subject:""

--- begin forwarded text

 Delivered-To: [EMAIL PROTECTED]
 Date: Mon, 31 Oct 2005 07:24:09 -0500
 To: Philodox Clips List [EMAIL PROTECTED]
 From: R.A. Hettinga [EMAIL PROTECTED]
 Subject: [Clips] The myth of suitcase nukes.
 Reply-To: [EMAIL PROTECTED]
 Sender: [EMAIL PROTECTED]

 http://www.opinionjournal.com/extra/?id=110007478

 OpinionJournal
 WSJ Online

 AT WAR

 Baggage Claim
 The myth of suitcase nukes.

 BY RICHARD MINITER
 Monday, October 31, 2005 12:01 a.m. EST

 It is the duty of Muslims to prepare as much force as possible to
 terrorize the enemies of God.

 --Osama bin Laden, May 1998

  Bin Laden's final act could be a nuclear attack on America.

 --Graham Allison, Washington Post

  One hundred suitcase-size nuclear bombs were lost by Russia.

 --Gerald Celente, professional futurist, Boston Globe

  Like everyone else rushing off the Washington subway one rush-hour
 morning, Ibrahim carried a small leather briefcase. No one paid him or his
 case much mind, except for the intern in the new Brooks Brothers suit who
 pushed past him on the escalator and banged his shin. What do you have in
 there? Rocks?

  Ibrahim's training had taught him to ignore all provocations. You will
 see, he thought.

  The escalator carried him up and out into the strong September sunlight.
 It was, as countless commentators would later say, a perfect day. As he
 walked from the Capitol South metro stop, he saw the Republican National
 Committee headquarters to his right. Two congressional office buildings
 loomed in front of him. Between the five-story structures, the U.S. Capitol
 dome winked in the sun. It was walled off in a mini-Green Zone of jersey
 barriers and armed police. He wouldn't trouble them. He was close enough.

  He put the heavy case down on the sidewalk and pressed a sequence of
 buttons on what looked like standard attaché-case locks. It would be just a
 matter of seconds. When he thought he had waited long enough, he shouted in
 Arabic: God is great! He was too soon. Some passersby stared at him.
 Two-tenths of a second later, a nuclear explosion erased the entire scene.
 Birds were incinerated midflight. Nearly 100,000 people--lawmakers, judges,
 tourists--became superheated dust. Only raindrop-sized dollops of
 metal--their dental fillings--remained as proof of their existence. In
 tenths of a second--less time than the blink of a human eye--the 10-kiloton
 blast wave pushed down the Capitol (toppling the Indian statute known as
 Freedom at the dome's top), punched through the pillars of the U.S.
 Supreme Court, smashed down the three palatial Library of Congress
 buildings, and flattened the House and Senate office buildings.

  The blast wave raced outward, decapitating the Washington Monument,
 incinerating the Smithsonian and its treasures, and reducing to rubble the
 White House and every office tower north to Dupont Circle and south to the
 Anacostia River. The secondary, or overpressure, wave jumped over the
 Potomac, spreading unstoppable fires to the Pentagon and Arlington, Va.
 Planes bound for Reagan and Dulles airports tumbled from the sky.

  Tens of thousands were killed instantly. By nightfall, another 250,000
 people were dying in overcrowded hospitals and impromptu emergency rooms
 set up in high school gymnasiums. Radiation poisoning would kill tens of
 thousands more in the decades to come. America's political, diplomatic and
 military leadership was simply wiped away. As the highest-ranking survivor,
 the agriculture secretary took charge. He moved the capital to Cheyenne,
 Wyo.

  That is the nightmare--or one version, anyway--of the nuclear suitcase. In
 the aftermath of the September 11 attacks, this nuclear nightmare did not
 seem so fanciful.

  A month after September 11, senior Bush administration officials were told
 that an al Qaeda terrorist cell had control of a 10-kiloton atomic bomb
 from Russia and was plotting to detonate it in New York City. CIA director
 George Tenet told President Bush that the source, code-named Dragonfire,
 had said the nuclear device was already on American soil. After anxious
 weeks of investigation, including surreptitious tests for radioactive
 material in New York and other major cities, Dragonfire's report was found
 to be false. New York's mayor and police chief would not learn of the
 threat for another year.

  The specter of the nuclear suitcase bomb is particularly potent because it
 fuses two kinds of terror: the horrible images of Hiroshima and the suicide
 bomber, the unseen shark amid the swimmers. The fear of a suitcase nuke,
 like the bomb itself, packs a powerful punch in a small package. It also
 has a sense of inevitability. A December 2001 article in the Boston Globe
 speculated that terrorists would explode suitcase nukes in Chicago, Sydney
 and Jerusalem . . . in 2004.

  Every version of the nuclear suitcase bomb scare relies on one or more
 strands of evidence, two from different Russians and one from

[Clips] Security 2.0: FBI Tries Again To Upgrade Technology

--- begin forwarded text

 Delivered-To: [EMAIL PROTECTED]
 Date: Mon, 31 Oct 2005 07:29:37 -0500
 To: Philodox Clips List [EMAIL PROTECTED]
 From: R.A. Hettinga [EMAIL PROTECTED]
 Subject: [Clips] Security 2.0: FBI Tries Again To Upgrade Technology
 Reply-To: [EMAIL PROTECTED]
 Sender: [EMAIL PROTECTED]

 http://online.wsj.com/article_print/SB113072498332683907.html

 The Wall Street Journal

  October 31, 2005

 Security 2.0:
  FBI Tries Again
  To Upgrade Technology
 By ANNE MARIE SQUEO
 Staff Reporter of THE WALL STREET JOURNAL
 October 31, 2005; Page B1

 As the fifth chief information officer in as many years at the Federal
 Bureau of Investigation, Zalmai Azmi faces a mystery: How to create a
 high-tech system for wide sharing of information inside the agency, yet at
 the same time stop the next Robert Hanssen.

 Mr. Hanssen is the rogue FBI agent who was sentenced to life in prison for
 selling secret information to the Russians. His mug shot -- with the words
 spy, traitor, deceiver slashed across it -- is plastered on the walls of
 a room at FBI headquarters where two dozen analysts try to track security
 breaches.

 Mr. Hanssen's arrest in February 2001, and his ability to use the agency's
 archaic system to gather the information he sold, led FBI officials to want
 to secure everything in their effort to modernize the bureau, Mr. Azmi
 says. But then, investigations after the Sept. 11 terrorist attacks showed
 that FBI agents had information about suspected terrorists that hadn't been
 shared with other law-enforcement agencies. So then we said, 'Let's share
 everything,' Mr. Azmi says.

 Since then, the FBI spent heavily to upgrade its case-management system,
 from one that resembled early versions of personal computers -- green type
 on a black computer screen, requiring a return to the main menu for each
 task -- to a system called Virtual Case File, which was supposed to use
 high-speed Internet connections and simple point-and-click features to sort
 and analyze data quickly.

 But after four years and $170 million, the dueling missions tanked the
 project. FBI Director Robert Mueller in April pulled the plug on the much
 ballyhooed technology amid mounting criticism from Congress and feedback
 from within the bureau that the new system wasn't a useful upgrade of the
 old, rudimentary system. As a result, the FBI continues to use older
 computer systems and paper documents remain the official record of the FBI
 for the foreseeable future.

 Highlighting the agency's problems is the recent indictment of an FBI
 analyst, Leandro Aragoncillo, who is accused of passing secret information
 to individuals in the Philippines. After getting a tip that Mr. Aragoncillo
 was seeking to talk to someone he shouldn't have needed to contact, the FBI
 used its computer-alert system to see what information the analyst had
 accessed since his hiring in 2004, a person familiar with the probe said.
 The system didn't pick up Mr. Aragoncillo's use of the FBI case-management
 system as unusual because he didn't seek top secret information and
 because he had security clearances to access the information involved, this
 person said.

 The situation underscores the difficulties in giving analysts and FBI
 agents access to a broad spectrum of information, as required by the 9/11
 Commission, while trying to ensure rogue employees aren't abusing the
 system. It's up to Mr. Azmi to do all this -- without repeating the
 mistakes of Virtual Case File.

 Much is at stake: FBI agents and analysts are frustrated by the lack of
 technology -- the FBI finished connecting its agents to the Internet only
 last year -- and Mr. Mueller's legacy depends on the success of this
 effort. The FBI director rarely appears at congressional hearings or news
 conferences without his chief information officer close by these days.

 An Afghan immigrant, the 43-year-old Mr. Azmi fled his native country in
 the early 1980s after the Soviet invasion. After a brief stint as a car
 mechanic in the U.S., he enlisted in the Marines in 1984 and spent seven
 years mainly overseas. A facility for languages -- he speaks five -- helped
 him win an assignment in the Marines working with radio communications and
 emerging computer technologies.

 When he returned to the U.S., he joined the U.S. Patent and Trademark
 Office as a project manager developing software and hardware solutions for
 patent examiners. He attended college and graduate school at night,
 obtaining a bachelor's degree in information systems from American
 University and a master's degree in the same field from George Washington
 University, both in Washington, D.C. Afterward, he got a job at the Justice
 Department in which he helped upgrade technology for U.S. attorneys across
 the country.

 That is where he was working when terrorists attacked Sept. 11, 2001. On
 Sept. 12, armed with two vans of equipment, Mr. Azmi and a team of
 engineers traveled from Washington to New York,

[Clips] How Tools of War On Terror Ensnare Wanted Citizens

--- begin forwarded text

 Delivered-To: [EMAIL PROTECTED]
 Date: Mon, 31 Oct 2005 07:35:05 -0500
 To: Philodox Clips List [EMAIL PROTECTED]
 From: R.A. Hettinga [EMAIL PROTECTED]
 Subject: [Clips] How Tools of War On Terror Ensnare Wanted Citizens
 Reply-To: [EMAIL PROTECTED]
 Sender: [EMAIL PROTECTED]

 http://online.wsj.com/article_print/SB113072652621883932.html

 The Wall Street Journal

  October 31, 2005
  PAGE ONE

 New Dragnet
  How Tools of War
  On Terror Ensnare
  Wanted Citizens
 Border, Immigration Agencies
  Tap Into FBI Database;
  Questions About Privacy
 Mr. Samori's Speeding Ticket
 By BARRY NEWMAN
 Staff Reporter of THE WALL STREET JOURNAL
 October 31, 2005; Page A1

 Driving in from Mexico last March, Jaime Correa was stopped by federal
 inspectors at a border post near San Diego. They fed the 21-year-old U.S.
 citizen's name into a computer with a fast link to the federal government's
 huge database of criminal files. Readout: Wanted in Los Angeles for
 attempted murder.

 Another citizen, Issah Samori, walked into a federal office in Chicago the
 previous year. He is 60, a cabbie, and was there to help his wife get a
 green card. An immigration clerk fed his name into the same computer.
 Readout: Wanted in Indiana for speeding.

 The border guards handed Mr. Correa over to the San Diego police, who
 locked him up. The Chicago police came to collect Mr. Samori. He spent the
 night on a concrete slab in a precinct cell.

 Detentions of American citizens by immigration authorities for offenses
 large and small are becoming routine -- and have begun to stir a debate
 over the appropriate use of the latest technologies in the war on terror.
 Since the attacks of Sept. 11, 2001, immigration computers have been hooked
 up to the expanding database of criminal records and terrorist watch lists
 maintained by the Federal Bureau of Investigation. The computers are now in
 use at all airports, most border crossings, and even in domestic
 immigration offices, where clerks decide on applications for permanent
 residence and citizenship.

 The screenings are mainly meant to trap foreigners, and especially foreign
 terrorists, but they have also proved to be a tool in the hunt for American
 citizens wanted by the police. In 2003, U.S. Customs and Border Protection
 says that it alone caught 4,555 Americans this way. In 2004, the number
 rose to 6,189.

 Some law enforcers applaud that tally. Citizens with nothing to hide, they
 argue, shouldn't care if their names are put through a criminal search, and
 criminals should have no expectation of privacy. The arrests have brought
 in some serious offenders, like Mr. Correa, a Los Angeles gang member, who
 was accused of a drive-by shooting. He was convicted this month of assault
 with a firearm, and sentenced to eight years in prison. There have been
 others like him: citizens wanted for armed robbery, murder and sex crimes.

 But some legal scholars and defenders of privacy worry that easy access to
 criminal databases is giving rise to indiscriminate detentions of citizens
 for minor offenses, and to a mission creep that is blurring the line
 between immigration control and crime control. Routine encounters like Mr.
 Samori's, some say, shouldn't give civil servants a free shot to fish for
 records unrelated to the administrative purpose at hand.

 It isn't as if those the computer snags are being pulled over for a broken
 tail-light, says former Atlanta policeman Mark Harrold, who teaches law at
 the University of Mississippi. Rather, as he sees it, they are being caught
 as they engage in civil pursuits like going in for a marriage license.

 Born in Ghana, Mr. Samori has lived for 35 years in a brick house on
 Chicago's South Side. When he and his new Ghanaian wife, Hilda, sat down in
 an immigration clerk's cubicle in mid-2004, Mr. Samori knew that as a
 citizen he had a right to sponsor her for permanent residence. The two came
 ready to show that their marriage was genuine. But the clerk just stared at
 his computer.

 He said we can't do the interview, Mr. Samori recalls. I asked why. He
 said, because we have an arrest warrant on you. I told him, whatever it is,
 I'm ready to face it.

 The clerk reached for his phone. Two officers appeared. Hilda Samori cried
 as her husband was led out. He spent three nights in jail on his way to
 Indiana court, where his reckless-driving charge, a misdemeanor, was
 eventually set aside. Mrs. Samori had to wait a year and a half for her
 green-card application to be reopened.

 Immigration service officials say reporting wanted citizens has become
 standard procedure. If you have unfinished business with the police, it's
 best to take care of that before you come in asking for a service or a
 benefit, says Christopher Bentley, a spokesman for U.S. Citizenship and
 Immigration Services, the border-protection agency's domestic sister. Apart
 from confirming a citizen sponsor's identity, he says, clerks

Re: packet traffic analysis

2005-10-31 Thread John Denker


In the context of:

If your plaintext consists primarily of small packets, you should set the MTU
of the transporter to be small.   This will cause fragmentation of the
large packets, which is the price you have to pay.  Conversely, if your
plaintext consists primarily of large packets, you should make the MTU large.
This means that a lot of bandwidth will be wasted on padding if/when there
are small packets (e.g. keystrokes, TCP acks, and voice cells) but that's
the price you have to pay to thwart traffic analysis.

Travis H. wrote:


I'm not so sure.  If we're talking about thwarting traffic on the link
level (real circuit) or on the virtual-circuit level, then you're
adding, on average, a half-packet latency whenever you want to send a
real packet. 


I very much doubt it.  Where did that factor of half come frome.


I don't see any reason why it's necessary to pay these costs if you
abandon the idea of generating only equal-length packets 


Ah, but if you generate unequal-length packets then they are
vulnerable to length-analysis, which is a form of traffic analysis.
I've seen analysis systems that do exactly this.  So the question is,
are you trying to thwart traffic analysis, or not?

I should point out that encrypting PRNG output may be pointless, 


*is* pointless, as previously discussed.


and
perhaps one optimization is to stop encrypting when switching on the
chaff. 


A better solution would be to leave the encryption on and use constants
(not PRNG output) for the chaff, as previously discussed.


Some minor details
involving resynchronizing when the PRNG happens to


The notion of synchronized PRNGs is IMHO crazy -- complicated as well as
utterly unnecessary.

RE: [EMAIL PROTECTED]: Skype security evaluation]

2005-10-31 Thread Whyte, William

A similar approach enabled Bleichenbacher's SSL attack on 
RSA with PKCS#1 padding. This sounds very dangerous to me.

William 

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of cyphrpunk
 Sent: Friday, October 28, 2005 5:07 AM
 To: [EMAIL PROTECTED]; cryptography@metzdowd.com
 Subject: Re: [EMAIL PROTECTED]: Skype security evaluation]

 Wasn't there a rumor last year that Skype didn't do any encryption
 padding, it just did a straight exponentiation of the plaintext?

 Would that be safe, if as the report suggests, the data being
 encrypted is 128 random bits (and assuming the encryption exponent is
 considerably bigger than 3)? Seems like it's probably OK. A bit risky
 perhaps to ride bareback like that but I don't see anything inherently
 fatal.

 CP

 -
 The Cryptography Mailing List
 Unsubscribe by sending unsubscribe cryptography to 
 [EMAIL PROTECTED]

Passport Hell (was [Clips] Re: [duodenalswitch] Re: Konstantin)

--- begin forwarded text

 Delivered-To: [EMAIL PROTECTED]
 Date: Mon, 31 Oct 2005 09:55:05 -0500
 To: Philodox Clips List [EMAIL PROTECTED]
 From: R.A. Hettinga [EMAIL PROTECTED]
 Subject: [Clips] Re: [duodenalswitch] Re: Konstantin
 Reply-To: [EMAIL PROTECTED]
 Sender: [EMAIL PROTECTED]

 --- begin forwarded text

  Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
  To: [EMAIL PROTECTED]
  From: [EMAIL PROTECTED]
  Sender: [EMAIL PROTECTED]
  Mailing-List: list [EMAIL PROTECTED]; contact
 [EMAIL PROTECTED]
  Delivered-To: mailing list [EMAIL PROTECTED]
  Date: Mon, 31 Oct 2005 09:11:08 EST
  Subject: Re: [duodenalswitch] Re: Konstantin
  Reply-To: [EMAIL PROTECTED]

  it was time to renew my passport again (2nd renewal ,,not first)  ..cause I
  want to go to Curitiba, Brasil in June to have my hernia repair and  get some
  PS with Dr. C for loose skin and muscles...  (a face lift would be  nice
  hmmm)
So I applied  like everyone else does submit old passport with
  application, ... I get a  letter back from the Department of Homeland
Security
  that says  I am refused  because there is not enough info to prove my
  identity
Thats all  the proof normally required.
 They  tell me with any further application to submit four
  documents all created b4  1985. (b4 1985???  jessh!)
  So I do... my Birth  Certificate ...my daughters B-certificate (cause
  my name is on it), my first  marriage certificate, my first divorce papers
  and an original payroll register  from the company I worked for in 1984 (with
  all my vitals on it).
  They then turned me down  again saying its just not enough proof
  () And they were the ones who  requested them.
   They have now  asked me for ... all my medical records from before
  1995, my second marriage  certificate, all my school transcripts from 1959
 till
  high school graduation,  and a voter registration certificate from 1994.
I also asked  congressman Tom Lantos to intervene on my behalf and
  he tried..and they told him  (nicely) to mind his own business
   I think I am  to be trapped within this gilded cage forever
  I was to be sent by my  corporation to China to represent them there (in
  January)... but apparently not  now and it also looks like I will have
 to save
  up alot of money to have my  PS done here in the states so I guess the
  Face lift is out I wonder if  Dr. C does house calls?
   Sad, frustrated and Depressed

 Konstantin

  If you  don't mind me asking, why are they rejecting your renewal?  I
  have a  friend who is an immigration attorney and I know he will ask
  when I bring  it up to him.  You can email me privately if you prefer.

  Jennifer

  --- In [EMAIL PROTECTED], [EMAIL PROTECTED]  wrote:

   I would love to learn the  Rapier
and archery...
   But right now I would settle  for the Department of homeland
  Security to stop
   rejecting my  Passport renewal forms and let me travel  (sigh)
   Any one know a  good reverse immigration attorney?

   Blessed  be
Konstantin

  [Non-text portions of this message have been removed]

  Yahoo! Groups Links

  * To visit your group on the web, go to:
  http://groups.yahoo.com/group/duodenalswitch/

  * To unsubscribe from this group, send an email to:
  [EMAIL PROTECTED]

  * Your use of Yahoo! Groups is subject to:
  http://docs.yahoo.com/info/terms/

 --- end forwarded text

 --
 -
 R. A. Hettinga mailto: [EMAIL PROTECTED]
 The Internet Bearer Underwriting Corporation http://www.ibuc.com/
 44 Farquhar Street, Boston, MA 02131 USA
 ... however it may deserve respect for its usefulness and antiquity,
 [predicting the end of the world] has not been found agreeable to
 experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
 ___
 Clips mailing list
 [EMAIL PROTECTED]
 http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text

-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Study and Results of (H.)-(G.)-(H.)

2005-10-31 Thread Elizabeth Wright [Cypherpunks]

Thanks for Enquiring about our recent (H.)uman-(G.)rowth-(H.)ormone Study.

Dr. Wright and Hormone Specialist Elizabeth Hall have finally
completed their 2 year study on the (H.)-(G.)-(H.) product at the Life 
Tran-sitions Institution.

These are summary results (20 male, 20 female patients) 

%IMPROVEMENT:

Frequency of Nighttime Urination...57%
Hot Flashes58%
Menstrual Cycle Regulation.59%
Memory.84%
Energy Level...84%
Skin  Hair Care Texture...71%
Wrinkle Disappearance..61%
New (H.)air38%
Body (F.)-at Loss..72%
Muscle Strength ...88%
Muscle Size ...81%
Healing of Other Injuries .61%
Resistance to Common Illness ..73%



To learn more about this product:
http://hghhonest.net



If you no longer want to receive information from our staff 
then visit http://hghhonest.net

AW: [EMAIL PROTECTED]: Skype security evaluation]

2005-10-31 Thread Kuehn, Ulrich

 -Ursprüngliche Nachricht-
 Von: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] Im Auftrag von cyphrpunk
 Gesendet: Freitag, 28. Oktober 2005 06:07
 An: [EMAIL PROTECTED]; cryptography@metzdowd.com
 Betreff: Re: [EMAIL PROTECTED]: Skype security evaluation]
 
 Wasn't there a rumor last year that Skype didn't do any 
 encryption padding, it just did a straight exponentiation of 
 the plaintext?

 Would that be safe, if as the report suggests, the data being 
 encrypted is 128 random bits (and assuming the encryption 
 exponent is considerably bigger than 3)? Seems like it's 
 probably OK. A bit risky perhaps to ride bareback like that 
 but I don't see anything inherently fatal.
 
There are results available on this issue: First, a paper by 
Boneh, Joux, and Nguyen Why Textbook ElGamal and RSA Encryption 
are Insecure, showing that you can essentially half the number 
of bits in the message, i.e. in this case the symmetric key 
transmitted. 

Second, it turns out that the tricky part is the implementation 
of the decryption side, where the straight-forward way -- ignoring 
the padding with 0s They are zeroes, aren't they? -- gives you a 
system that might be attacked in a chosen plaintext scenario very 
efficiently, obtaining the symmetric key. See my paper Side-Channel 
Attacks on Textbook RSA and ElGamal Encryption at PKC2003 for 
details.

Hope this answers your question.

Ulrich

Re: On the orthogonality of anonymity to current market demand

2005-10-31 Thread johns

hi

( 05.10.26 09:17 -0700 ) James A. Donald:
 While many people are rightly concerned that DRM will
 ultimately mean that the big corporation, and thus the
 state, has root access to their computers and the owner
 does not, it also means that trojans, viruses, and
 malware does not.

do you really think this is true?

doesn't microsoft windows prove that remote control of computers only
leads to compromise? [especially in our heavily networked world]

and doesn't history show that big corporations are only interested in
revenue- so that if they get revenue by forcing you to pay them fees for
'upkeep' of your digital credentials to keep your computer working they
are going to do that.

the problems 'solved' by DRM can also be solved by moving to an
operating system where you have control of it, instead of an operating
system filled with hooks so other people can control your computer.

and that operating system is freely available ...

-- 
\js oblique strategy: don't be frightened of cliches

Re: On the orthogonality of anonymity to current market demand

At 10:22 AM -0500 10/31/05, [EMAIL PROTECTED] wrote:
and doesn't history show that big corporations are only interested in
revenue

One should hope so.

;-)

Cheers,
RAH

-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Multiple passports?

2005-10-31 Thread Chris Clymer

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Peter Gutmann wrote:
 Gregory Hicks [EMAIL PROTECTED] writes:
 
 
As for applying for one now, I think the deadline for the non-RFID passwords
is about 3 days away (31 Oct 2005), but I could be wrong. (In other words, if
your application is not in processing by 31 Oct, then you get the new,
improved, RFID passport.)
 
 
 Ahh, but if you get one of the first passports issued then there are likely to
 still be some teething problems present, leading to sporadic failures of the
 first batch of RFID devices.  I have a funny feeling that this is going to
 happen to my new passport when it arrives.
 
 Peter.
 
 
I don't have a good feeling about this at all.  My passport is actually
invalid as a form of ID for anyone who checks closely(the BMV did!)
because the gov't printed the wrong birthdate on mine!

I went to Germany and back just after the embassy attacks in
africa(things were on high alert briefly then) with no questions on it.
 Try to renew my lost drivers license with it and suddenly its a damn
problem.

As far as I can tell, they used the month of issue as the birth month as
well.  A small mistake...but obviously an important one.  What ways do
you suppose there will be for them to screw up these RFID tags?  These
days ones libel to get branded a terrorist with the wrong info...
- --
  Chris Clymer - [EMAIL PROTECTED]
PGP: E546 19B6 D1EC 47A7 CAA0 8623 C807 398C CD27 15B8

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.7 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDZnnuyAc5jM0nFbgRAvBaAKDFUH2QFmKJqIk7WYkw5esWUy/MsACgwWvH
iHYKEguTdSdU0wRTIeI4lZg=
=UyJk
-END PGP SIGNATURE-
begin:vcard
fn:Chris Clymer
n:Clymer;Chris
org:Youngstown Linux User Group
adr:;;252 Colonial Drive;Canfield;Ohio;44406;United States of America
email;internet:[EMAIL PROTECTED]
title:Founder
tel;cell:330.507.3651
x-mozilla-html:FALSE
url:http://www.chrisclymer.com
version:2.1
end:vcard

Re: On the orthogonality of anonymity to current market demand

2005-10-31 Thread Chris Palmer

James A. Donald writes:

 Further, genuinely secure systems are now becoming available, notably
 Symbian.

What does it mean for Symbian to be genuinely secure? How was this
determined and achieved?


-- 
http://www.eff.org/about/staff/#chris_palmer



signature.asc
Description: Digital signature

Re: On the orthogonality of anonymity to current market demand

2005-10-31 Thread James A. Donald

James A. Donald writes:
  Further, genuinely secure systems are now becoming available, notably
  Symbian.

Chris Palmer [EMAIL PROTECTED]
 What does it mean for Symbian to be genuinely secure? How was this
 determined and achieved?

There is no official definition of genuinely secure, and it is my 
judgment that Symbian is unlikely to suffer the worm, virus and 
trojan problems to the extent that has plagued other systems.

Re: packet traffic analysis

 I very much doubt it.  Where did that factor of half come frome.

During lulls, you are constantly sending chaff packets.  On average,
you're halfway through transmitting a chaff packet when you want to
send a real one.  The system has to wait for it to finish before
sending another.  QED.

 Ah, but if you generate unequal-length packets then they are
 vulnerable to length-analysis, which is a form of traffic analysis.

I'm talking about a stream, with packets embedded in it.  For
circuit-switched circuits, this is no problem.  For a packet-switched
network, you must packetize the stream, which is unrelated to the
packets embedded in the stream.

This is somewhat inefficent, which is why I suggested that it is more
applicable ot something like PPP, SSH, or OpenVPN links, which are
already virtual circuits.  This is a fair criticism, but just think of
the number of such circuit/packet conversions when someone uses a TCP
virtual circuit over packet-based IP over an analog POTS link, which
is itself a virtual circuit that is packetized and sent over a circuit
(long-haul wirepair or fiber) in the telco network.

If you explain to me how an eavesdropper can tell where plaintext
packet begins or ends, then I'll agree with you that it is indeed
vulnerable to length analysis.

 A better solution would be to leave the encryption on and use constants
 (not PRNG output) for the chaff, as previously discussed.

That might or might not be a problem.  With ECB, it's vulnerable to
analysis (chaff is constant, so encryption of it is constant).  With
some modes, the amount you can transmit is limited (e.g. CTR mode). 
Modes that are based on a small window of previous plaintext, such as
OFB, would be vulnerable too.  It could very well be that it's a bad
idea to send a lot of constant plaintext under other modes, as well. 
For example, if most of the data is constant, then you have a close
approximation of known-plaintext.

 The notion of synchronized PRNGs is IMHO crazy -- complicated as well as
 utterly unnecessary.

It's not necessary to run a PRNG on the receiver.  You just have to be
able to tell when you're looking at random data, or an encrypted
version of an escape sequence and a valid packet, which can be
recognized, as per your point 4a.  If you find that it's not a
legitimate packet, you treat it as PRNG data, and start looking for
the encrypted escape sequence.  However, with a 32-bit escape
sequence, the chances of getting such a false positive are low.

I personally think sending encrypted versions of constant data under
the same key you use for real data is not crazy, but somewhat
imprudent.  Do you know what the unicity distance is?  Have you read
of attacks that require a large amount of ciphertext encrypted under
the same key?
--
http://www.lightconsulting.com/~travis/  --
We already have enough fast, insecure systems. -- Schneier  Ferguson
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B

Re: packet traffic analysis

 Modes that are based on a small window of previous plaintext, such as
 OFB, would be vulnerable too.

My mistake, OFB does not have this property.  I thought there was a
common mode with this property, but it appears that I am mistaken.

If it makes you feel any better, you can consider the PRNG the
encryption of constant text, perhaps using the real datastream as some
kind of IV.  The content of the chaff is not relevant; ideally you
would use a high-bandwidth HWRNG such as Quantis.
--
http://www.lightconsulting.com/~travis/  --
We already have enough fast, insecure systems. -- Schneier  Ferguson
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-31 Thread cyphrpunk

On 10/28/05, Daniel A. Nagy [EMAIL PROTECTED] wrote:
 Irreversibility of transactions hinges on two features of the proposed
 systetm: the fundamentally irreversible nature of publishing information in
 the public records and the fact that in order to invalidate a secret, one
 needs to know it; the issuer does not learn the secret at all in some
 implementnations and only learns it when it is spent in others.

 In both cases, reversal is impossible, albeit for different reasons. Let's
 say, Alice made a payment to Bob, and Ivan wishes to reverse it with the
 possible cooperation of Alice, but definitely without Bob's help. Alice's
 secret is Da, Bob's secret is Db, the corresponding challenges are,
 respectively, Ca and Cb, and the S message containing the exchange request
 Da-Cb has already been published.

 In the first case, when the secret is not revealed, there is simply no way to
 express reverslas. There is no S message with suitable semantics semantics,
 making it impossible to invalidate Db if Bob refuses to reveal it.

The issuer can still invalidate it even though you have not explicitly
defined such an operation. If Alice paid Bob and then convinces the
issuer that Bob cheated her, the issuer could refuse to honor the Db
deposit or exchange operation. From the recipient's perspective, his
cash is at risk at least until he has spent it or exchanged it out of
the system.

The fact that you don't have an issuer invalidates cash operation in
your system doesn't mean it couldn't happen. Alice could get a court
order forcing the issuer to do this. The point is that reversal is
technically possible, and you can't define it away just by saying that
the issuer won't do that. If the issuer has the power to reverse
transactions, the system does not have full ireversibility, even
though the issuer hopes never to exercise his power.


 In the second case, Db is revealed when Bob tries to spend it, so Ivan can,
 in principle, steal (confiscate) it, instead of processing, but at that
 point Da has already been revealed to the public and Alice has no means to
 prove that she was in excusive possession of Da before it became public
 information.

That is an interesting possibility, but I can think of a way around
it. Alice could embed a secret within her secret. She could base part
of her secret on a hash of an even-more-secret value which she would
not reveal when spending/exchanging. Then if it came to where she had
to prove that she was the proper beneficiary of a reversed
transaction, she could reveal the inner secret to justify her claim.


 Now, one can extend the list of possible S messages to allow for reversals
 in the first scenario, but even in that case Ivan cannot hide the fact of
 reversal from the public after it happened and the fact that he is prepared
 to reverse payments even before he actually does so, because the users and
 auditors need to know the syntax and the semantics of the additional S
 messages in order to be able to use Ivan's services.

That's true, the public visibility of the system makes secret
reversals impossible. That's very good - one of the problems with
e-gold was that it was never clear when they were reversing and
freezing accounts. Visibility is a great feature. But it doesn't keep
reversals from happening, and it still leaves doubt about how final
transactions will be in this system.

CP

Re: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants start

2005-10-31 Thread Eugen Leitl

On Sat, Oct 29, 2005 at 08:42:35PM -0400, Tyler Durden wrote:
 One thing to think about with respect to the RFID passports...
 
 Um, uh...surely once in a while the RFID tag is going to get corrupted or 
 something...right? I'd bet it ends up happening all the time. In those 
 cases they probably have to fall back upon the traditional passport usage 
 and inspection.

Actually, an RFID can be ridiculously reliable. It will also
depend on how much harassment a traveler will be exposed to, 
when travelling. Being barred from entry will definitely prove
sufficient deterrment.
 
 The only question is, what could (believably) damage the RFID?

Microwaving it will blow up the chip, and cause a scorched spot.
Severing the antenna would be enough for the chip to become mute.
Violetwanding or treating with a Tesla generator should destroy
all electronics quite reliably -- you always have to check, of
course.

Also, the ID is quite expensive, and a frequent traveller
will wind up with a considerable expense, and hassle.

-- 
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE


signature.asc
Description: Digital signature

Re: Return of the death of cypherpunks.

2005-10-31 Thread John Kelsey

From: James A. Donald [EMAIL PROTECTED]
Sent: Oct 28, 2005 12:09 PM
To: [EMAIL PROTECTED]
Subject: Return of the death of cypherpunks.

From: Eugen Leitl [EMAIL PROTECTED]
..
 The list needs not to stay dead, with some finite 
 effort on our part (all of us) we can well resurrect 
 it. If there's a real content there's even no need 
 from all those forwards, to just fake a heartbeat.

Since cryptography these days is routine and uncontroversial, there
is no longer any strong reason for the cypherpunks list to continue
to exist.

Well, political controversy seems like the least interesting thing
about the list--to the extent we're all babbling about who needs
killing and who's not a sufficiently pure
libertarian/anarchocapitalist and which companies are selling out to
the Man, the list is nothing special.  The cool thing is the
understanding of crypto and computer security techology as applied to
these concerns that are political.  And the coolest thing is getting
smart people who do real crypto/security work, and write working code,
to solve problems.  The ratio of political wanking to technical posts
and of talkers to thinkers to coders needs to be right for the list to
be interesting.  

..
--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 AnKV4N6f9DgtOy+KkQ9QsiXcpQm+moX4U09FjLXP
 4zfMeSzzCXNSr737bvqJ6ccbvDSu8fr66LbLEHedb

--John Kelsey

Re: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants start

2005-10-31 Thread Major Variola (ret)

At 01:31 AM 10/30/05 -0700, Bill Stewart wrote:
They've said they'll fall back on the traditional
If we can't read the passport it's invalid and you'll need to
replace it before we'll let you leave the country technique,
just as they often do with expired passports and sometimes

What is the procedure (or are they secret :-) for passports which
become damaged whilst travelling out of country?

With a drivers license, if the magstrip doesn't work, they type
in the numbers.  But the biometrics are not encoded, its just
a convenience.  With a passport, they're relying on the
chip or no?

(Mechanical damage to the chip should work as well as
RF or antenna damage.  You will have to find the chip
and crack it, mere flexing of the paper carrier doesn't work
by design.)

Re: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants start

2005-10-31 Thread Roy M. Silvernail

Tyler Durden wrote:

 One thing to think about with respect to the RFID passports...

 Um, uh...surely once in a while the RFID tag is going to get corrupted
 or something...right? I'd bet it ends up happening all the time. In
 those cases they probably have to fall back upon the traditional
 passport usage and inspection.

 The only question is, what could (believably) damage the RFID?

EMP?  Could be tuned, even, since the RFID is resonant at a known
frequency.  There's a standard for excitation field strength, so all one
should need to do would be hit the chip with 50-100x the expected
input.  Unless the system is shunted with a zener or some such, you
should be able to fry it pretty easily.

Now put that chip-cooker in a trash can right by the main entrance to an
airport and perform some public service.

-- 
Roy M. Silvernail is [EMAIL PROTECTED], and you're not
It's just this little chromium switch, here. - TFT
Dspam-pprocmail-/dev/null-bliss
http://www.rant-central.com

RE: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants start

2005-10-31 Thread Tyler Durden


One thing to think about with respect to the RFID passports...

Um, uh...surely once in a while the RFID tag is going to get corrupted or 
something...right? I'd bet it ends up happening all the time. In those cases 
they probably have to fall back upon the traditional passport usage and 
inspection.


The only question is, what could (believably) damage the RFID?

-TD


From: Eugen Leitl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID  
implants starting in October 2006 [priv]]

Date: Sat, 29 Oct 2005 20:54:13 +0200

- Forwarded message from David Farber [EMAIL PROTECTED] -

From: David Farber [EMAIL PROTECTED]
Date: Fri, 28 Oct 2005 17:49:06 -0400
To: Ip Ip ip@v2.listbox.com
Subject: [IP] more on U.S. passports to receive RFID implants starting in
October 2006 [priv]
X-Mailer: Apple Mail (2.734)
Reply-To: [EMAIL PROTECTED]



Begin forwarded message:

From: Edward Hasbrouck [EMAIL PROTECTED]
Date: October 28, 2005 11:07:28 AM EDT
To: [EMAIL PROTECTED]
Subject: Re: [IP] more on U.S. passports to receive RFID implants
starting in October 2006 [priv]


From: Lin, Herb [EMAIL PROTECTED]

*Front* cover?  Does that mean that if I hold the passport the wrong
way, the skimmer will have a free ride?


FWIW:

(1) The sample RFID passports that Frank Moss passed around at CFP,
which
looked like http://travel.state.gov/passport/eppt/eppt_2501.html, had
the RFID chip (which was barely detectable by feel) in the *back* cover.
The visible data page was/is, as with current passports, in the *front*
cover.  This is not compliant with the ICAO specifications, which
recommend having the chip in the same page as the visible data, to
make it
more difficult to separate them.  I can only guess that it was hard to
laminate the visible data without damaging the chip, if it was in the
same
page.  But it's interesting in light of the importance supposedly being
placed on compliance with ICAO standards.

(2) Moss had 2 sample RFID passports, 1 with and 1 without the
shielding.
He cliamed it was a layer in the entire outer cover (front and back),
but
it wasn't detectable by feel.

I have more threat scenarios for the latest flavor of RFID passport at:

http://hasbrouck.org/blog/archives/000869.html



Edward Hasbrouck
[EMAIL PROTECTED]
http://hasbrouck.org
+1-415-824-0214




-
You are subscribed as [EMAIL PROTECTED]
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

- End forwarded message -
--
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which 
had a name of signature.asc]

Re: Multiple passports?

2005-10-31 Thread Eugen Leitl

On Sun, Oct 30, 2005 at 03:05:25AM +, Justin wrote:
 If I apply for a new one now, and then apply for a another one once the
 gov starts RFID-enabling them, will the first one be invalidated?  Or
 can I have two passports, the one without RFID to use, and the one with
 RFID to play with?

Here in Germany the current ID (sans smartcard/rfid/biometics) will
be valid until expiry date.

-- 
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE


signature.asc
Description: Digital signature

Re: Any comments on BlueGem's LocalSSL?

At 11:10 AM -0700 10/28/05, James A. Donald wrote:
I am a reluctant convert to DRM.  At least with DRM, we
face a smaller number of threats.

I have had it explained to me, many times more than I want to remember,
:-), that strong crypto is strong crypto.

It's not that I'm unconvinceable, but I'm still unconvinced, on the balance.

OTOH, if markets overtake the DRM issue, as most cypherpunks I've talked to
think, then we still have lots of leftover installed crypto to play around
with.

Cheers,
RAH
Who still thinks that digital proctology is not the same thing as financial
cryptography.
-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Multiple passports?

2005-10-31 Thread Peter Gutmann

Gregory Hicks [EMAIL PROTECTED] writes:

As for applying for one now, I think the deadline for the non-RFID passwords
is about 3 days away (31 Oct 2005), but I could be wrong. (In other words, if
your application is not in processing by 31 Oct, then you get the new,
improved, RFID passport.)

Ahh, but if you get one of the first passports issued then there are likely to
still be some teething problems present, leading to sporadic failures of the
first batch of RFID devices.  I have a funny feeling that this is going to
happen to my new passport when it arrives.

Peter.

Re: Blood, Bullets, Bombs and Bandwidth

2005-10-31 Thread Justin

On 2005-10-22T01:51:50-0400, R.A. Hettinga wrote:
 --- begin forwarded text
 
  Tyler and Jayme left Iraq in May 2005. The Arbil office failed; there
  wasn't enough business in Kurdistan. They moved to London, where Tyler
  still works for SSI. His time in Iraq has transformed him to the extent
  that, like Ryan, he doesn't think he can ever move back to the USA. His
  years of living hyperintensely, carrying a gun, building an organization
  from scratch in a war zone, have distanced him from his home. His friends
  seem to him to have stagnated. Their concerns seem trivial. And living with
  real, known, tangible danger has bred contempt for what he calls America's
  culture of fear.

Tyler likes the high-speed lifestyle so much that he ditched it and
moved to London?  I doubt he's carrying a gun there.

-- 
The six phases of a project:
I. Enthusiasm. IV. Search for the Guilty.
II. Disillusionment.   V. Punishment of the Innocent.
III. Panic.VI. Praise  Honor for the Nonparticipants.

RE: Return of the death of cypherpunks.

2005-10-31 Thread Tyler Durden



I don't agree.

One thing we do know is that, although Crypto is available and, in special 
contexts, used, it's use in other contexts is almost counterproduct, sending 
up a red flag so that those that Protect Our Freedoms will come sniffing 
around and bring to bear their full arsenal of technologies and, possibly, 
dirty tricks. Merely knowing that you are using stego/crypto in such 
contexts can cause a lot of attention come your way, possibly in actual 
meatspace, which in many cases is almost worse than not using crypto at all


In addition, although strong and unbreakable Crypto exists, one thing a 
stint on Cypherpunks teaches you is that it is only rarely implemented in 
such a way as to actually be unbreakable to a determined attacker, 
particularly if there are not many such cases to examine in such contexts.


The clear moral of this story is that, to increase the odds of truly secure 
communication, etc, Crypto in such contexts must become much more 
ubiquitous, and I still think Cypherpunks has a role to play there and 
indeed has played that role. Such a role is, of course, far more than a mere 
cheerleading role,a fact that merits a continued existence for Cypherpunks 
in some form or another.


-TD






Only when Crypto is used ubiquitousl


From: James A. Donald [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Return of the death of cypherpunks.
Date: Fri, 28 Oct 2005 12:09:36 -0700

--
From:   Eugen Leitl [EMAIL PROTECTED]
 While I don't exactly know why the list died, I
 suspect it was the fact that most list nodes offered a
 feed full of spam, dropped dead quite frequently, and
 also overusing that needs killing thing (okay, it
 was funny for a while).

 The list needs not to stay dead, with some finite
 effort on our part (all of us) we can well resurrect
 it. If there's a real content there's even no need
 from all those forwards, to just fake a heartbeat.

Since cryptography these days is routine and
uncontroversial, there is no longer any strong reason
for the cypherpunks list to continue to exist.

I recently read up on the Kerberos protocol, and
thought, how primitive.  Back in the bad old days, we
did everything wrong, because we did not know any
better.  And of course, https sucks mightily because the
threat model is both inappropriate to the real threats,
and fails to correspond to the users mental model, or to
routine practices on a wide variety of sites, hence
users glibly click through all warning dialogs, most of
which are mere noise anyway.

These problems, however, are no explicitly political,
and tend to be addressed on lists that are not
explicitly political, leaving cypherpunks with little of
substance.

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 AnKV4N6f9DgtOy+KkQ9QsiXcpQm+moX4U09FjLXP
 4zfMeSzzCXNSr737bvqJ6ccbvDSu8fr66LbLEHedb

Re: Return of the death of cypherpunks.

2005-10-31 Thread James A. Donald

--
James A. Donald:
  Since cryptography these days is routine and 
  uncontroversial, there is no longer any strong 
  reason for the cypherpunks list to continue to 
  exist.

John Kelsey
 The ratio of political wanking to technical posts and 
 of talkers to thinkers to coders needs to be right for 
 the list to be interesting.

These days, if one is seriously working on overthrowing 
the state by advancing to crypto anarchy (meaning both 
anarchy that is hidden, in that large scale cooperation 
procedes without the state taxing it, regulating it, 
supervising it, and licensing it, and anarchy that 
relies on cryptography to resist the state) it is not 
necessary or advisable to announce what one is up to.

For example, Kerberos needs to be replaced by a more 
secure protocol.  No need to add And I am concerned 
about this because I am an anarchist  And so one
discusses it on another list.

(Kerberos tickets are small meaningful encrypted packets 
of information, when they should be random numbers. 
Being small, they can be dictionary attacked.) 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 Y068Cy3Zv9GExXRbP24QJP5WmHGLz5VKyqNYFKbx
 45fkOIGeiTkFnaM7p/URjB/kgn+0mcg8fMsMLmDy7

Multiple passports?

2005-10-31 Thread Justin

If I apply for a new one now, and then apply for a another one once the
gov starts RFID-enabling them, will the first one be invalidated?  Or
can I have two passports, the one without RFID to use, and the one with
RFID to play with?

-- 
The six phases of a project:
I. Enthusiasm. IV. Search for the Guilty.
II. Disillusionment.   V. Punishment of the Innocent.
III. Panic.VI. Praise  Honor for the Nonparticipants.

Re: Any comments on BlueGem's LocalSSL?

At 7:51 PM -0400 10/28/05, R.A. Hettinga wrote:
OTOH, if markets overtake the DRM issue,
^ moot, was what I meant to say...

Anyway, you get the idea.

Cheers,
RAH

-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Multiple passports?

2005-10-31 Thread Gregory Hicks

 Date: Sun, 30 Oct 2005 03:05:25 +
 From: Justin [EMAIL PROTECTED]

 If I apply for a new one now, and then apply for a another one once
 the gov starts RFID-enabling them, will the first one be
 invalidated?  Or can I have two passports, the one without RFID to
 use, and the one with RFID to play with?

I am not a State Dept person, but my experiences in this are...

If you get a new one, the old one has to accompany the application and
is invalidated when the new one is issued.  (Invalidated by stamping
the 'data' page with big red block letters INVALID.)  The old, now
invalid is returned with the new one...

The only people that I knew that had two passports were those with an
Official (red) passport or a Diplomatic (black) passport.  If they
wanted to go play tourist, they had to also have a tourist (Blue)
passport.

As for applying for one now, I think the deadline for the non-RFID
passwords is about 3 days away (31 Oct 2005), but I could be wrong.
(In other words, if your application is not in processing by 31 Oct,
then you get the new, improved, RFID passport.)

Regards,
Gregory Hicks

 -- 
 The six phases of a project:
 I. Enthusiasm. IV. Search for the Guilty.
 II. Disillusionment.   V. Punishment of the Innocent.
 III. Panic.VI. Praise  Honor for the Nonparticipants.

-
I am perfectly capable of learning from my mistakes.  I will surely
learn a great deal today.

A democracy is a sheep and two wolves deciding on what to have for
lunch.  Freedom is a well armed sheep contesting the results of the
decision. - Benjamin Franklin

The best we can hope for concerning the people at large is that they
be properly armed. --Alexander Hamilton

Re: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants start

2005-10-31 Thread Bill Stewart


At 01:42 AM 10/30/2005, Roy M. Silvernail wrote:

Tyler Durden wrote:

 One thing to think about with respect to the RFID passports...

 Um, uh...surely once in a while the RFID tag is going to get corrupted
 or something...right? I'd bet it ends up happening all the time. In
 those cases they probably have to fall back upon the traditional
 passport usage and inspection.


They've said they'll fall back on the traditional
If we can't read the passport it's invalid and you'll need to
replace it before we'll let you leave the country technique,
just as they often do with expired passports and sometimes
do with just-about-to-expire passports if you're a
Suspicious-Acting Person like Dave del Torto.


 The only question is, what could (believably) damage the RFID?


If you want to damage the RFID of a passport you're playing with,
microwave ovens should do just fine.
I don't know if Rivest's RFID-blocker chips use the same
frequency or codespace as the passport RFIDs,
but you could also leave one of them in the back of your passport.


Now put that chip-cooker in a trash can right by the main entrance to an
airport and perform some public service.


I'd be surprised if you could put out enough energy to cook
the passport RFIDs of people walking by at normal speed
without also causing lots of other electrical problems.

Re: Multiple passports?

2005-10-31 Thread Jay Goodman Tamboli

On 10/30/05, Gregory Hicks [EMAIL PROTECTED] wrote:
 The only people that I knew that had two passports were those with an
 Official (red) passport or a Diplomatic (black) passport.  If they
 wanted to go play tourist, they had to also have a tourist (Blue)
 passport.

I wasn't able to find a reference to support this on http://state.gov,
but I know it's possible to get two passports if you plan to travel to
both Israel and a country that refuses to admit people with Israeli
stamps in their passports.

/jgt

Re: Multiple passports?

2005-10-31 Thread Bill Stewart


When I saw the title of this thread,
I was assuming it would be about getting Mozambique
or Sealand or other passports of convenience or coolness-factor
like the Old-School Cypherpunks used to do :-)


On 10/30/05, Gregory Hicks [EMAIL PROTECTED] wrote:
 The only people that I knew that had two passports were those with an
 Official (red) passport or a Diplomatic (black) passport.  If they
 wanted to go play tourist, they had to also have a tourist (Blue)
 passport.


A few years ago, before heading on an overseas trip,
I was unable to locate my current passport.
After dealing with a voicemail system adapted from a Kafka novel,
and bringing myself, my previous expired passport and other id,
a couple official-sized photographs and cash through the
secret-handshake elevator into a big waiting room for a long morning,
they made me a new passport.   (If you need to replace a passport
more than a month before your planned travel,
you're supposed to use the regular process at the Post Office
and maybe pay extra for Express Mail if you're impatient.
If you need to replace a passport within 3 days of travel,
they've got expedited processes at major passport offices like San Francisco.
But if you need to replace your passport two weeks before the trip,
there's no way to talk to a human being, just Kafka's voicemailbot,
so you have to wait until 3 days before the trip
to get an appointment for the emergency expedited process
instead of going in when you and they aren't busy :-)

They informed me that the lost passport was now invalid
and I should turn it in if I find it, because if I were to use it
to get back into the country it would be rejected with extreme prejudice,
since its number is now on the lost passports list.
Of course the next day when I was packing,
the passport showed up on the closet floor under the suitcase,
and unlike the previous passport which I took in to replace
when it was about to expire, it doesn't have holes
punched in it and Expired stamped on it.

For domestic air travel since the recent military coup,
I normally bring a passport as ID, since it's a request from the
former United States government asking foreign governments
like the current TSA White People to let me pass,
and I'd rather carry the technically-invalid one with me
instead of the valid one just in case I lose it.
I think I've also used it to travel from the EU back to the US,
but I'd expect that the La Migra thugs will
eventually improve their databases, possibly even before my old one expires,
especially because Homeland Security wants to RFIDize us.

I was considering losing my current passport before the
RFID things get started, but it doesn't look like there's time,
so I've got about 5 years to hope that the Republicans get
thrown out on their asses in the next election and the
Democrats decide that returning to the Constitution will sell better
than continuing the Permanent State of Yellowalertness.
Given the previous Clinton Administration's behavior,
I don't expect the Hillary Clinton Administration to do any better.


At 09:27 PM 10/29/2005, Jay Goodman Tamboli wrote:
I wasn't able to find a reference to support this on http://state.gov,
but I know it's possible to get two passports if you plan to travel to
both Israel and a country that refuses to admit people with Israeli
stamps in their passports.


I don't think the US normally lets you have two passports,
or if they do they almost certainly have the same number.
But at least during the 1980s, Israel would be happy to give you
a separate piece of paper with to carry with your passport that
they'd stamp when you entered and left instead of stamping the
passport itself.  I don't remember if I did that or if I decided
not to worry about it because I'd visited the Arab countries
before going to Israel and didn't expect to get back any time soon.

RE: [EMAIL PROTECTED]: Skype security evaluation]

2005-10-31 Thread Whyte, William

A similar approach enabled Bleichenbacher's SSL attack on 
RSA with PKCS#1 padding. This sounds very dangerous to me.

William 

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of cyphrpunk
 Sent: Friday, October 28, 2005 5:07 AM
 To: [EMAIL PROTECTED]; cryptography@metzdowd.com
 Subject: Re: [EMAIL PROTECTED]: Skype security evaluation]

 Wasn't there a rumor last year that Skype didn't do any encryption
 padding, it just did a straight exponentiation of the plaintext?

 Would that be safe, if as the report suggests, the data being
 encrypted is 128 random bits (and assuming the encryption exponent is
 considerably bigger than 3)? Seems like it's probably OK. A bit risky
 perhaps to ride bareback like that but I don't see anything inherently
 fatal.

 CP

 -
 The Cryptography Mailing List
 Unsubscribe by sending unsubscribe cryptography to 
 [EMAIL PROTECTED]

Re: packet traffic analysis

 I assume that the length is
 explicitly encoded in the legitimate packet.  Then the peer for the
 link ignores everything until the next escape sequence introducing a
 legitimate packet.

I should point out that encrypting PRNG output may be pointless, and
perhaps one optimization is to stop encrypting when switching on the
chaff.  The peer can then encrypt the escape sequence as it would
appear in the encrypted stream, and do a simple string match on that. 
In this manner the peer does not have to do any decryption until the
[encrypted] escape sequence re-appears.  Another benefit of this is to
limit the amount of material encrypted under the key to legitimate
traffic and the escape sequences prefixing them.  Some minor details
involving resynchronizing when the PRNG happens to produce the same
output as the expected encrypted escape sequence is left as an
exercise for the reader.
--
http://www.lightconsulting.com/~travis/  --
We already have enough fast, insecure systems. -- Schneier  Ferguson
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B

AW: [EMAIL PROTECTED]: Skype security evaluation]

2005-10-31 Thread Kuehn, Ulrich

 -Ursprüngliche Nachricht-
 Von: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] Im Auftrag von cyphrpunk
 Gesendet: Freitag, 28. Oktober 2005 06:07
 An: [EMAIL PROTECTED]; cryptography@metzdowd.com
 Betreff: Re: [EMAIL PROTECTED]: Skype security evaluation]
 
 Wasn't there a rumor last year that Skype didn't do any 
 encryption padding, it just did a straight exponentiation of 
 the plaintext?

 Would that be safe, if as the report suggests, the data being 
 encrypted is 128 random bits (and assuming the encryption 
 exponent is considerably bigger than 3)? Seems like it's 
 probably OK. A bit risky perhaps to ride bareback like that 
 but I don't see anything inherently fatal.
 
There are results available on this issue: First, a paper by 
Boneh, Joux, and Nguyen Why Textbook ElGamal and RSA Encryption 
are Insecure, showing that you can essentially half the number 
of bits in the message, i.e. in this case the symmetric key 
transmitted. 

Second, it turns out that the tricky part is the implementation 
of the decryption side, where the straight-forward way -- ignoring 
the padding with 0s They are zeroes, aren't they? -- gives you a 
system that might be attacked in a chosen plaintext scenario very 
efficiently, obtaining the symmetric key. See my paper Side-Channel 
Attacks on Textbook RSA and ElGamal Encryption at PKC2003 for 
details.

Hope this answers your question.

Ulrich

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-31 Thread cyphrpunk

One other point with regard to Daniel Nagy's paper at
http://www.epointsystem.org/~nagydani/ICETE2005.pdf

A good way to organize papers like this is to first present the
desired properties of systems like yours (and optionally show that
other systems fail to meet one or more of these properties); then to
present your system; and finally to go back through and show how your
system meets each of the properties, perhaps better than any others.
This paper is lacking that last step. It would be helpful to see the
epoint system evaluated with regard to each of the listed properties.

In particular I have concerns about the finality and irreversibility
of payments, given that the issuer keeps track of each token as it
progresses through the system. Whenever one token is exchanged for a
new one, the issuer records and publishes the linkage between the new
token and the old one. This public record is what lets people know
that the issuer is not forging tokens at will, but it does let the
issuer, and possibly others, track payments as they flow through the
system. This could be grounds for reversibility in some cases,
although the details depend on how the system is implemented. It would
be good to see a critical analysis of how epoints would maintain
irreversibility, as part of the paper.

CP

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-31 Thread Daniel A. Nagy

On Fri, Oct 28, 2005 at 02:18:43PM -0700, cyphrpunk wrote:

 In particular I have concerns about the finality and irreversibility
 of payments, given that the issuer keeps track of each token as it
 progresses through the system. Whenever one token is exchanged for a
 new one, the issuer records and publishes the linkage between the new
 token and the old one. This public record is what lets people know
 that the issuer is not forging tokens at will, but it does let the
 issuer, and possibly others, track payments as they flow through the
 system. This could be grounds for reversibility in some cases,
 although the details depend on how the system is implemented. It would
 be good to see a critical analysis of how epoints would maintain
 irreversibility, as part of the paper.

I agree, this discussion is missing, indeed. I will definitely include it,
should I write another paper on the subject.

Irreversibility of transactions hinges on two features of the proposed
systetm: the fundamentally irreversible nature of publishing information in
the public records and the fact that in order to invalidate a secret, one
needs to know it; the issuer does not learn the secret at all in some
implementnations and only learns it when it is spent in others.

In both cases, reversal is impossible, albeit for different reasons. Let's
say, Alice made a payment to Bob, and Ivan wishes to reverse it with the
possible cooperation of Alice, but definitely without Bob's help. Alice's
secret is Da, Bob's secret is Db, the corresponding challenges are,
respectively, Ca and Cb, and the S message containing the exchange request
Da-Cb has already been published.

In the first case, when the secret is not revealed, there is simply no way to
express reverslas. There is no S message with suitable semantics semantics,
making it impossible to invalidate Db if Bob refuses to reveal it.

In the second case, Db is revealed when Bob tries to spend it, so Ivan can,
in principle, steal (confiscate) it, instead of processing, but at that
point Da has already been revealed to the public and Alice has no means to
prove that she was in excusive possession of Da before it became public
information.

Now, one can extend the list of possible S messages to allow for reversals
in the first scenario, but even in that case Ivan cannot hide the fact of
reversal from the public after it happened and the fact that he is prepared
to reverse payments even before he actually does so, because the users and
auditors need to know the syntax and the semantics of the additional S
messages in order to be able to use Ivan's services.

-- 
Daniel

Re: On Digital Cash-like Payment Systems

2005-10-31 Thread John Kelsey

From: cyphrpunk [EMAIL PROTECTED]
Sent: Oct 27, 2005 9:15 PM
To: James A. Donald [EMAIL PROTECTED]
Cc: cryptography@metzdowd.com, [EMAIL PROTECTED]
Subject: Re: On Digital Cash-like Payment Systems

On 10/26/05, James A. Donald [EMAIL PROTECTED] wrote:
 How does one inflate a key?

Just make it bigger by adding redundancy and padding, before you
encrypt it and store it on your disk. That way the attacker who wants
to steal your keyring sees a 4 GB encrypted file which actually holds
about a kilobyte of meaningful data. Current trojans can steal files
and log passwords, but they're not smart enough to decrypt and
decompress before uploading. They'll take hours to snatch the keyfile
through the net, and maybe they'll get caught in the act.

Note that there are crypto schemes that use huge keys, and it's
possible to produce simple variants of existing schemes that use
multiple keys.  That would mean that the whole 8GB string was
necessary to do whatever crypto thing you wanted to do.  A simple
example is to redefine CBC-mode encryption as

C[i] = E_K(C[i-1] xor P[i] xor S[C[i-1] mod 2^{29}])

where S is the huge shared string, and we're using AES.  Without
access to the shared string, you could neither encrypt nor decrypt.

CP

--John

Re: packet traffic analysis

2005-10-31 Thread John Denker


In the context of:

If your plaintext consists primarily of small packets, you should set the MTU
of the transporter to be small.   This will cause fragmentation of the
large packets, which is the price you have to pay.  Conversely, if your
plaintext consists primarily of large packets, you should make the MTU large.
This means that a lot of bandwidth will be wasted on padding if/when there
are small packets (e.g. keystrokes, TCP acks, and voice cells) but that's
the price you have to pay to thwart traffic analysis.

Travis H. wrote:


I'm not so sure.  If we're talking about thwarting traffic on the link
level (real circuit) or on the virtual-circuit level, then you're
adding, on average, a half-packet latency whenever you want to send a
real packet. 


I very much doubt it.  Where did that factor of half come frome.


I don't see any reason why it's necessary to pay these costs if you
abandon the idea of generating only equal-length packets 


Ah, but if you generate unequal-length packets then they are
vulnerable to length-analysis, which is a form of traffic analysis.
I've seen analysis systems that do exactly this.  So the question is,
are you trying to thwart traffic analysis, or not?

I should point out that encrypting PRNG output may be pointless, 


*is* pointless, as previously discussed.


and
perhaps one optimization is to stop encrypting when switching on the
chaff. 


A better solution would be to leave the encryption on and use constants
(not PRNG output) for the chaff, as previously discussed.


Some minor details
involving resynchronizing when the PRNG happens to


The notion of synchronized PRNGs is IMHO crazy -- complicated as well as
utterly unnecessary.

Re: On the orthogonality of anonymity to current market demand

2005-10-31 Thread johns

hi

( 05.10.26 09:17 -0700 ) James A. Donald:
 While many people are rightly concerned that DRM will
 ultimately mean that the big corporation, and thus the
 state, has root access to their computers and the owner
 does not, it also means that trojans, viruses, and
 malware does not.

do you really think this is true?

doesn't microsoft windows prove that remote control of computers only
leads to compromise? [especially in our heavily networked world]

and doesn't history show that big corporations are only interested in
revenue- so that if they get revenue by forcing you to pay them fees for
'upkeep' of your digital credentials to keep your computer working they
are going to do that.

the problems 'solved' by DRM can also be solved by moving to an
operating system where you have control of it, instead of an operating
system filled with hooks so other people can control your computer.

and that operating system is freely available ...

-- 
\js oblique strategy: don't be frightened of cliches

Re: packet traffic analysis

Good catch on the encryption.  I feel silly for not thinking of it.

 If your plaintext consists primarily of small packets, you should set the MTU
 of the transporter to be small.   This will cause fragmentation of the
 large packets, which is the price you have to pay.  Conversely, if your
 plaintext consists primarily of large packets, you should make the MTU large.
 This means that a lot of bandwidth will be wasted on padding if/when there
 are small packets (e.g. keystrokes, TCP acks, and voice cells) but that's
 the price you have to pay to thwart traffic analysis.

I'm not so sure.  If we're talking about thwarting traffic on the link
level (real circuit) or on the virtual-circuit level, then you're
adding, on average, a half-packet latency whenever you want to send a
real packet.  And then there's the bandwidth tradeoff you mention,
which is probably of a larger concern (although bandwidth will
increase over time, whereas the speed of light will not).

I don't see any reason why it's necessary to pay these costs if you
abandon the idea of generating only equal-length packets and creating
all your chaff as packets.  Let's assume the link is encrypted as
before.  Then you merely introduce your legitimate packets with a
certain escape sequence, and pad between these packets with either
zeroes, or if you're more paranoid, some kind of PRNG.  In this way,
if the link is idle, you can stop generating chaff and start
generating packets at any time.  I assume that the length is
explicitly encoded in the legitimate packet.  Then the peer for the
link ignores everything until the next escape sequence introducing a
legitimate packet.

This is not a tiny hack, but avoids much of the overhead in your
technique.  It could easily be applied to something like openvpn,
which can operate over a TCP virtual circuit, or ppp.  It'd be a nice
optimization if you could avoid retransmits of segments that contained
only chaff, but that may or may not be possible to do without giving
up some TA resistance (esp. in the presence of an attacker who may
prevent transmission of segments).
--
http://www.lightconsulting.com/~travis/  --
We already have enough fast, insecure systems. -- Schneier  Ferguson
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B

Re: On the orthogonality of anonymity to current market demand

2005-10-29 Thread Life Ext-ensions Institute [Cypherpunks]

At 10:22 AM -0500 10/31/05, [EMAIL PROTECTED] wrote:
and doesn't history show that big corporations are only interested in
revenue

One should hope so.

;-)

Cheers,
RAH

-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants start

2005-10-30 Thread Roy M. Silvernail

Tyler Durden wrote:

 One thing to think about with respect to the RFID passports...

 Um, uh...surely once in a while the RFID tag is going to get corrupted
 or something...right? I'd bet it ends up happening all the time. In
 those cases they probably have to fall back upon the traditional
 passport usage and inspection.

 The only question is, what could (believably) damage the RFID?

EMP?  Could be tuned, even, since the RFID is resonant at a known
frequency.  There's a standard for excitation field strength, so all one
should need to do would be hit the chip with 50-100x the expected
input.  Unless the system is shunted with a zener or some such, you
should be able to fry it pretty easily.

Now put that chip-cooker in a trash can right by the main entrance to an
airport and perform some public service.

-- 
Roy M. Silvernail is [EMAIL PROTECTED], and you're not
It's just this little chromium switch, here. - TFT
Dspam-pprocmail-/dev/null-bliss
http://www.rant-central.com

USTHS Alumni Assn of America

2005-10-30 Thread usthsamerica

Someone from the Alumni Association will get in touch with you shortly.



Sincerely,



USTHS Alumni of America

E-mail: [EMAIL PROTECTED]

Re: Multiple passports?

2005-10-30 Thread Bill Stewart


When I saw the title of this thread,
I was assuming it would be about getting Mozambique
or Sealand or other passports of convenience or coolness-factor
like the Old-School Cypherpunks used to do :-)


On 10/30/05, Gregory Hicks [EMAIL PROTECTED] wrote:
 The only people that I knew that had two passports were those with an
 Official (red) passport or a Diplomatic (black) passport.  If they
 wanted to go play tourist, they had to also have a tourist (Blue)
 passport.


A few years ago, before heading on an overseas trip,
I was unable to locate my current passport.
After dealing with a voicemail system adapted from a Kafka novel,
and bringing myself, my previous expired passport and other id,
a couple official-sized photographs and cash through the
secret-handshake elevator into a big waiting room for a long morning,
they made me a new passport.   (If you need to replace a passport
more than a month before your planned travel,
you're supposed to use the regular process at the Post Office
and maybe pay extra for Express Mail if you're impatient.
If you need to replace a passport within 3 days of travel,
they've got expedited processes at major passport offices like San Francisco.
But if you need to replace your passport two weeks before the trip,
there's no way to talk to a human being, just Kafka's voicemailbot,
so you have to wait until 3 days before the trip
to get an appointment for the emergency expedited process
instead of going in when you and they aren't busy :-)

They informed me that the lost passport was now invalid
and I should turn it in if I find it, because if I were to use it
to get back into the country it would be rejected with extreme prejudice,
since its number is now on the lost passports list.
Of course the next day when I was packing,
the passport showed up on the closet floor under the suitcase,
and unlike the previous passport which I took in to replace
when it was about to expire, it doesn't have holes
punched in it and Expired stamped on it.

For domestic air travel since the recent military coup,
I normally bring a passport as ID, since it's a request from the
former United States government asking foreign governments
like the current TSA White People to let me pass,
and I'd rather carry the technically-invalid one with me
instead of the valid one just in case I lose it.
I think I've also used it to travel from the EU back to the US,
but I'd expect that the La Migra thugs will
eventually improve their databases, possibly even before my old one expires,
especially because Homeland Security wants to RFIDize us.

I was considering losing my current passport before the
RFID things get started, but it doesn't look like there's time,
so I've got about 5 years to hope that the Republicans get
thrown out on their asses in the next election and the
Democrats decide that returning to the Constitution will sell better
than continuing the Permanent State of Yellowalertness.
Given the previous Clinton Administration's behavior,
I don't expect the Hillary Clinton Administration to do any better.


At 09:27 PM 10/29/2005, Jay Goodman Tamboli wrote:
I wasn't able to find a reference to support this on http://state.gov,
but I know it's possible to get two passports if you plan to travel to
both Israel and a country that refuses to admit people with Israeli
stamps in their passports.


I don't think the US normally lets you have two passports,
or if they do they almost certainly have the same number.
But at least during the 1980s, Israel would be happy to give you
a separate piece of paper with to carry with your passport that
they'd stamp when you entered and left instead of stamping the
passport itself.  I don't remember if I did that or if I decided
not to worry about it because I'd visited the Arab countries
before going to Israel and didn't expect to get back any time soon.

Re: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants start

2005-10-30 Thread Bill Stewart


At 01:42 AM 10/30/2005, Roy M. Silvernail wrote:

Tyler Durden wrote:

 One thing to think about with respect to the RFID passports...

 Um, uh...surely once in a while the RFID tag is going to get corrupted
 or something...right? I'd bet it ends up happening all the time. In
 those cases they probably have to fall back upon the traditional
 passport usage and inspection.


They've said they'll fall back on the traditional
If we can't read the passport it's invalid and you'll need to
replace it before we'll let you leave the country technique,
just as they often do with expired passports and sometimes
do with just-about-to-expire passports if you're a
Suspicious-Acting Person like Dave del Torto.


 The only question is, what could (believably) damage the RFID?


If you want to damage the RFID of a passport you're playing with,
microwave ovens should do just fine.
I don't know if Rivest's RFID-blocker chips use the same
frequency or codespace as the passport RFIDs,
but you could also leave one of them in the back of your passport.


Now put that chip-cooker in a trash can right by the main entrance to an
airport and perform some public service.


I'd be surprised if you could put out enough energy to cook
the passport RFIDs of people walking by at normal speed
without also causing lots of other electrical problems.

Re: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants start

2005-10-30 Thread Eugen Leitl

On Sat, Oct 29, 2005 at 08:42:35PM -0400, Tyler Durden wrote:
 One thing to think about with respect to the RFID passports...
 
 Um, uh...surely once in a while the RFID tag is going to get corrupted or 
 something...right? I'd bet it ends up happening all the time. In those 
 cases they probably have to fall back upon the traditional passport usage 
 and inspection.

Actually, an RFID can be ridiculously reliable. It will also
depend on how much harassment a traveler will be exposed to, 
when travelling. Being barred from entry will definitely prove
sufficient deterrment.
 
 The only question is, what could (believably) damage the RFID?

Microwaving it will blow up the chip, and cause a scorched spot.
Severing the antenna would be enough for the chip to become mute.
Violetwanding or treating with a Tesla generator should destroy
all electronics quite reliably -- you always have to check, of
course.

Also, the ID is quite expensive, and a frequent traveller
will wind up with a considerable expense, and hassle.

-- 
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE


signature.asc
Description: Digital signature

Re: Multiple passports?

2005-10-30 Thread Eugen Leitl

On Sun, Oct 30, 2005 at 03:05:25AM +, Justin wrote:
 If I apply for a new one now, and then apply for a another one once the
 gov starts RFID-enabling them, will the first one be invalidated?  Or
 can I have two passports, the one without RFID to use, and the one with
 RFID to play with?

Here in Germany the current ID (sans smartcard/rfid/biometics) will
be valid until expiry date.

-- 
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE


signature.asc
Description: Digital signature

eBay Message ID 79673 - eBay Security Service Notification (IMPORTANT)

2005-10-30 Thread aw-confirm

eBay sent this message to member of ebay

Ebay Security -- Security Service Notification

eBay sent this message on behalf of an eBay member via My Messages. Responses sent using email will go to the eBay member directly and will include your email address. Click the Respond Now button below to send your response via My Messages (your email address will not be included).

Security Service Notification

Dear member of eBay,
For the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us.
We regret to inform you that your eBay account could be suspended if you don't re-update your account information. To resolve this problems please use the link below and re-enter your account information. If your problems could not be resolved your account will be suspended for a period of 24 hours, after this period your account will be terminated.
Due to the suspension of this account, please be advised you are prohibited from using eBay in any way. This includes the registering of a new account. Please note that this suspension does not relieve you of your agreed-upon obligation to pay any fees you may owe to eBay.
To update your record please click here:

Attention Details

Attention name:
Unauthorized Account Access

Attention number:
7967365480

End date:
05-Nov-05 19:32:34 EST

Thank you for using eBay!

http://www.ebay.com

Marketplace Safety Tip

It is unsafe and against eBay rules to offer to buy or sell directly using the My Messages forwarding system without winning the item on the eBay Web site. Participants in these 'outside of eBay' transactions lose their ability to use eBay purchase protection programs and feedback. We strongly advise recipients of these email offers to report them to eBay. Learn more about trading with confidence.

Is this email inappropriate? Does it violate eBay policy? Help protect the community by reporting it.

This email appears in the language of the eBay site where you are registered.

Learn how you can protect yourself from spoof (fake) emails at:http://pages.ebay.com/education/spooftutorial

This eBay notice was sent to United States on behalf of another eBay member through the eBay platform and in accordance with our Privacy Policy. If you would like to receive this email in text format, change your notification preferences.

See our Privacy Policy and User Agreement if you have questions about eBay's communication policies.Privacy Policy: http://pages.ebay.com/help/policies/privacy-policy.htmlUser Agreement: http://pages.ebay.com/help/policies/user-agreement.html

Copyright © 2005 eBay, Inc. All Rights Reserved.Designated trademarks and brands are the property of their respective owners.eBay and the eBay logo are registered trademarks or trademarks of eBay, Inc.

Re: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants start

2005-10-30 Thread Major Variola (ret)

At 01:31 AM 10/30/05 -0700, Bill Stewart wrote:
They've said they'll fall back on the traditional
If we can't read the passport it's invalid and you'll need to
replace it before we'll let you leave the country technique,
just as they often do with expired passports and sometimes

What is the procedure (or are they secret :-) for passports which
become damaged whilst travelling out of country?

With a drivers license, if the magstrip doesn't work, they type
in the numbers.  But the biometrics are not encoded, its just
a convenience.  With a passport, they're relying on the
chip or no?

(Mechanical damage to the chip should work as well as
RF or antenna damage.  You will have to find the chip
and crack it, mere flexing of the paper carrier doesn't work
by design.)

[no subject]

2005-10-30 Thread John Young

who cypherpunks

Report Your Employees, Free, Now. visit www.hiredfired.com

2005-10-30 Thread www.hiredfired.com

Employment Reporting Bureau is Free  New. www.hiredfired.com. Employers  
Employees can Report eachother. Report, everything,  harassment, 
discrimination, abuse, tardiness, no shows, drugs, theft. etc.


www_hiredfired_com-.htm
Description: Binary data

Re: Multiple passports?

2005-10-30 Thread Justin

On 2005-10-29T21:17:25-0700, Gregory Hicks wrote:
  Date: Sun, 30 Oct 2005 03:05:25 +
  From: Justin [EMAIL PROTECTED]

  If I apply for a new one now, and then apply for a another one once
  the gov starts RFID-enabling them, will the first one be
  invalidated?  Or can I have two passports, the one without RFID to
  use, and the one with RFID to play with?

 I am not a State Dept person, but my experiences in this are...

 As for applying for one now, I think the deadline for the non-RFID
 passwords is about 3 days away (31 Oct 2005), but I could be wrong.
 (In other words, if your application is not in processing by 31 Oct,
 then you get the new, improved, RFID passport.)

The Department intends to begin the electronic passport program in 
December 2005. The first stage will be a pilot program in which the 
electronic passports will be issued to U.S. Government employees who 
use Official or Diplomatic passports for government travel. This pilot 
program will permit a limited number of passports to be issued and 
field tested prior to the first issuance to the American traveling 
public, slated for early 2006. By October 2006, all U.S. passports, 
with the exception of a small number of emergency passports issued by 
U.S. embassies or consulates, will be electronic passports.

http://edocket.access.gpo.gov/2005/05-21284.htm (2005-10-25 Fed. Reg.)

It sounds like it's fairly safe to get a new passport after Halloween...
at least until January.

-- 
The six phases of a project:
I. Enthusiasm. IV. Search for the Guilty.
II. Disillusionment.   V. Punishment of the Innocent.
III. Panic.VI. Praise  Honor for the Nonparticipants.

Re: Blood, Bullets, Bombs and Bandwidth

2005-10-30 Thread Justin

On 2005-10-22T01:51:50-0400, R.A. Hettinga wrote:
 --- begin forwarded text
 
  Tyler and Jayme left Iraq in May 2005. The Arbil office failed; there
  wasn't enough business in Kurdistan. They moved to London, where Tyler
  still works for SSI. His time in Iraq has transformed him to the extent
  that, like Ryan, he doesn't think he can ever move back to the USA. His
  years of living hyperintensely, carrying a gun, building an organization
  from scratch in a war zone, have distanced him from his home. His friends
  seem to him to have stagnated. Their concerns seem trivial. And living with
  real, known, tangible danger has bred contempt for what he calls America's
  culture of fear.

Tyler likes the high-speed lifestyle so much that he ditched it and
moved to London?  I doubt he's carrying a gun there.

-- 
The six phases of a project:
I. Enthusiasm. IV. Search for the Guilty.
II. Disillusionment.   V. Punishment of the Innocent.
III. Panic.VI. Praise  Honor for the Nonparticipants.

Re: Blood, Bullets, Bombs and Bandwidth

2005-10-30 Thread R.A. Hettinga

At 11:59 PM + 10/30/05, Justin wrote:
Tyler likes the high-speed lifestyle so much that he ditched it and
moved to London?

He and Jayme are back in Kurdistan, now. Don't know for how long, though.
He's teaching a new class of engineers, including crypto and security
stuff. Watched their jaws drop when he 'em how to break WEP, that kind of
thing.

They handed him his Browning at the airfield when he landed. :-)

Of course, they're touchy-feely liberals through-and-through, but here's
hoping they've learned a little about anarchocapitalism having watched it
firsthand, albeit temporarily.

Cheers,
RAH

-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Multiple passports?

2005-10-30 Thread Peter Gutmann

Gregory Hicks [EMAIL PROTECTED] writes:

As for applying for one now, I think the deadline for the non-RFID passwords
is about 3 days away (31 Oct 2005), but I could be wrong. (In other words, if
your application is not in processing by 31 Oct, then you get the new,
improved, RFID passport.)

Ahh, but if you get one of the first passports issued then there are likely to
still be some teething problems present, leading to sporadic failures of the
first batch of RFID devices.  I have a funny feeling that this is going to
happen to my new passport when it arrives.

Peter.

Re: On Digital Cash-like Payment Systems

2005-10-29 Thread John Kelsey

From: cyphrpunk [EMAIL PROTECTED]
Sent: Oct 27, 2005 9:15 PM
To: James A. Donald [EMAIL PROTECTED]
Cc: cryptography@metzdowd.com, [EMAIL PROTECTED]
Subject: Re: On Digital Cash-like Payment Systems

On 10/26/05, James A. Donald [EMAIL PROTECTED] wrote:
 How does one inflate a key?

Just make it bigger by adding redundancy and padding, before you
encrypt it and store it on your disk. That way the attacker who wants
to steal your keyring sees a 4 GB encrypted file which actually holds
about a kilobyte of meaningful data. Current trojans can steal files
and log passwords, but they're not smart enough to decrypt and
decompress before uploading. They'll take hours to snatch the keyfile
through the net, and maybe they'll get caught in the act.

Note that there are crypto schemes that use huge keys, and it's
possible to produce simple variants of existing schemes that use
multiple keys.  That would mean that the whole 8GB string was
necessary to do whatever crypto thing you wanted to do.  A simple
example is to redefine CBC-mode encryption as

C[i] = E_K(C[i-1] xor P[i] xor S[C[i-1] mod 2^{29}])

where S is the huge shared string, and we're using AES.  Without
access to the shared string, you could neither encrypt nor decrypt.

CP

--John

Re: Return of the death of cypherpunks.

2005-10-29 Thread John Kelsey

From: James A. Donald [EMAIL PROTECTED]
Sent: Oct 28, 2005 12:09 PM
To: [EMAIL PROTECTED]
Subject: Return of the death of cypherpunks.

From: Eugen Leitl [EMAIL PROTECTED]
...
 The list needs not to stay dead, with some finite 
 effort on our part (all of us) we can well resurrect 
 it. If there's a real content there's even no need 
 from all those forwards, to just fake a heartbeat.

Since cryptography these days is routine and uncontroversial, there
is no longer any strong reason for the cypherpunks list to continue
to exist.

Well, political controversy seems like the least interesting thing
about the list--to the extent we're all babbling about who needs
killing and who's not a sufficiently pure
libertarian/anarchocapitalist and which companies are selling out to
the Man, the list is nothing special.  The cool thing is the
understanding of crypto and computer security techology as applied to
these concerns that are political.  And the coolest thing is getting
smart people who do real crypto/security work, and write working code,
to solve problems.  The ratio of political wanking to technical posts
and of talkers to thinkers to coders needs to be right for the list to
be interesting.  

...
--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 AnKV4N6f9DgtOy+KkQ9QsiXcpQm+moX4U09FjLXP
 4zfMeSzzCXNSr737bvqJ6ccbvDSu8fr66LbLEHedb

--John Kelsey

Fw:(H.)-(G.)-(H.) Info

Thanks for Enquiring about our recent (H.)uman-(G.)rowth-(H.)ormone Study.

Dr. Green and Hormone Specialist Kimberly Scott have finally
completed their 2 year study on the (H.)-(G.)-(H.) product at the Life 
Tran-sitions Institution.

These are summary results (20 male, 20 female patients) 

%IMPROVEMENT:


Frequency of Nighttime Urination...57%
Hot Flashes58%
Menstrual Cycle Regulation.59%
Memory.84%
Energy Level...84%
Skin  Hair Care Texture...71%
Wrinkle Disappearance..61%
New (H.)air38%
Body (F.)-at Loss..72%
Muscle Strength ...88%
Muscle Size ...81%
Healing of Other Injuries .61%
Resistance to Common Illness ..73%


To learn more about this product:
http://demandhgh.com



If you no longer want to receive information from our staff 
then visit http://demandhgh.com

Re: Return of the death of cypherpunks.

2005-10-29 Thread James A. Donald

--
James A. Donald:
  Since cryptography these days is routine and 
  uncontroversial, there is no longer any strong 
  reason for the cypherpunks list to continue to 
  exist.

John Kelsey
 The ratio of political wanking to technical posts and 
 of talkers to thinkers to coders needs to be right for 
 the list to be interesting.

These days, if one is seriously working on overthrowing 
the state by advancing to crypto anarchy (meaning both 
anarchy that is hidden, in that large scale cooperation 
procedes without the state taxing it, regulating it, 
supervising it, and licensing it, and anarchy that 
relies on cryptography to resist the state) it is not 
necessary or advisable to announce what one is up to.

For example, Kerberos needs to be replaced by a more 
secure protocol.  No need to add And I am concerned 
about this because I am an anarchist  And so one
discusses it on another list.

(Kerberos tickets are small meaningful encrypted packets 
of information, when they should be random numbers. 
Being small, they can be dictionary attacked.) 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 Y068Cy3Zv9GExXRbP24QJP5WmHGLz5VKyqNYFKbx
 45fkOIGeiTkFnaM7p/URjB/kgn+0mcg8fMsMLmDy7

[EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants starting in October 2006 [priv]]

2005-10-29 Thread Eugen Leitl

- Forwarded message from David Farber [EMAIL PROTECTED] -

From: David Farber [EMAIL PROTECTED]
Date: Fri, 28 Oct 2005 17:49:06 -0400
To: Ip Ip ip@v2.listbox.com
Subject: [IP] more on U.S. passports to receive RFID implants starting in 
October 2006 [priv]
X-Mailer: Apple Mail (2.734)
Reply-To: [EMAIL PROTECTED]

Begin forwarded message:

From: Edward Hasbrouck [EMAIL PROTECTED]
Date: October 28, 2005 11:07:28 AM EDT
To: [EMAIL PROTECTED]
Subject: Re: [IP] more on U.S. passports to receive RFID implants  
starting in October 2006 [priv]

From: Lin, Herb [EMAIL PROTECTED]

*Front* cover?  Does that mean that if I hold the passport the wrong
way, the skimmer will have a free ride?

FWIW:

(1) The sample RFID passports that Frank Moss passed around at CFP,  
which
looked like http://travel.state.gov/passport/eppt/eppt_2501.html, had
the RFID chip (which was barely detectable by feel) in the *back* cover.
The visible data page was/is, as with current passports, in the *front*
cover.  This is not compliant with the ICAO specifications, which
recommend having the chip in the same page as the visible data, to  
make it
more difficult to separate them.  I can only guess that it was hard to
laminate the visible data without damaging the chip, if it was in the  
same
page.  But it's interesting in light of the importance supposedly being
placed on compliance with ICAO standards.

(2) Moss had 2 sample RFID passports, 1 with and 1 without the  
shielding.
He cliamed it was a layer in the entire outer cover (front and back),  
but
it wasn't detectable by feel.

I have more threat scenarios for the latest flavor of RFID passport at:

http://hasbrouck.org/blog/archives/000869.html

Edward Hasbrouck
[EMAIL PROTECTED]
http://hasbrouck.org
+1-415-824-0214

-
You are subscribed as [EMAIL PROTECTED]
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

- End forwarded message -
-- 
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

signature.asc
Description: Digital signature

RE: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants start

2005-10-29 Thread Tyler Durden


One thing to think about with respect to the RFID passports...

Um, uh...surely once in a while the RFID tag is going to get corrupted or 
something...right? I'd bet it ends up happening all the time. In those cases 
they probably have to fall back upon the traditional passport usage and 
inspection.


The only question is, what could (believably) damage the RFID?

-TD


From: Eugen Leitl [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID  
implants starting in October 2006 [priv]]

Date: Sat, 29 Oct 2005 20:54:13 +0200

- Forwarded message from David Farber [EMAIL PROTECTED] -

From: David Farber [EMAIL PROTECTED]
Date: Fri, 28 Oct 2005 17:49:06 -0400
To: Ip Ip ip@v2.listbox.com
Subject: [IP] more on U.S. passports to receive RFID implants starting in
October 2006 [priv]
X-Mailer: Apple Mail (2.734)
Reply-To: [EMAIL PROTECTED]



Begin forwarded message:

From: Edward Hasbrouck [EMAIL PROTECTED]
Date: October 28, 2005 11:07:28 AM EDT
To: [EMAIL PROTECTED]
Subject: Re: [IP] more on U.S. passports to receive RFID implants
starting in October 2006 [priv]


From: Lin, Herb [EMAIL PROTECTED]

*Front* cover?  Does that mean that if I hold the passport the wrong
way, the skimmer will have a free ride?


FWIW:

(1) The sample RFID passports that Frank Moss passed around at CFP,
which
looked like http://travel.state.gov/passport/eppt/eppt_2501.html, had
the RFID chip (which was barely detectable by feel) in the *back* cover.
The visible data page was/is, as with current passports, in the *front*
cover.  This is not compliant with the ICAO specifications, which
recommend having the chip in the same page as the visible data, to
make it
more difficult to separate them.  I can only guess that it was hard to
laminate the visible data without damaging the chip, if it was in the
same
page.  But it's interesting in light of the importance supposedly being
placed on compliance with ICAO standards.

(2) Moss had 2 sample RFID passports, 1 with and 1 without the
shielding.
He cliamed it was a layer in the entire outer cover (front and back),
but
it wasn't detectable by feel.

I have more threat scenarios for the latest flavor of RFID passport at:

http://hasbrouck.org/blog/archives/000869.html



Edward Hasbrouck
[EMAIL PROTECTED]
http://hasbrouck.org
+1-415-824-0214




-
You are subscribed as [EMAIL PROTECTED]
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

- End forwarded message -
--
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which 
had a name of signature.asc]

Multiple passports?

2005-10-29 Thread Justin

If I apply for a new one now, and then apply for a another one once the
gov starts RFID-enabling them, will the first one be invalidated?  Or
can I have two passports, the one without RFID to use, and the one with
RFID to play with?

-- 
The six phases of a project:
I. Enthusiasm. IV. Search for the Guilty.
II. Disillusionment.   V. Punishment of the Innocent.
III. Panic.VI. Praise  Honor for the Nonparticipants.

Re: Multiple passports?

2005-10-29 Thread Gregory Hicks

 Date: Sun, 30 Oct 2005 03:05:25 +
 From: Justin [EMAIL PROTECTED]

 If I apply for a new one now, and then apply for a another one once
 the gov starts RFID-enabling them, will the first one be
 invalidated?  Or can I have two passports, the one without RFID to
 use, and the one with RFID to play with?

I am not a State Dept person, but my experiences in this are...

If you get a new one, the old one has to accompany the application and
is invalidated when the new one is issued.  (Invalidated by stamping
the 'data' page with big red block letters INVALID.)  The old, now
invalid is returned with the new one...

The only people that I knew that had two passports were those with an
Official (red) passport or a Diplomatic (black) passport.  If they
wanted to go play tourist, they had to also have a tourist (Blue)
passport.

As for applying for one now, I think the deadline for the non-RFID
passwords is about 3 days away (31 Oct 2005), but I could be wrong.
(In other words, if your application is not in processing by 31 Oct,
then you get the new, improved, RFID passport.)

Regards,
Gregory Hicks

 -- 
 The six phases of a project:
 I. Enthusiasm. IV. Search for the Guilty.
 II. Disillusionment.   V. Punishment of the Innocent.
 III. Panic.VI. Praise  Honor for the Nonparticipants.

-
I am perfectly capable of learning from my mistakes.  I will surely
learn a great deal today.

A democracy is a sheep and two wolves deciding on what to have for
lunch.  Freedom is a well armed sheep contesting the results of the
decision. - Benjamin Franklin

The best we can hope for concerning the people at large is that they
be properly armed. --Alexander Hamilton

Re: Multiple passports?

2005-10-29 Thread Jay Goodman Tamboli

On 10/30/05, Gregory Hicks [EMAIL PROTECTED] wrote:
 The only people that I knew that had two passports were those with an
 Official (red) passport or a Diplomatic (black) passport.  If they
 wanted to go play tourist, they had to also have a tourist (Blue)
 passport.

I wasn't able to find a reference to support this on http://state.gov,
but I know it's possible to get two passports if you plan to travel to
both Israel and a country that refuses to admit people with Israeli
stamps in their passports.

/jgt

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-29 Thread cyphrpunk

On 10/28/05, Daniel A. Nagy [EMAIL PROTECTED] wrote:
 Irreversibility of transactions hinges on two features of the proposed
 systetm: the fundamentally irreversible nature of publishing information in
 the public records and the fact that in order to invalidate a secret, one
 needs to know it; the issuer does not learn the secret at all in some
 implementnations and only learns it when it is spent in others.

 In both cases, reversal is impossible, albeit for different reasons. Let's
 say, Alice made a payment to Bob, and Ivan wishes to reverse it with the
 possible cooperation of Alice, but definitely without Bob's help. Alice's
 secret is Da, Bob's secret is Db, the corresponding challenges are,
 respectively, Ca and Cb, and the S message containing the exchange request
 Da-Cb has already been published.

 In the first case, when the secret is not revealed, there is simply no way to
 express reverslas. There is no S message with suitable semantics semantics,
 making it impossible to invalidate Db if Bob refuses to reveal it.

The issuer can still invalidate it even though you have not explicitly
defined such an operation. If Alice paid Bob and then convinces the
issuer that Bob cheated her, the issuer could refuse to honor the Db
deposit or exchange operation. From the recipient's perspective, his
cash is at risk at least until he has spent it or exchanged it out of
the system.

The fact that you don't have an issuer invalidates cash operation in
your system doesn't mean it couldn't happen. Alice could get a court
order forcing the issuer to do this. The point is that reversal is
technically possible, and you can't define it away just by saying that
the issuer won't do that. If the issuer has the power to reverse
transactions, the system does not have full ireversibility, even
though the issuer hopes never to exercise his power.


 In the second case, Db is revealed when Bob tries to spend it, so Ivan can,
 in principle, steal (confiscate) it, instead of processing, but at that
 point Da has already been revealed to the public and Alice has no means to
 prove that she was in excusive possession of Da before it became public
 information.

That is an interesting possibility, but I can think of a way around
it. Alice could embed a secret within her secret. She could base part
of her secret on a hash of an even-more-secret value which she would
not reveal when spending/exchanging. Then if it came to where she had
to prove that she was the proper beneficiary of a reversed
transaction, she could reveal the inner secret to justify her claim.


 Now, one can extend the list of possible S messages to allow for reversals
 in the first scenario, but even in that case Ivan cannot hide the fact of
 reversal from the public after it happened and the fact that he is prepared
 to reverse payments even before he actually does so, because the users and
 auditors need to know the syntax and the semantics of the additional S
 messages in order to be able to use Ivan's services.

That's true, the public visibility of the system makes secret
reversals impossible. That's very good - one of the problems with
e-gold was that it was never clear when they were reversing and
freezing accounts. Visibility is a great feature. But it doesn't keep
reversals from happening, and it still leaves doubt about how final
transactions will be in this system.

CP

Any comments on BlueGem's LocalSSL?

2005-10-28 Thread Peter Gutmann

http://www.bluegemsecurity.com/ claims that they can encrypt data from the
keyboard to the web browser, bypassing trojans and sniffers, however the web
pages are completely lacking in any detail on what they're actually doing.
From reports published by West Coast Labs, it's a purely software-only
solution that consists of some sort of (Win9x/Win2K/XP only) low-level
keyboard driver interface that bypasses the standard Windows user-level
interface and sends keystrokes directly to the application, in the same way
that a number of OTFE packages directly access the keyboard driver to try and
evade sniffers.

The West Coast Labs tests report that they successfully evade all known
sniffers, which doesn't actually mean much since all it proves is that
LocalSSL is sufficiently 0-day that none of the sniffers target it yet.  The
use of SSL to get the keystrokes from the driver to the target app seems
somewhat silly, if sniffers don't know about LocalSSL then there's no need to
encrypt the data, and once they do know about it then the encryption won't
help, they'll just dive in before the encryption happens.

Anyone else have any additional information/comments about this?

Peter.

Re: Any comments on BlueGem's LocalSSL?

At 9:11 PM +1300 10/28/05, Peter Gutmann wrote:
The West Coast Labs tests report that they successfully evade all known
sniffers, which doesn't actually mean much since all it proves is that
LocalSSL is sufficiently 0-day that none of the sniffers target it yet.  The
use of SSL to get the keystrokes from the driver to the target app seems
somewhat silly, if sniffers don't know about LocalSSL then there's no need to
encrypt the data, and once they do know about it then the encryption won't
help, they'll just dive in before the encryption happens.

Absent any real data, crypto-dogma :-) says that you need
hardware-encryption, physical sources of randomness, and all sorts of other
stuff to really solve this problem.

On the other hand, such hardware solutions usually come hand-in-hand with
the whole hierarchical is-a-person PKI book-entry-to-the-display
I-gotcher-digital-rights-right-here-buddy mess, ala Palladium, etc.

Like SSL, then -- and barring the usual genius out there who flips the
whole tortoise over to kill it, which is what you're really asking here --
this thing might work good enough to keep Microsoft/Verisign/et al. in
business a few more years.

To the rubes and newbs, it's like Microsoft adopting TLS, or Intel doing
their current crypto/DRM stuff, which, given the amount iPod/iTunes writes
to their bottom line now, is apparently why Apple really switched from PPC
to Intel now instead of later. You know they're going to do evil, but at
least the *other* malware goes away.

So, sure. SSL to the keys. That way Lotus *still* won't run, and business
gets  done in Redmond a little while longer.

Cheers,
RAH
Somewhere, Dr. Franklin is laughing, of course...
-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: [EMAIL PROTECTED]: Re: [p2p-hackers] P2P Authentication]

At 9:27 PM -0700 10/27/05, cyphrpunk wrote:
Every key has passed
through dozens of hands before you get to see it. What are the odds
that nobody's fucked with it in all that time? You're going to put
that thing in your mouth? I don't think so.

So, as Carl Ellison says, get it from the source. Self-signing is fine, in
that case. Certificates, CRLs, etc., become more and more meaningless as
the network becomes more geodesic.

Using certificates in a P2P network is like using a condom. It's just
common sense. Practice safe cex!

Feh. You sound like one of those newbs who used to leave the plastic wrap
on his 3.5 floppy so he wouldn't get viruses...

Cheers,
RAH
What part of non-hierarchical and P2P do you not understand?

-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: [PracticalSecurity] Anonymity - great technology but hardly used

At 8:41 PM -0700 10/27/05, cyphrpunk wrote:
Where else are you going to talk about
this shit?

Talk about it here, of course.

Just don't expect anyone to listen to you when you play list-mommie.

Cheers,
RAH

-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

[EMAIL PROTECTED]: RE: [p2p-hackers] P2P Authentication]

2005-10-28 Thread Eugen Leitl

- Forwarded message from Matthew Kaufman [EMAIL PROTECTED] -

From: Matthew Kaufman [EMAIL PROTECTED]
Date: Thu, 27 Oct 2005 19:28:53 -0700
To: 'Peer-to-peer development.' [EMAIL PROTECTED]
Subject: RE: [p2p-hackers] P2P Authentication
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
Reply-To: Peer-to-peer development. [EMAIL PROTECTED]

Alen Peacock:
   Personally, I'm put off by the centralization.  I'm not 
 really concerned about the library size or complexity of 
 PKI,.  In fact, my experience indicates that implementing 
 centralized CAs is a good deal less complex than trying to 
 distribute identity verification throughout the system with 
 no centralization.

Agreed... Hierarchical PKI with a single root is distinctly easier than
multiple roots, random chains of trust, or reputation models, which is why
we've started with the simplest design for the default PKI that ships with
the amicima MFP and MFPNet libraries.

   Completely decentralized p2p applications have the 
 advantage of being especially resilient to DoS and other 
 attacks on centrality. 
 Introducing centralized components negates this advantage.  

It negates some advantages, not all.

 In the case of using CAs in a p2p app, the entire network can 
 be disabled by attacking the CAs.

As has already been pointed out, the network still runs, but new clients
can't be authenticated. However, it is possible to make that unlikely... For
instance, if enough trusted entities already have the ability to sign keys,
you can reduce the odds that an attacker can successfully disable ALL of the
CAs. Adding additional roots to the PKI, especially if they are public roots
that are unlikely to be disabled, also helps... It doesn't seem likely that
the world will shut down the existing secure web PKI in order to take your
P2P app off the air.

   p2p networks pose an interesting challenge because you have 
 to design for the fact that malicious or misbehaving clients 
 *will* be present. 

This is actually true of the entire Internet and isn't unique to p2p
networks at all. All protocol implementations and higher level applications
that run on them must be designed to deal with malicious or misbehaving
clients will be present... See buffer overflows of mail servers and http
servers, for instance.

 Since there is no single entity or known 
 group of entities controlling the nodes (as in typical 
 distributed applications), there is no way to enforce 
 adherence to protocols other than with the protocols 
 themselves.  

This isn't about p2p networks at all, but about open-source distribution, it
seems. Lots of totally proprietary p2p and client-server applications have
been shipped where a single entity controls the implementation... Skype
comes to mind as an example in the P2P space. These have the temporary
advantage of unpublished protocols and implementations, but this won't stop
a dedicated attacker for long, which brings us back to the original point,
that everything attached to the Internet needs to assume that malicious and
misbehaving things will try to mess things up.

Whether or not that really matters is another point... There's numerous ways
one could build a highly incorrect Gnutella peer, for instance, and yet it
doesn't seem to have become commonplace.

 This may sound idealistic and naive, perhaps 
 justly so, but the further away from protocols that require 
 centralized architectures we get, the better (IMHO, of course).

Well, that's why we're all here on the P2P hackers list, I suppose,
because we believe that decentralization is good, but it doesn't really
change the most basic of the design parameters at all.

Matthew Kaufman
[EMAIL PROTECTED]
www.amicima.com

___
p2p-hackers mailing list
[EMAIL PROTECTED]
http://zgp.org/mailman/listinfo/p2p-hackers
___
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences

- End forwarded message -
-- 
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

signature.asc
Description: Digital signature

Re: [PracticalSecurity] Anonymity - great technology but hardly used

2005-10-28 Thread Eugen Leitl

On Thu, Oct 27, 2005 at 11:28:42PM -0400, R.A. Hettinga wrote:

 The cypherpunks list is about anything we want it to be. At this stage in
 the lifecycle (post-nuclear-armageddon-weeds-in-the-rubble), it's more
 about the crazy bastards who are still here than it is about just about
 anything else.

While I don't exactly know why the list died, I suspect it
was the fact that most list nodes offered a feed full of spam,
dropped dead quite frequently, and also overusing that needs 
killing thing (okay, it was funny for a while).

The list needs not to stay dead, with some finite effort on our
part (all of us) we can well resurrect it. If there's a real content
there's even no need from all those forwards, to just fake
a heartbeat.

-- 
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE


signature.asc
Description: Digital signature

Re: [PracticalSecurity] Anonymity - great technology but hardly used

2005-10-28 Thread John Kelsey

From: Eugen Leitl [EMAIL PROTECTED]
Sent: Oct 27, 2005 3:22 AM
To: Shawn K. Quinn [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: [PracticalSecurity] Anonymity - great technology but hardly used

...
It's never about merit, and not even money, but about predeployed
base and interoperability. In today's world, you minimize the
surprise on the opposite party's end if you stick with
Redmondware. (Businessfolk hate surprises, especially complicated,
technical, boring surprises).

Not only that, but this is often sensible.  Have you noticed the
bizarre misfit between our allegedly phonetic alphabet and how things
are spelled?  Why don't we get everyone to change that?  Or the silly
insistence of sticking with a base 60 time standard?  Or the whole
atrocity of English measurements that the US still is stuck with?  Oh
yeah, because there's an enormous installed base, and people are able
to do their jobs with them, bad though these tools are.  

...
OpenOffice  Co usually supports a subset of Word and Excel formats.
If you want to randomly annoy your coworkers, use OpenOffice to
process the documents in MS Office formats before passing them on,
without telling what you're doing. Much hilarity will ensue.

I'll note that you can do the same thing by simply using slightly
different versions of Word.  MS takes a bad rap for a lot of their
software (Excel and Powerpoint are pretty nice, for example), but Word
is a disaster.

Eugen* Leitl a href=http://leitl.org;leitl/a

--John Kelsey

Re: Any comments on BlueGem's LocalSSL?

2005-10-28 Thread James A. Donald

--
R.A. Hettinga [EMAIL PROTECTED]
 Intel doing their current crypto/DRM stuff, [...] You
 know they're going to do evil, but at least the
 *other* malware goes away.

I am a reluctant convert to DRM.  At least with DRM, we
face a smaller number of threats.


--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 ctySJF5hgF1q9fil61pohBVLfj/aT4jWZ/KUf29x
 4GuXiNXRF+nY3+3LFo8YpvV4w1S5dwf+LcuAsZWWe

Return of the death of cypherpunks.

2005-10-28 Thread James A. Donald

--
From:   Eugen Leitl [EMAIL PROTECTED]
 While I don't exactly know why the list died, I 
 suspect it was the fact that most list nodes offered a 
 feed full of spam, dropped dead quite frequently, and 
 also overusing that needs killing thing (okay, it 
 was funny for a while).

 The list needs not to stay dead, with some finite 
 effort on our part (all of us) we can well resurrect 
 it. If there's a real content there's even no need 
 from all those forwards, to just fake a heartbeat.

Since cryptography these days is routine and 
uncontroversial, there is no longer any strong reason 
for the cypherpunks list to continue to exist.

I recently read up on the Kerberos protocol, and 
thought, how primitive.  Back in the bad old days, we 
did everything wrong, because we did not know any 
better.  And of course, https sucks mightily because the 
threat model is both inappropriate to the real threats, 
and fails to correspond to the users mental model, or to 
routine practices on a wide variety of sites, hence 
users glibly click through all warning dialogs, most of 
which are mere noise anyway.

These problems, however, are no explicitly political, 
and tend to be addressed on lists that are not 
explicitly political, leaving cypherpunks with little of 
substance. 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 AnKV4N6f9DgtOy+KkQ9QsiXcpQm+moX4U09FjLXP
 4zfMeSzzCXNSr737bvqJ6ccbvDSu8fr66LbLEHedb

0wn3d

2005-10-28 Thread cyphrpunk

Hello,

I have hacked the account [EMAIL PROTECTED]. If cyphrpunk want to
know the new password of his account, he can check the box
[EMAIL PROTECTED]

V0ld3m0rt

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-28 Thread Daniel A. Nagy

On Fri, Oct 28, 2005 at 02:18:43PM -0700, cyphrpunk wrote:

 In particular I have concerns about the finality and irreversibility
 of payments, given that the issuer keeps track of each token as it
 progresses through the system. Whenever one token is exchanged for a
 new one, the issuer records and publishes the linkage between the new
 token and the old one. This public record is what lets people know
 that the issuer is not forging tokens at will, but it does let the
 issuer, and possibly others, track payments as they flow through the
 system. This could be grounds for reversibility in some cases,
 although the details depend on how the system is implemented. It would
 be good to see a critical analysis of how epoints would maintain
 irreversibility, as part of the paper.

I agree, this discussion is missing, indeed. I will definitely include it,
should I write another paper on the subject.

Irreversibility of transactions hinges on two features of the proposed
systetm: the fundamentally irreversible nature of publishing information in
the public records and the fact that in order to invalidate a secret, one
needs to know it; the issuer does not learn the secret at all in some
implementnations and only learns it when it is spent in others.

In both cases, reversal is impossible, albeit for different reasons. Let's
say, Alice made a payment to Bob, and Ivan wishes to reverse it with the
possible cooperation of Alice, but definitely without Bob's help. Alice's
secret is Da, Bob's secret is Db, the corresponding challenges are,
respectively, Ca and Cb, and the S message containing the exchange request
Da-Cb has already been published.

In the first case, when the secret is not revealed, there is simply no way to
express reverslas. There is no S message with suitable semantics semantics,
making it impossible to invalidate Db if Bob refuses to reveal it.

In the second case, Db is revealed when Bob tries to spend it, so Ivan can,
in principle, steal (confiscate) it, instead of processing, but at that
point Da has already been revealed to the public and Alice has no means to
prove that she was in excusive possession of Da before it became public
information.

Now, one can extend the list of possible S messages to allow for reversals
in the first scenario, but even in that case Ivan cannot hide the fact of
reversal from the public after it happened and the fact that he is prepared
to reverse payments even before he actually does so, because the users and
auditors need to know the syntax and the semantics of the additional S
messages in order to be able to use Ivan's services.

-- 
Daniel

Re: Any comments on BlueGem's LocalSSL?

At 11:10 AM -0700 10/28/05, James A. Donald wrote:
I am a reluctant convert to DRM.  At least with DRM, we
face a smaller number of threats.

I have had it explained to me, many times more than I want to remember,
:-), that strong crypto is strong crypto.

It's not that I'm unconvinceable, but I'm still unconvinced, on the balance.

OTOH, if markets overtake the DRM issue, as most cypherpunks I've talked to
think, then we still have lots of leftover installed crypto to play around
with.

Cheers,
RAH
Who still thinks that digital proctology is not the same thing as financial
cryptography.
-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Any comments on BlueGem's LocalSSL?

At 7:51 PM -0400 10/28/05, R.A. Hettinga wrote:
OTOH, if markets overtake the DRM issue,
^ moot, was what I meant to say...

Anyway, you get the idea.

Cheers,
RAH

-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Do away with everything you are indebted for not even paying an other cent

2005-10-28 Thread arlen ray


Get rid of all you owe not even sending another dollar.  
Eliminate the embarrassing collection contacts. Stop the mailing of checks!
Wild as it may seem the majority lendor's not following the banking laws
here in the US. Mind-boggling but accurate! 
Go to our web site for in depth facts in relation to our approach at no
fees or commitment. You have zero to loose and ample to secure.

http://geocities.yahoo.com.br/jepy_christner/?k=l.Eliminate all that you
are indebted for not even mailing  an other dollar
Complete knowledge or to bring to a hault obtaining or to observe our
location

Multiply cash flow and your customer base within 24 hours using
knowledgeable and high volume mail marketing blitz
Join with the largest and finest [EMAIL PROTECTED]

But I haven't time to stop, so I'm not likely to get mixed up in any rumpus
with them. However, the armed caravan was scarcely out of sight before Rob
discovered he was approaching a rich, wooded oasis of the desert, in the
midst of which was built the walled city of Yarkand
Not that he had ever heard of the place, or knew its name; for few
Europeans and only one American traveler had ever visited it

Re: packet traffic analysis

2005-10-28 Thread Travis H.

Good catch on the encryption.  I feel silly for not thinking of it.

 If your plaintext consists primarily of small packets, you should set the MTU
 of the transporter to be small.   This will cause fragmentation of the
 large packets, which is the price you have to pay.  Conversely, if your
 plaintext consists primarily of large packets, you should make the MTU large.
 This means that a lot of bandwidth will be wasted on padding if/when there
 are small packets (e.g. keystrokes, TCP acks, and voice cells) but that's
 the price you have to pay to thwart traffic analysis.

I'm not so sure.  If we're talking about thwarting traffic on the link
level (real circuit) or on the virtual-circuit level, then you're
adding, on average, a half-packet latency whenever you want to send a
real packet.  And then there's the bandwidth tradeoff you mention,
which is probably of a larger concern (although bandwidth will
increase over time, whereas the speed of light will not).

I don't see any reason why it's necessary to pay these costs if you
abandon the idea of generating only equal-length packets and creating
all your chaff as packets.  Let's assume the link is encrypted as
before.  Then you merely introduce your legitimate packets with a
certain escape sequence, and pad between these packets with either
zeroes, or if you're more paranoid, some kind of PRNG.  In this way,
if the link is idle, you can stop generating chaff and start
generating packets at any time.  I assume that the length is
explicitly encoded in the legitimate packet.  Then the peer for the
link ignores everything until the next escape sequence introducing a
legitimate packet.

This is not a tiny hack, but avoids much of the overhead in your
technique.  It could easily be applied to something like openvpn,
which can operate over a TCP virtual circuit, or ppp.  It'd be a nice
optimization if you could avoid retransmits of segments that contained
only chaff, but that may or may not be possible to do without giving
up some TA resistance (esp. in the presence of an attacker who may
prevent transmission of segments).
--
http://www.lightconsulting.com/~travis/  --
We already have enough fast, insecure systems. -- Schneier  Ferguson
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B

Re: packet traffic analysis

2005-10-28 Thread Travis H.

 I assume that the length is
 explicitly encoded in the legitimate packet.  Then the peer for the
 link ignores everything until the next escape sequence introducing a
 legitimate packet.

I should point out that encrypting PRNG output may be pointless, and
perhaps one optimization is to stop encrypting when switching on the
chaff.  The peer can then encrypt the escape sequence as it would
appear in the encrypted stream, and do a simple string match on that. 
In this manner the peer does not have to do any decryption until the
[encrypted] escape sequence re-appears.  Another benefit of this is to
limit the amount of material encrypted under the key to legitimate
traffic and the escape sequences prefixing them.  Some minor details
involving resynchronizing when the PRNG happens to produce the same
output as the expected encrypted escape sequence is left as an
exercise for the reader.
--
http://www.lightconsulting.com/~travis/  --
We already have enough fast, insecure systems. -- Schneier  Ferguson
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B

RE: Return of the death of cypherpunks.

2005-10-28 Thread Tyler Durden



I don't agree.

One thing we do know is that, although Crypto is available and, in special 
contexts, used, it's use in other contexts is almost counterproduct, sending 
up a red flag so that those that Protect Our Freedoms will come sniffing 
around and bring to bear their full arsenal of technologies and, possibly, 
dirty tricks. Merely knowing that you are using stego/crypto in such 
contexts can cause a lot of attention come your way, possibly in actual 
meatspace, which in many cases is almost worse than not using crypto at all


In addition, although strong and unbreakable Crypto exists, one thing a 
stint on Cypherpunks teaches you is that it is only rarely implemented in 
such a way as to actually be unbreakable to a determined attacker, 
particularly if there are not many such cases to examine in such contexts.


The clear moral of this story is that, to increase the odds of truly secure 
communication, etc, Crypto in such contexts must become much more 
ubiquitous, and I still think Cypherpunks has a role to play there and 
indeed has played that role. Such a role is, of course, far more than a mere 
cheerleading role,a fact that merits a continued existence for Cypherpunks 
in some form or another.


-TD






Only when Crypto is used ubiquitousl


From: James A. Donald [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Return of the death of cypherpunks.
Date: Fri, 28 Oct 2005 12:09:36 -0700

--
From:   Eugen Leitl [EMAIL PROTECTED]
 While I don't exactly know why the list died, I
 suspect it was the fact that most list nodes offered a
 feed full of spam, dropped dead quite frequently, and
 also overusing that needs killing thing (okay, it
 was funny for a while).

 The list needs not to stay dead, with some finite
 effort on our part (all of us) we can well resurrect
 it. If there's a real content there's even no need
 from all those forwards, to just fake a heartbeat.

Since cryptography these days is routine and
uncontroversial, there is no longer any strong reason
for the cypherpunks list to continue to exist.

I recently read up on the Kerberos protocol, and
thought, how primitive.  Back in the bad old days, we
did everything wrong, because we did not know any
better.  And of course, https sucks mightily because the
threat model is both inappropriate to the real threats,
and fails to correspond to the users mental model, or to
routine practices on a wide variety of sites, hence
users glibly click through all warning dialogs, most of
which are mere noise anyway.

These problems, however, are no explicitly political,
and tend to be addressed on lists that are not
explicitly political, leaving cypherpunks with little of
substance.

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 AnKV4N6f9DgtOy+KkQ9QsiXcpQm+moX4U09FjLXP
 4zfMeSzzCXNSr737bvqJ6ccbvDSu8fr66LbLEHedb

Re: [PracticalSecurity] Anonymity - great technology but hardly used

2005-10-28 Thread Eugen Leitl

On Thu, Oct 27, 2005 at 11:28:42PM -0400, R.A. Hettinga wrote:

 The cypherpunks list is about anything we want it to be. At this stage in
 the lifecycle (post-nuclear-armageddon-weeds-in-the-rubble), it's more
 about the crazy bastards who are still here than it is about just about
 anything else.

While I don't exactly know why the list died, I suspect it
was the fact that most list nodes offered a feed full of spam,
dropped dead quite frequently, and also overusing that needs 
killing thing (okay, it was funny for a while).

The list needs not to stay dead, with some finite effort on our
part (all of us) we can well resurrect it. If there's a real content
there's even no need from all those forwards, to just fake
a heartbeat.

-- 
Eugen* Leitl a href=http://leitl.org;leitl/a
__
ICBM: 48.07100, 11.36820http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE


signature.asc
Description: Digital signature

Re: [EMAIL PROTECTED]: Re: [p2p-hackers] P2P Authentication]