Re: Linux-style kernel PRNGs and the FIPS140-2 test
There was an error in the bounds for the runs test specified by NIST; last october they updated FIPS 140-2 to specify new bounds. An updated version of my code can be found at http://people.qualcomm.com/ggr/QC/ (our old web pages are stale, and I'm still trying to have them taken down by our ex-ISP). Here's an excerpt from the comment in the new code: * Version 1.3 -- Bill Chauncey and his colleages pointed out to NIST that * the bounds in the runs test were incorrect. * They issued an update 2001-oct-10. If the new one still shows an anomalous number of runs test failures, there is a real problem. regards, Greg. At 03:23 PM 1/15/2002 -0500, Thor Lancelot Simon wrote: Many operating systems use Linux-style (environmental noise stirred with a hash function) generators to provide random and pseudorandom data on /dev/random and /dev/urandom respectively. A few modify the general Linux design by adding an output buffer which is not stirred so that bits which have already been output are not stirred into the pool of new random data (IMO, not doing this is insane, but that's a different subject). The enclosed implementation of the FIPS140-1/2 statistical test appears to show that such generators fail the runs test quite regularly. Interestingly, the Linux generator seems to do better the longer you let it run (which, perhaps, suggests that quite a bit of data should be run through it at boot time and discarded) but other, related generators do not. The usual failure mode is too many runs of 1 1s. Using MD5 instead of SHA1 as the mixing function, the Linux generator also displays too many runs of 1 0s. I have not yet seen other failure modes from these generators. To reproduce my results, just compile the enclosed and do a.out /dev/urandom on your platform of choice. Thor Greg Rose INTERNET: [EMAIL PROTECTED] Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199 Level 3, 230 Victoria Road,http://people.qualcomm.com/ggr/ Gladesville NSW 2111232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP GPG compatibility
On Tue, 15 Jan 2002 17:25:15 -0800, Will Price said: above is as well. That's like saying, have you stopped beating your wife? I would encourage some objectivity on that. Huh? Go to the gnupg-users lists archive and search for PGP problems. You will notice a couple of reports wrt PGP 7.0.3 - this is what I have described. I have not the time to dig out the messages for you as too much of my time is already spend to cope with all those little PGP bugs. It is really an annoying job which does not get easier by the verbosity of PGP's error messages ;-) At least they still don't understand version 4 signatures on data packets (only on keys). I had in mind that this was fixed some time ago, but obviously this isn't the case. I'm fairly sure we support that in 7.1.0 and up. According to Len this was indeed fixed in 7.0 but it seems that it was dropped in later versions. I have not seen any message from 7.1. That's not the only problem with text mode signatures. International characters present an even larger challenge. Most of this is not RFC2440 - 5.9. Literal Data Packet (Tag 11) A Literal Data packet contains the body of a message; data that is not to be further interpreted. So there are no conversion issues here. Unless textmode is used - which IMHO should be dropped entirely for clearness of protocol layering. But we should not discuss it here. don't handle it well either. Going forward, UTF8 migration is likely to cause some growing pains for everybody. Not unlikely for Windows or KDE who are using UCS-2. It is a mystery to us as well what happened with that... We were ready to proceed, but we were not the organizer so it was out of our My feeling is that the proprietary vendors are not interested in OpenPGP due to the fact that S/MIME does better feed the PKI cash cow. Well the trademark PGP is a different story and probably good to sell other products. Ciao, Werner -- Werner KochOmnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions-- Augustinus - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
CodeCon presentations announced and registration open
CodeCon is the premier event in 2002 for the P2P, cypherpunk, and network/security application developer community. It is a workshop for developers of real-world applications that support individual liberties. CodeCon registration is $50, a $10 discount is available if you register prior to February 1st. It will be held February 15-17, noon-5pm, at DNA lounge in San Francisco. http://codecon.org/ Presentations will include - * Peek-A-Booty - a distributed anti-censorship application * Invisible IRC Project - secure, anonymous client/server networks * Idel - lightweight mobile code for p2p cpu sharing * Reptile - a distributed but uniform content exchange mechanism * MNet - a universal shared filestore * Alpine - a social discovery mechanism which can handle high churn rates, malicious peers, and limited bandwidth * Eikon - an image search engine * CryptoMail - encrypted email for all * libfreenet - a case study in horrors incomprehensible to the mind of man, and other secure protocol design mistakes * BitTorrent - hosting large, popular files cheaply - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
password-cracking by journalists...
A couple of months ago, a Wall Street Journal reporter bought two abandoned al Qaeda computers from a looter in Kabul. Some of the files on those machines were encrypted. But they're dealing with that problem: The unsigned report, protected by a complex password, was created on Aug. 19, according to the Kabul computer's internal record. The Wall Street Journal commissioned an array of high-speed computers programmed to crack passwords. They took five days to access the file. Does anyone have any technical details on this? (I assume that it's a standard password-guessing approach, but it it would be nice to know for certain. If nothing else, are Arabic passwords easier or harder to guess than, say, English ones?) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Authenticating logos
Eric said, I didn't say that it wasn't possible to secure logos. I said that you couldn't protect people who trusted logos that were transmitted to them in Web pages. This is not the same thing. The point is that such logos are transmitted in-band and are part of the web page. Therefore, they are not cryptographically verified. It is a pity that logos are not authenticated by SSL and displayed in a separate window. We've done an experimental implementation of a secure-logo, as a special frame in the browser, controlled by a (local or remote but in any case trusted) proxy. The proxy validates that the server has a certificate for the logo; standard SSL certificates may not provide this, but they can contain an address where the proxy can go get the necessary additional certificates. If anybody is interested in taking this project further, I'll be happy to help. Best, Amir Herzberg See http://amir.beesites.co.il for link to lectures and draft-chapters on `secure communication and commerce using cryptography`; feedback welcome! - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]