Open Source TCPA driver and white papers
From Dave Farber's list: From: David Safford [EMAIL PROTECTED] Subject: Open Source TCPA driver and white papers Date: Tue, 21 Jan 2003 12:05:39 -0500 Reply-To: David Safford [EMAIL PROTECTED] IBM has released a Linux device driver under GPL for its TCPA chip (TPM). The driver is available at http://www.research.ibm.com/gsal/tcpa/ This page also has links to two papers, one presenting positive uses of the chip, and the second rebutting misinformation about the chip. These papers, combined with the Linux driver and the TCPA specification at http://www.trustedcomputing.org, give everyone the ability to test an actual chip (such as in the Thinkpad T30), to see for themselves what it can, and cannot do. Note: the papers and driver do not discuss Palladium. Palladium and TCPA are two separate topics. dave safford [EMAIL PROTECTED] -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Fast factoring hardware
I got the following forwarded along yesterday from someone who'd had it forwarded along, apparently with reasonable permission along the chain. The message indicated the paper could be distributed, so I don't think I'm violating any trusts. Unfortunately the attached paper (which I'm still reading) is far too long to email to the whole list, but I'm trying to get a URL for it so people can download it at will. -- [...] From: Adi Shamir[...] I am attaching to this email a new paper coauthored with Eran Tromer. It describes a new hardware device called TWIRL (The Weizmann Institute Relation Locator) which is 3-4 orders of magnitude more efficient than previous designs (including TWINKLE) in implementing the sieving part of the NFS factoring algorithm. Based on a detailed design and simulation (but without an actual implementation), we believe that the NFS sieving step for 1024-bit RSA keys can be completed in less than a year on a $10M TWIRL machine, and that the NFS sieving step for 512-bit RSA keys can be completed in less than 10 minutes on a $10K TWIRL machine. Please feel free to send copies of the paper to anyone you wish. Best regards, Adi Shamir. [...] -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
On 24 Jan 2003, David Wagner wrote: If those locksmiths didn't publish the vulnerability, phooey on them. Matt Blaze deserves full credit for being the first to publish. I'm fairly certain this has been published in locksmithing journals previously, though I would have to do some digging to prove that. What good is it to know about a vulnerability if you never warn the users and never fix the weakness? It is the prevailing opinion in the physical security space that users are not the best qualified to judge their own threat models. Whether or not this is correct could be up for debate, but trying to force high-security locks on someone who doesn't need it is viewed with the same sort of disdain that you might have for a company trying to sell Tempest-shielding to a small business owners. The actual lock is very rarely the point of least resistance for an attack. [These and other weaknesses are, in fact, addressed in a number of high-security locks. Most users won't want to pay for them.] In scientific research, we credit the first person to publish new knowledge. Sure, maybe you've invented a cure for cancer ... but if you don't tell anyone, you don't get the credit, and you haven't done much good for the world. I think, on balance, Matt Blaze's paper seems likely to be beneficial for users of locks. It helps us more accurately evaluate our own security and be smarter about how we select physical security defenses. That seems likely to lead to greater security for all of us in the end. We should be grateful to Blaze for publishing, not dismissive. Matt's paper is beneficial to fledgling locksmiths, but I'm uncertain if it will have any effect on users. Perhaps I'm cynical. Here's a story you might find interesting. A few years ago, a certain employee of a Silicon Valley company with which both you and Matt may be familiar asked me to evaluate the physical defenses of one of their facilities. The goal was to see how close I could get to the center of the building. They had a magnetically-sealed front door, a hand geometry scanner on one inner door, iButton access on another, and fairly secure physical lock cylinders. I was able to get inside with nothing more than a coat hanger, credit card, and a pen knife. This is the reality of physical security. Designing a burglar-proof installation is tricky business, and using secure locks is usually the least of the problem. A user who needs full security should be engaging a qualified physical security specialist to do the design and installation, and a security professional who knows how to address all the other potential attacks will surely be aware of key decoding techniques, and how to defend against them. Matt's technique is clever, and I am impressed that he came up with it on his own. His paper is well-written, and explains a lot about master-keyed systems in general. People interested in becoming locksmiths or entering the physical security business will definitely want to read it. I don't think it is going to significantly increase security in the real world, however. --Len. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Shamir paper on fast factoring hardware
On 24 Jan 2003, Perry E. Metzger wrote: The uncompressed paper is about 450k but I've gzipped it down to 146k. Lacking a better place to put it and having been asked by a number of people, I'm sending it out here. My apologies to those who are inconvenienced but I think it is a pretty important paper and it isn't otherwise easily accessible. I've put it up at http://www.randombit.net/misc/twirl.ps.gz for any interested parties who didn't just get a 200K email; it won't stay there indefinitely but it will be around for at least a few weeks. Based on the quote from Dr. Shamir I'm assuming this is OK with him. -Jack - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
Actually even in their Biaxial design the sidebar hole is always on the bottom pin, and so the master shares the angle with the change keys. -matt There is, however, a newer medeco design that uses a drill-hole instead of a groove. With that design you can have the pin twist be different at different pin-heights (by putting the drill-hole at a different twist-angle). I don't think this attack would work quite as easily on this design. -derek - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
Matt Blaze [EMAIL PROTECTED] writes: I have no particular interest in seeing you eat crickets (and before I went veggie I've eaten a few myself; taste like whatever they're cooked in), but I've done it on Medecos; it's no problem. Having taken apart Medeco's before, I have to agree with Matt that this attack would work fine on old-style medecos with a groove for the the turn-bar. This means the twist is the same at all pin heights for any particular pin. The angles will be the same on the master as the change key; only the cut depth will differ. If you have a code cutter at the oracle lock it's no different from doing the attack regular locks, except that Medeco's MACS restrictions mean you have to be careful about whether you use the change depth or previously learned master depth at the positions adjacent to the position under test. If you're using a file at the oracle lock, just use a code machine to pre-cut a #1 cut at the right angle at each position; the sharp angle actually makes filing a bit easier than on locks with a standard cut. There is, however, a newer medeco design that uses a drill-hole instead of a groove. With that design you can have the pin twist be different at different pin-heights (by putting the drill-hole at a different twist-angle). I don't think this attack would work quite as easily on this design. -derek -- Derek Atkins Computer and Internet Security Consultant [EMAIL PROTECTED] www.ihtfp.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
On Fri, 24 Jan 2003, Matt Blaze wrote: I have no particular interest in seeing you eat crickets (and before I went veggie I've eaten a few myself; taste like whatever they're cooked in), but I've done it on Medecos; it's no problem. Well, unfortunately I specified live, which probably precludes the cooking bit. Hmm. Cricket fondue, perhaps. The angles will be the same on the master as the change key; only the cut depth will differ. That isn't necessarily the case. High-security Medecos can have multiple valid pin rotation positions -- the pin's angled surface doesn't need to be flush with the key. This allows much larger number of possible pin combinations, and I think it would make your attack infeasible in practice (particularly since the attacker presumably doesn't know if there are dummy steps added, or if the key is part of a master-ring system. That's a lot of work to do only to find out the attack wouldn't have worked in the first place.) If you have a code cutter at the oracle lock it's no different from doing the attack regular locks, except that Medeco's MACS restrictions mean you have to be careful about whether you use the change depth or previously learned master depth at the positions adjacent to the position under test. That would certainly be true. If you're using a file at the oracle lock, just use a code machine to pre-cut a #1 cut at the right angle at each position; the sharp angle actually makes filing a bit easier than on locks with a standard cut. I recommend a light garlic sauce. *grin* Have you found a source for the factory-controlled Medeco key blanks? --Len. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)
The fact that the hole is on the bottom pin is not important. What is important is that the hole at the change-key height does not need to be at the same angular position as the hole at the master-key height. It's hard to draw ascii art to show what I mean, but because the twist holes are at a particular height when the key is inserted, you can certainly see how at different heights the holes can be in different locations. -derek Matt Blaze [EMAIL PROTECTED] writes: Actually even in their Biaxial design the sidebar hole is always on the bottom pin, and so the master shares the angle with the change keys. -matt There is, however, a newer medeco design that uses a drill-hole instead of a groove. With that design you can have the pin twist be different at different pin-heights (by putting the drill-hole at a different twist-angle). I don't think this attack would work quite as easily on this design. -derek -- Derek Atkins Computer and Internet Security Consultant [EMAIL PROTECTED] www.ihtfp.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
JILT: New Rules for Anonymous Electronic Transactions? AnExploration of the Private Law Implications of Digital Anonymity
http://elj.warwick.ac.uk/jilt/01-2/grijpink.html Contents Abstract 1. Introduction 2. Key Question 2.1 Explanation 3. Anonymity: A Question of Degree 4. The Social Significance of Anonymity 5. The Legal Implications of Absolute Anonymity Under Private Law 5.1 Absolute Anonymity Under Contract Law 5.1.1 Absolutely Anonymous Electronic Contracts 5.1.2 Problems Concerning the Implementation of an Absolutely Anonymous Contract 5.2 Absolute Anonymity Under the Law of Property 6. Semi-Anonymity 6.1 Semi-Anonymity Under Contract Law 6.1.1 Semi-Anonymous Contracts 6.1.2 Problems Concerning the Implementation of the Semi-Anonymous Contract 6.2 Semi-Anonymity Under Property Law 7. Are New Legal Structures Desirable? 7.1 Prevention or Cure 7.2 Legislation or Self-Regulation 7.3 Renovation or Building From Scratch 8. Conclusion Notes and References Download New Rules for Anonymous Electronic Transactions? An Exploration of the Private Law Implications of Digital Anonymity [1] Dr Jan Grijpink Principal Adviser, Dutch Ministry of Justice [EMAIL PROTECTED] Professor Dr Corien Prins [2] Professor of Law and Informatisation, Tilburg University, The Netherlands [EMAIL PROTECTED] Abstract For various reasons, most prominently privacy considerations, consumers on the Internet become reluctant to reveal their true identity. Different techniques and services have recently been developed which make Internet activities, such as surfing, anonymous. Facilities are also available to provide individuals with a pseudo-identity. This article explores the status of anonymous electronic transactions under the Dutch private law system and analyses whether new legal rules are required to protect consumer interests. Keywords: Anonymity, Semi-anonymity, Pseudo Identity, Private Law, Privacy, Smartcards, International Regulation, Intermediary, Self-regulation, Legislation, Consumer Protection. This is a Refereed article published on 2 July 2001. Citation: Grijpink J H A M and Prins J E J , 'New Rules for Anonymous Electronic Transactions? An Exploration of the Private Law Implications of Digital Anonymity', 2001 (2) The Journal of Information, Law and Technology (JILT) . http://elj.warwick.ac.uk/jilt/01-2/grijpink.html 1. Introduction Lately, anonymous communications on the Internet have gained considerable attention. A New Jersey state court judge ruled in November 2000 that a software company is not entitled to learn the identities of two 'John Doe' defendants who anonymously posted critical comments on a Yahoo message board[ 3]. Fall 2000, Ian Avrum Goldberg's dissertation on A Pseudonymous Communications Infrastructure for the Internet received world-wide publicity[ 4].Ongoing concerns of digital privacy stimulate the debates about possible ways to avoid being 'profiled' on the Net and communicate anonymously. Anonymous communication raises various (legal) questions. What exactly do we mean by anonymity? Why would people want to communicate and transact on an anonymous basis? What are the practical and legal restraints upon anonymity when communicating and transacting with others? In other words: aside from the ad-hoc problems that now arise under case law, what is the larger landscape of the legal consequences of anonymity? This article sets out the most important conclusions of the first stage of a study into the dimensions of digital anonymity. It is intended to set out the problem, make people aware of the intricacies of the problem and thus stimulate the debate on useful legal structures for anonymity. The article focuses on the private law dimensions, addressing situations where consumers want to purchase anonymously on the Internet. With the purpose of directing the key question towards future developments in information technology, the study is based on a picture of the future in which the large scale use of anonymous electronic transactions occupies an important position. We hereby take the chip card as an illustrative example and focus on the Dutch legal situation. Finally, it should be mentioned that this study forms part of a broader search for sustainable legal and organisational transformation processes arising from new information and communication technology[ 5]. The article is laid out as follows. Section 2 provides an outline of the key question into new law for digital anonymity and some background information. Anonymity is a concept that is subject to multiple interpretations, an issue that is discussed in section 3. The key question is only worth addressing if absolutely anonymous electronic legal transactions are technically feasible, and we can put forward a plausible case supporting the practical significance of anonymity in electronic legal transactions. We will set forth that case in section 4. Section 5 outlines the status of an absolutely anonymous contract under private law, contract law and property law. This