cryptography and Edward Snowden

[Benjamin Kreuter]

On Thu, 2015-11-19 at 06:21 +, mtm wrote:
> how did hominids manage prior to crypto?

The same way we managed before writing -- ciphers of various kinds have
been in use for all of recorded history.

-- Ben



signature.asc
Description: This is a digitally signed message part
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Re: [cryptography] Paris Attacks Blamed on Strong Cryptography and Edward Snowden

[Givon Zirkind]

u have nothing to fear, if u have nothing to hide.  said, the Nazis and 
Communists.  so, if you need workers to build a remote railway.  and, no 
one wants to work there.  instead of offering incentives, accuse them of 
crimes never committed.  from all those things they didn't have to hide. 
or, just, to keep the rest in line, send a few off to some camps, to 
never be heard from again.  because of all that stuff that they didn't 
have to hide.


anyone remember McCarthy?  like the idea doesn't live on?

On 11/19/2015 7:04 AM, John Young wrote:

At 01:21 AM 11/19/2015, you wrote:


how did hominids manage prior to crypto?


Pretty much the way most hominids do today. And will continue
to do the same way until crypto becomes normalized (if ever)
and less esoteric, cultish, obnoxious, condescending, vain,
whiney, excuse making. And above all these negative traits,
eager to sell products to authoritarians, governments, cults,
criminals, oligarchs, banks, gamblers, drug dealers, yadda.

Plenty of ways to avoid crypto as it has existed for its
very long history of serving the most evil, treacherous,
manipulative, deceptive, cheating, lying hominids on
earth and interstellar.

Crypto has a wretched history of helping a few harm millions.

Maybe it will change, but there has been a counter authority
of violence effort for only a couple of decades, and during
those decades the common practice of secretkeeping, lying
and cheating for crypto money making has grown even among
those loudly proclaiming the public benefits. PKC has indeed
enriched some, and others striving to get on that evil-doing
train of dual-hats and dual-use and dual-pontification.

As the NY Times said of John Brennan, hard to believe anything
crypto advocates have to say due to the far greater number of
crypto sleazeball hominids reaping rewards of aiding governments
than crypto hominid honorables aiding one another.

Spies and cryptographers spread secrets pox. Stay far away for good
health. Do not adopt that language everywhere.




___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography


___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography