Re: Chaum's unpatented ecash scheme

[Ben Laurie]

Nomen Nescio wrote:
> Ben Laurie writes:
> 
> 
>>Note that the scheme as described (and corrected) is vulnerable to 
>>marking by the bank, and so is not anonymous. This is discussed and 
>>fixed in my paper on Lucre 
>>(http://anoncvs.aldigital.co.uk/lucre/theory2.pdf).
> 
> 
> Actually the scheme described based on Chaum's talk (corrected for
> probable typos) is essentially what you describe in your paper as the
> Type II Defence, in section 5.  Your analysis shows that it is not
> vulnerable to marking and is anonymous.
> 
> Speaking of anonymous, you should give credit in your paper to Anonymous
> for discovering the possibility of marking Lucre coins, in a coderpunks
> posting at
> http://www.mail-archive.com/coderpunks@toad.com/msg02186.html, and for
> inventing the Type II Defence, both in the posting above and amplifed
> at http://www.mail-archive.com/coderpunks@toad.com/msg02323.html.
> 
> It may seem pointless to credit anonymous postings, but it makes the
> historical record more clear.

Anonymous _is_ creditted, but I can add the specific URLs.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/

Available for contract work.

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Re: Signing as one member of a set of keys

[Ben Laurie]

Anonymous wrote:
> Len Sassaman has put the ringsig program up at
> 
>>http://www.abditum.com/~rabbi/ringsig/
> 
> 
> First, the ring signature portion has successfully been repaired from
> the truncation imposed by the anon remailer in the original post.
> 
> Second, unfortunately all of the tabs have been converted to spaces.
> This will prevent the sig from verifying.
> 
> Third, a number of the lines have been wrapped.  This will also prevent
> the verification from going through.

The version I posted does not appear to suffer from either of these 
problems (but also does not verify).

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/

Available for contract work.

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

U.S. Military Uses the Force

[keyser-soze]

[[I wonder if a similar techique can be used against bullets for personal armor or 
home defense.]

>From Wired News --
<http://www.wired.com/news/technology/0,1282,54641,00.html>

U.S. Military Uses the Force
By Noah Shachtman

One of the most dangerous and pervasive threats facing American and
British troops in combat zones is a primitive grenade launcher that only
sets your typical terrorist back about $10.

The Anglo-American defense against this no-tech threat: an electrical
force field that's costing hundreds of millions of dollars to develop.

Fitted on light armored vehicles such as personnel carriers, the force
field uses a series of charged metal plates to dissipate the effects of
rocket-propelled grenades (RPGs), a weapon found by the thousands from
Mogadishu to Kabul to Baghdad.

...



Get your free encrypted email at https://www.hushmail.com

Re: Signing as one member of a set of keys

[Ben Laurie]

Anonymous wrote:
>>>*** COULD SOMEONE PLEASE FOLLOW THE STEPS ABOVE AND PUT THE ringsig.c,
>>>ringsign, ringver, AND sigring.pgp FILES ON A WEB PAGE SO THAT PEOPLE
>>>CAN DOWNLOAD THEM WITHOUT HAVING TO GO THROUGH ALL THESE STEPS? ***
>>
>>Once it works, I'll happily do that, but...
>>
>>
>>>6. Finally, the verification step: run the ringver perl script, giving the
>>>PGP key file created in step 5 as an argument, and giving it the ringsig.c
>>>file as standard input:
>>>
>>>./ringver sigring.pgp < ringsig.c
>>>
>>>This should print the message "Good signature".
>>
>>ben@scuzzy:~/tmp/multisign$ ./ringver pubring.pkr < testwhole
>>ERROR: Bad signature
> 
> 
> Could you post the files anyway on a web page, then the author can check
> them against his copies and see which are corrupted?

http://www.alcrypto.co.uk/ringsign/

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/

Available for contract work.

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Re: Signing as one member of a set of keys

[Ben Laurie]

Len Sassaman wrote:
> On Sat, 17 Aug 2002, Anonymous wrote:
> 
> 
>>*** COULD SOMEONE PLEASE FOLLOW THE STEPS ABOVE AND PUT THE ringsig.c,
>>ringsign, ringver, AND sigring.pgp FILES ON A WEB PAGE SO THAT PEOPLE
>>CAN DOWNLOAD THEM WITHOUT HAVING TO GO THROUGH ALL THESE STEPS? ***
> 
> 
> The files are available at:
> 
> http://www.abditum.com/~rabbi/ringsig/
> 
> Also, if you'd like to send me a more detailed blurb for the webpage, I'd
> be happy to put it up. Otherwise, this will have to do.
> 
> 
>>9.  Please report whether you were able to succeed, and if not, which step
>>failed for you.
> 
> 
> I just ran into a bunch of errors when trying to compile with OpenSSL
> 0.9.7beta3. I'm debugging now...

There's a fixed verion on the page I just posted (admittedly against a 
current 0.9.7 snapshot, not beta3).

http://www.alcrypto.co.uk/ringsign/

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/

Available for contract work.

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

the underground software vulnerability marketplace and its hazards (fwd)

[Eugen Leitl]

-- 
-- Eugen* Leitl http://leitl.org";>leitl
__
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://eugen.leitl.org
83E5CA02: EDE4 7193 0833 A96B 07A7  1A88 AA58 0E89 83E5 CA02


-- Forwarded message --
Date: Thu, 22 Aug 2002 00:24:54 -0400 (EDT)
From: Kragen Sitaker <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: the underground software vulnerability marketplace and its hazards

On August 7th, an entity known as "iDEFENSE" sent out an announcement,
which is appended to this email.  Briefly, "iDEFENSE", which bills
itself as "a global security intelligence company", is offering cash
for information about security vulnerabilities in computer software
that are not publicly known, especially if you promise not to tell
anyone else.

If this kind of secret traffic is allowed to continue, it will pose a
very serious threat to our computer communications infrastructure.

At the moment, the dominant paradigm for computer security research
known as "full disclosure"; people who discover security
vulnerabilities in software tell the vendor about them, and a short
while later --- after the vendor has had a chance to fix the problem
--- they publish the information, including code to exploit the
vulnerability, if possible.  

This method has proven far superior to the old paradigm established by
CERT in the late 1980s, which its proponents might call "responsible
disclosure" --- never release working exploit code, and never release
any information on the vulnerability before all vendors have released
a patch.  This procedure often left hundreds of thousands of computers
vulnerable to known bugs for months or years while the vendors worked
on features, and often, even after the patches were released, people
wouldn't apply them because they didn't know how serious the problem
was.

The underground computer criminal community would often discover and
exploit these same holes for months or years while the "responsible
disclosure" process kept their victims, who had no connections in the
underground, vulnerable.

The problem with this is that vulnerabilities that are widely known
are much less dangerous, because their victims can take steps to
reduce their potential impact --- including disabling software,
turning off vulnerable features, filtering traffic in transit, and
detecting and responding to intrusions.  They are therefore much less
useful to would-be intruders.  Also, software companies usually see
security vulnerabilities in their software as PR problems, and so
prefer to delay publication (and the expense of fixing the bugs) as
long as possible.

iDEFENSE is offering a new alternative that appears far more dangerous
than either of the two previous paradigms.  They want to be a buyer in
a marketplace for secret software vulnerability information, rewarding
discoverers of vulnerabilities with cash.  

Not long before, Snosoft, a group of security researchers evidently
including some criminal elements, apparently made an offer to sell the
secrecy of some software vulnerability information to the software
vendor; specifically, they apparently made a private offer to
Hewlett-Packard to keep a vulnerability in HP's Tru64 Unix secret if
HP retained Snosoft's "consulting services".  HP considered this
extortion and responded with legal threats, and Snosoft published the
information.

If this is allowed to happen, it will cause two problems which,
together, add up to a catastrophe.

First, secret software vulnerability information will be available to
the highest bidder, and to nobody else.  For reasons explained later,
I think the highest bidders will generally be organized crime
syndicates, although that will not be obvious to the sellers.

Second, finding software vulnerabilities and keeping them secret will
become lucrative for many more talented people.  The result will be
--- just as in the "responsible disclosure" days --- that the good
guys will remain vulnerable for months and years, while the majority
of current vulnerabilities are kept secret.

I've heard it argued that the highest bidders will generally be the
vendors of the vulnerable software, but I don't think that's
plausible.  If someone can steal $20 000 because a software bug lets
them, the software vendor is never held liable; often, in fact, the
people who administer the software aren't liable, either --- when
credit card data are stolen from an e-commerce site, for example.
Knowing about a vulnerability before anyone else might save a web-site
administrator some time, and it might save the software vendor some
negative PR, but it can net the thief thousands of dollars.

I think the highest bidders will be those for whom early vulnerability
information is most lucrative --- the thieves who can use it to
execute the largest heists without getting caught.  Inevitably, that
means organized crime syndicates, although the particular gangs who
are good at networked theft may not yet ex

Re: Signing as one member of a set of keys

[Len Sassaman]

On Thu, 22 Aug 2002, Anonymous wrote:

> Len Sassaman has put the ringsig program up at
> > http://www.abditum.com/~rabbi/ringsig/

[...]

> Second, unfortunately all of the tabs have been converted to spaces.
> This will prevent the sig from verifying.

[...]

I've put a corrected version in its place. If this still has problems,
could you send me the md5sum of the correctly formatted file so that I can
be sure I get it right?


--Len.

New Palladium FAQ available

[AARG! Anonymous]

Microsoft has apparently just made available a new FAQ on its
controversial Palladium technology at
http://www.microsoft.com/PressPass/features/2002/aug02/0821PalladiumFAQ.asp.

Samples:

> Q: I've heard that "Palladium" will force people to run only
> Microsoft-approved software.
>
> A: "Palladium" can't do that. "Palladium's" security chip (the SSC)
> and other features are not involved in the boot process of the OS or in
> the OS's decision to load an application that doesn't use a "Palladium"
> feature and execute it. Because "Palladium" is not involved in the
> boot process, it cannot block an OS, or drivers or any non-"Palladium"
> PC application from running. Only the user decides what "Palladium"
> applications get to run. Anyone can write an application to take advantage
> of "Palladium" APIs without notifying Microsoft (or anyone else) or
> getting its (or anyone else's) approval.

> Q: Some people have claimed that "Palladium" will enable Microsoft or
> other parties to detect and remotely delete unlicensed software from my
> PC. Is this true?
>
> A: No. As stated above, the function of "Palladium" is to make digitally
> signed statements about code identity and hide secrets from other
> "Palladium" applications and regular Windows kernel- and user-mode
> spaces. "Palladium" doesn't have any features that make it easier for
> an application to detect or delete files.

Hopefully Microsoft will continue to release information about Palladium.
That should help to bring some of the more outrageous rumors under
control.

Re: Chaum's unpatented ecash scheme

[Nomen Nescio]

Ben Laurie writes:

> Note that the scheme as described (and corrected) is vulnerable to 
> marking by the bank, and so is not anonymous. This is discussed and 
> fixed in my paper on Lucre 
> (http://anoncvs.aldigital.co.uk/lucre/theory2.pdf).

Actually the scheme described based on Chaum's talk (corrected for
probable typos) is essentially what you describe in your paper as the
Type II Defence, in section 5.  Your analysis shows that it is not
vulnerable to marking and is anonymous.

Speaking of anonymous, you should give credit in your paper to Anonymous
for discovering the possibility of marking Lucre coins, in a coderpunks
posting at
http://www.mail-archive.com/coderpunks@toad.com/msg02186.html, and for
inventing the Type II Defence, both in the posting above and amplifed
at http://www.mail-archive.com/coderpunks@toad.com/msg02323.html.

It may seem pointless to credit anonymous postings, but it makes the
historical record more clear.

Re: Signing as one member of a set of keys

[Anonymous]

Len Sassaman has put the ringsig program up at
> http://www.abditum.com/~rabbi/ringsig/

First, the ring signature portion has successfully been repaired from
the truncation imposed by the anon remailer in the original post.

Second, unfortunately all of the tabs have been converted to spaces.
This will prevent the sig from verifying.

Third, a number of the lines have been wrapped.  This will also prevent
the verification from going through.

Is it possible for you to visit
http://www.inet-one.com/cypherpunks/dir.2002.08.05-2002.08.11/msg00221.html
and use the kind of "Save as Text" command in your browser, to get the
version with the tabs and without the wrapping?  Doing this with IE on
this system avoids these problems.  Then you just need to bring over
the missing signature lines, which has been done successfully in the
files above.

Thanks very much to Len Sassaman for making this file available.
  ++multisig v1.0
+Hkvy3oF8ULSowmX+Q3oUgRxy7gEkn5fsiq3ezXz5dPJxQxz4nR9F+9YzjMTagOw
FpUA9idUECIm2023Ech/AHDSHFk4hqlZBon0Rak5N12C7R7tqdY2EkKOG9j2i24J
MkD0W7/qH53V2q6TheJUeRsSg4nn58nazWIKlOG8FZiGm+j6tRXnAiGVAE2+Mqtk
5Vig7GQ/c+MZWwgccN3pc8xENanr4dIbBJVzDQBZL2auoLpukRrj22AO+ujUnprh
pY8tj2BnJgyRxsQBSm/Kk9EGihnOy0bTNiaZiwEcd5vtTp8df3q8WdPDN/d0SDIi
T8Vr3SIikplopi/aaRoMk9S0o1I9FMJU8QwHXXi/6W300+a5m+aaOqnvjVJ7c0hE
h6tiS7g7IWHwlA1mTkm4+XNdQayUr43a7CTkBz+dYOA2qKOMfMwoWbIw82fwauKW
M4tmxgx/XFKljbFfXWT3klBJlJL1i9Rpi4ilf0gvxkAdxXas++oQ3BHg23FwV7ze
FyDIHfEU3DQkbcatu3iScJ5eH5B1PBbxdrkRlEIFzA5zl/3u7pEPmcbHNJAETdRb
oVW6yY8TolDAPfgAqMcFC72kuxDj6Z0tLhB13f1o7fvtIVEoVDs2cBgNkf3r75tP
LwyTzNTKy9rrIRJScJ/Ibb4XvsZHRLHSw9CNI/6qqMSVtiSuCBS/7kF0XGpr1FJe
eael8oJJh2C8eDov6yyHGOixUuJR6rs/pp2YvvyWLKeMu8BN9AScFyFk6k4aT/ck
/tEFNs3WyldNeIAw7lYAvj6qcJG1wqZkDT75x0qw+sTYJRREF7VPrdUGW+qfPFsn
626RnieO6ggYPq12DEb0aT8tdXESoVJcdpNp4NHoGUxD05p9mhsT1aFbocGVrpxa
UpsOfPcHKHNQbmAuZE6P4LMa/UlEn1l1rDuKSCbmnBqVvfYr96IjsF4c+PZTBllF
YJaz8XTeXvOvEuscbz8q+E7IJ+1VA5nosUYNd7u/LGN0Jg9jTn7HIzfQ4pKUV66r
jZnnKOvU8AZLHcEbduBMvLvE/5IZro5OYlDa+odIXISTIRvHP9k+GbHyeBKQ1CLj
UzVJAHyyu9g/J1b+QR5eyPDETkGhlnC7rpjvfqjwyKLfI80oVo/o2xV5K8dLNIFG
FGLcGMil4pjojXyBv/bx0rIOdpeipusCOn/JNl/6o94AP2XMjWRtxz1A9Jygy+qZ
x5yZxrOpKAhxSpyLi4af8fgqz16u/VLzfjBpIs7apNtLjbjv7qG5PXbT5I/RPPnl
hl6YMQYsBc6+5RbaRIZ8bflcDNkm/ar/hb5j2fpVhhainL6BlNw7DWFg4XTCV0zg

Re: the underground software vulnerability marketplace and its hazards (fwd)

[Mike Rosing]

On Thu, 22 Aug 2002, Eugen Leitl wrote:

> If this kind of secret traffic is allowed to continue, it will pose a
> very serious threat to our computer communications infrastructure.

Sure looks like it.

> iDEFENSE is offering a new alternative that appears far more dangerous
> than either of the two previous paradigms.  They want to be a buyer in
> a marketplace for secret software vulnerability information, rewarding
> discoverers of vulnerabilities with cash.

Not that much cash.  It's only $125 for an exploit.  that's not
much in $/hr of effort.

> First, secret software vulnerability information will be available to
> the highest bidder, and to nobody else.  For reasons explained later,
> I think the highest bidders will generally be organized crime
> syndicates, although that will not be obvious to the sellers.

governments have more cash.  the highest bidders could use it as a
way to keep track of who is doing what, since the web site says
people who find exploits are given full credit.  The mafiosi seem
like the least of our problems with this.

If I got paid, I wouldn't want anyone to have the ability to come find me!

> Second, finding software vulnerabilities and keeping them secret will
> become lucrative for many more talented people.  The result will be
> --- just as in the "responsible disclosure" days --- that the good
> guys will remain vulnerable for months and years, while the majority
> of current vulnerabilities are kept secret.

Not at that rate of pay.  Might be a good way to find talent tho.

> I think the highest bidders will be those for whom early vulnerability
> information is most lucrative --- the thieves who can use it to
> execute the largest heists without getting caught.  Inevitably, that
> means organized crime syndicates, although the particular gangs who
> are good at networked theft may not yet exist.

Yes they exist, and most have 3 letter acronyms.  Well, a few have
numbers in there :-)  A lot of government agencies need cash that
their handlers won't give, so they go steal it.  Since their jobs
are breaking laws, nobody notices.

> Right now, people who know how to find security exploits are either
> motivated by personal interest in the subject, motivated by the public
> interest, motivated by a desire for individual recognition, or
> personally know criminals that benefit from their exploits.  Creating
> a marketplace in secret vulnerability information would vastly
> increase the availability of that information to the people who can
> afford to pay the most for it: spies, terrorists, and organized crime.
>
> Let's not let that happen.

How?  iDEFENSE isn't really breaking any laws, they are just
immoral scum bags.  Maybe the publication of the first person
hunted down and executed by an angry government will slow down
contributors?

thanks for posting this, the net is getting more and more interesting
:-)

Patience, persistence, truth,
Dr. mike

Re: Discouraging credential sharing with Mojo

[Meyer Wolfsheim]

On Wed, 21 Aug 2002, Anonymous wrote:

> Clearly we need a new approach.  Here is a suggestion for a simple
> solution which will give everyone an important secret that they will
> avoid sharing.
>
> At birth each person will be issued a secret key.  This will be called
> his Mojo.

[snip]

> Now all that is needed is a simple change to the law so that knowing
> someone's Mojo makes him your slave.

Virtually all cultures have held the mythological belief that all "beings
with souls" have a True Name, and that knowledge of one's true name
leads to power over him.

(This isn't really surprising, since the True Name concept features
prominently in Babylonian mythology, from which the myths of nearly all
other civilizations have sprung.)

For instance, knowing the True Name of a god could result in one being
granted godly powers, or immortality (cf: Isis learning the True Name of
Ra in Egyptian mythology). In Greek (and neo-pagan) nature myths, speaking
the true name of a landscape object could give the speaker protection or
favors from the spirit inhabiting the object. In Hebrew, Essene, and
Islamic mythology, as well as Celtic, Pacific Island, and Norse
tales, the True Name theme appears repeatedly. Etc.

It sounds like you wish to revive this superstition, but instead make it
cryptographically enforcable. "Trust in the laws of mathematics and men,
not of gods?"

Welcome to the Church of Strong Cryptography.

> Please join me in supporting this important reform.
>
> Just say, "I want my Mojo!"

Sometimes, I wonder if some of these posts are not intended to be as
ironic as they appear.


-MW-