Re: [cryptography] [Cryptography] Boing Boing pushing an RSA Conference boycott
On Jan 14, 2014, at 1:53 PM, cryptography-requ...@randombit.net wrote: > Does anyone really believe RSA is alone in this "betrayal?" > > And that making an example of RSA will stop the industry practice > of forked-tonguedness about working both sides of the imaginary > fence of dual-use, dual-hat, duplicity of com sec? First, “Almost everything you do will seem insignificant, but it is important that you do it”. Second, boycotting an e. coli-laden meat packer is not for the effect on that packer, but for the effect on the other packers. It serves as a warning and as a demonstration of damage that accrues to bad behaviors. Brands take notice of such things. It serves the public good. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] To Protect and Infect Slides
On Wed, Jan 1, 2014 at 3:56 AM, Ralph Holz wrote: > Hi Jake, > > Ian Grigg just made a point on metzdowd that I think is true: if you > want to change the NSA, you need to address the many corporates that > profit from what they are doing. Because the chain goes like this: > > corporate money -> election campaigns -> representatives -> NSA > > What do you think? And any ideas how to exercise pressure? > > Ralph The notion that corporate money is the driver of election campaigns, and that those campaigns offer genuine, non-cooptible choices, and that elected representatives control and direct the resources and activities of the NSA or any other “black” portion of the executive branch is quaint. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] the spell is broken
For reflection: What percent of domestic and global communications are protected from the collection of plaintext or session information by AES? Who has the capability and the desire to avoid going dark on that portion of data flows? Is this an example of a high-value target for corruption? If the promulgation of a flawed Dual_EC_DRBG was influenced, tolerated or supported by NIST and/or NSA in 2006, can we be sure that AES (FIPS PUB 197, 2001) was immune to those behaviors? If it was immune, was that due to a lack of funding, a lack of will, or a lack of technical acumen? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] Dual_EC_DRBG was cooked, but not AES?
The Snowden revelations describe several methods by which NSA committed kleptography, caused compliance by hardware makers and influenced standards. Why has AES escaped general suspicion? Are we to believe that NIST tested, selected, endorsed and promulgated an algorithm that was immune to NSA's toolset, without NSA participation and approval? NSA involvement in DES is known, but we await cryptanalysis or Snowdenesque revelations before having skepticism about AES? "On 17 March 1975, the proposed DES was published in the Federal Register. Public comments were requested, and in the following year two open workshops were held to discuss the proposed standard. There was some criticism from various parties, including from public-key cryptography pioneers Martin Hellman and Whitfield Diffie,[2] citing a shortened key length and the mysterious "S-boxes" as evidence of improper interference from the NSA. The suspicion was that the algorithm had been covertly weakened by the intelligence agency so that they — but no-one else — could easily read encrypted messages.[3] Alan Konheim (one of the designers of DES) commented, "We sent the S-boxes off to Washington. They came back and were all different."[4] The United States Senate Select Committee on Intelligence reviewed the NSA's actions to determine whether there had been any improper involvement. In the unclassified summary of their findings, published in 1978, the Committee wrote: In the development of DES, NSA convinced IBM that a reduced key size was sufficient; indirectly assisted in the development of the S-box structures; and certified that the final DES algorithm was, to the best of their knowledge, free from any statistical or mathematical weakness.[5] However, it also found that NSA did not tamper with the design of the algorithm in any way. IBM invented and designed the algorithm, made all pertinent decisions regarding it, and concurred that the agreed upon key size was more than adequate for all commercial applications for which the DES was intended.[6]" Source: https://en.wikipedia.org/wiki/Data_Encryption_Standard "On September 10 2013, The New York Times wrote that "internal memos leaked by a former N.S.A. contractor, Edward Snowden, suggest that the N.S.A. generated one of the random number generators used in a 2006 N.I.S.T. standard — called the Dual EC DRBG standard — which contains a backdoor for the NSA." On September 10 2013, The NIST director released a statement, saying that "NIST would not deliberately weaken a cryptographic standard."" Source: https://en.wikipedia.org/wiki/Dual_EC_DRBG "A major American computer security company has told thousands of customers to stop using an encryption system that relies on a mathematical formula developed by the National Security Agency (NSA). RSA, the security arm of the storage company EMC, sent an email to customers telling them that the default random number generator in a toolkit for developers used a weak formula, and they should switch to one of the other formulas in the product. The abrupt warning is the latest fallout from the huge intelligence disclosures by the whistleblower Edward Snowden about the extent of surveillance and the debasement of encryption by the NSA. Last week, the New York Times reported that Snowden's cache of documents from his time working for an NSA contractor showed that the agency used its public participation in the process for setting voluntary cryptography standards, run by the government's National Institute of Standards (NIST) and Technology, to push for a formula it knew it could break. Soon after that revelation, the NIST began advising against the use of one of its cryptographic standards and, having accepted the NSA proposal in 2006 as one of four systems acceptable for government use, said it would reconsider that inclusion in the wake of questions about its security." Source: http://www.theguardian.com/world/2013/sep/21/rsa-emc-warning-encryption-system-nsa ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Skype backdoor confirmation
Jeffrey Walton wrote: > * Scan IM messages for dangerous content from people you don't know. > This means will read (and possibly retain) some of your > messages to determine if some (or all) of the message is dangerous. > > …. > > Give an choice, it seems like selection two is a good balance. Does that selection require that has a list of people you DO know? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] cryptography Digest, Vol 28, Issue 23
Yes, it can be compressed to zero bits, and the decompression process will generate two alternative outputs. On Jun 19, 2012, at 8:06 AM, cryptography-requ...@randombit.net wrote: > From: Ben Laurie > To: Jon Callas > Cc: Crypto List > Subject: Re: [cryptography] non-decryptable encryption >> >> >> The second wonderful property is that the ciphertext is compressible. >> Usually cipher text is not compressible, but in this case it is. Moreover, >> it is *maximally* compressible. The ciphertext can be compressed to a single >> bit and the ciphertext length recovered after key distribution. > > Surely it can be compress to no bits at all? ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] Haystacks and Needles
Just as immunizations protect not only the person immunized, but also help protect the community from contagion, wouldn't more encrypted content have a public benefit through increasing the costs per "nugget" found and cause a narrowing of focus on those communications where there is probable cause or at least reasonable suspicion, versus wholesale hoovering of the spew? While there are many technical defenses in systems, procedures, algorithms and implementations, wouldn't a vast increase in encrypted content also add substantially to the security of individual encrypted content by increasing the number of haystacks (costs and time) per valuable needle? Rather than security through obscurity, more haystacks mean that encryption, being more common, is less of a red flag of suspicion, and that selection among encrypted content for the crackers has to be more discriminating. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] Non-governmental exploitation of crypto flaws?
Possibly like NSA warrantless hoovering (ex: the San Francisco splitter), this mailman "feature" is not used to evil ends and is no worry. Alternatively, privacy may be more vulnerable to simple user oversights than short keys. On Nov 28, 2011, at 9:27 PM, cryptography-requ...@randombit.net wrote: > Date: Mon, 28 Nov 2011 20:40:45 -0500 > From: Steven Bellovin > To: Crypto discussion list > Subject: Re: [cryptography] Non-governmental exploitation of crypto > flaws? > Message-ID: > Content-Type: text/plain; charset=us-ascii > > > On Nov 28, 2011, at 8:03 PM, Nico Williams wrote: > >> The list is configured to set Reply-To. This is bad, and in some >> cases has had humorous results. I recommend the list owners change >> this ASAP. > > > Agree, strongly. The mailman documentation agrees with us. I'm on the > verge of unsubscribing on the grounds that the list is a privacy violation > in action. > > --Steve Bellovin, https://www.cs.columbia.edu/~smb ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography