Re: Clarification of challenge to Joseph Ashwood:
Sorry, I didn't bother reading the first message, and I won't bother reading any of the messages further in this thread either. Kong lacks critical functionality, and is fatally insecure for a wide variety of uses, in short it is beyond worthless, ranging into being a substantial risk to the security of anyone/group that makes use of it. - Original Message - From: James A. Donald [EMAIL PROTECTED] Subject: Clarification of challenge to Joseph Ashwood: Joseph Ashwood: So it's going to be broken by design. These are critical errors that will eliminate any semblance of security in your program. James A. Donald: I challenge you to fool my canonicalization algorithm by modifying a message to as to change the apparent meaning while preserving the signature, or by producing a message that verifies as signed by me, while in fact a meaningfully different message to any that was genuinely signed by me. That's easy, remember that you didn't limit the challenge to text files. It should be a fairly simple matter to create a JPEG file with a number of 0xA0 and 0x20 bytes, by simply swapping the value of those byte one can create a file that will pass your verification, but will obviously be corrupt. Your canonicalization is clearly and fatally flawed. Three quarters of the user hostility of other programs comes from their attempt to support true names, and the rest comes from the cleartext signature problem. Kong fixes both problems. Actually Kong pretends the first problem doesn't exist, and corrects the second one in such a way as to make it fatally broken. Joseph Ashwood must produce a message that is meaningfully different from any of the numerous messages that I have sent to cypherpunks, but which verifies as sent by the same person who sent past messages. Thus for Kong to be broken one must store a past message from that proflic poster supposed called James Donald, in the Kong database, and bring up a new message hacked up by Joseph Ashwood, and have Kong display in the signature verification screen To verify that I would of course have to download and install Kong, something that I will never do, I don't install software I already know is broken, and fails to address even the most basic of problems. Joe
Re: What email encryption is actually in use?
On Saturday, November 2, 2002, at 08:01 PM, Tyler Durden wrote: Prior to that, the encrypted email I've sent in the past year or so has almost always failed, because of version incompatibilities, While in Telecom I was auditing optical transport gear, and we adopted the practice of encrypting all of our audit reports to vendors. Of course, the chance of there being an eavesdropper (uh...other than NSA, that is) was a plank energy above zero, but it gave the vendors the imporession we really cared a lot about their intellectual property (if we determined a problem with their equipment, and if that info ever leaked, it could have a major impact on them). When I was at Intel we sent our designs for microprocessors to European branches and/or partners. One set of designs sent to MATRA/Harris, a partner in the 80C86, was stolen in transit. (The box of tapes arrived in Paris, but the tapes had been replaced by the suitable weight of bricks.) The moral: 99.x % of traffic is of little interest to thieves or eavesdroppers. But some fraction is. And it often isn't appreciated until after a theft or eavesdrop in which category the traffic lies. (Equivalent to people not thinking about backups until it's too late.) Having said this, I, too, rarely encrypt. It should get easier, now that PGP 8 is well-integrated into the Mail program I use in OS X. (Years ago PGP stopped working in my mailer, and I had to encrypt and decrypt manually.) It is odd that we mostly think crypto should be easy and painless. The military, with a real need for crypto, has full-time code clerks on ships and at bases, even out on the battlefield. And they have code shacks and cipher rooms and all sorts of procedure and rigamarole about envelopes, couriers, locks on doors, combo locks on safes, need to know, etc. PK crypto has made a lot of things a lot easier, but expecting it all to work with a click of a button is naive. Of course, most of us don't actually have secrets which make protocols and efforts justifiable. There's the rub. --Tim May
Re: Clarification of challenge to Joseph Ashwood:
-- Joseph Ashwood: So it's going to be broken by design. These are critical errors that will eliminate any semblance of security in your program. James A. Donald: I challenge you to fool my canonicalization algorithm by modifying a message to as to change the apparent meaning while preserving the signature, or by producing a message that verifies as signed by me, while in fact a meaningfully different message to any that was genuinely signed by me. Joseph Ashwood: That's easy, remember that you didn't limit the challenge to text files. It should be a fairly simple matter to create a JPEG file with a number of 0xA0 and 0x20 bytes, by simply swapping the value of those byte one can create a file that will pass your verification, but will obviously be corrupt. Your canonicalization is clearly and fatally flawed. If so easy, do it. Joseph Ashwood must produce a message that is meaningfully different from any of the numerous messages that I have sent to cypherpunks, but which verifies as sent by the same person who sent past messages. Thus for Kong to be broken one must store a past message from that proflic poster supposed called James Donald, in the Kong database, and bring up a new message hacked up by Joseph Ashwood, and have Kong display in the signature verification screen Joseph Ashwood: To verify that I would of course have to download and install Kong, In other words, you are blowing smoke, and know full well you are blowing smoke. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG H1Nbd40fMEd0QoHFng2hEcuA2a/BP07ab+GOBowZ 4HIcNbSdMF02EWVm52VJqtj0Jas+Wmq/SZ/UyT0uq
Sending bricks through the mail
At 09:37 PM 11/2/02 -0800, Tim May wrote: When I was at Intel we sent our designs for microprocessors to European branches and/or partners. One set of designs sent to MATRA/Harris, a partner in the 80C86, was stolen in transit. (The box of tapes arrived in Paris, but the tapes had been replaced by the suitable weight of bricks.) There exists a website by someone who enjoyed sending unusual things through the US mail. He once sent a brick, with proper postage, no envelope. The brick *eventually* arrived at its destination, sort of, but had been broken by the DEA according to the PO's paperwork.
Re: What email encryption is actually in use?
On Sat, 2 Nov 2002, Tim May wrote: PK crypto has made a lot of things a lot easier, but expecting it all to work with a click of a button is naive. Of course, most of us don't actually have secrets which make protocols and efforts justifiable. There's the rub. I expect it to work with the click of a button. If our goal is that crypto not be simply something for the members of the cypherpunk crypto hackers club, and instead be a tool for the masses, used for the protection of information that they deem to be private (regardless of how important a secret it may be), then crypto applications *must* be as easy to use as AOL. Sacrificing the level of security provided is a reasonable option. If crypto apps are too hard to use, they provide no security, since they are not used. If there is no way to provide military-strength crypto in a one-click solution, then so be it. Does the average user need military-grade solutions to hide whatever secrets he may have? If ease of use isn't your concern, if foreign governments are your threats, if your budget allows for specially trained crypto operators, by all means -- deploy the ultra-secure and difficult to use cryptosystems. What's naive is trying to ram such products down the public's collective throat. Cryptographic solutions are not of all or nothing strength. I don't know why UI hasn't been the foremost priority of crypto vendors all along... --Len.
Re: What email encryption is actually in use?
On Sunday 03 November 2002 12:53, Len Sassaman wrote: On Sat, 2 Nov 2002, Tim May wrote: PK crypto has made a lot of things a lot easier, but expecting it all to work with a click of a button is naive. Of course, most of us don't actually have secrets which make protocols and efforts justifiable. There's the rub. I expect it to work with the click of a button. ... crypto applications *must* be as easy to use as AOL. Sacrificing the level of security provided is a reasonable option. ... Agreed. Setup should be pretty simple, but daily use for the unwashed masses has to be one-click. And version compatibility problems have _got_ to disappear. Actually, PGP's Outlook plug-in comes pretty close to this. It has just two usability shortcomings that I can think of right now: it needs an option to remember the passphrase (yah, it's a security hole, but not as big a one as not using encryption at all); the identification and fetching of other users' keys needs to be simpler (1); and the compatibility problems have _got_ to disappear. Yes, I know I'm repeating myself on that last bit, but it's the biggest show-stopper of the bunch. The receiving side needs to be completely painless. Again, optionally remember the passphrase and optionally automatically decrypt and verify signatures. KMail is pretty good, at least with signatures: it shows a stripe down the side indicating a GPG/PGP message and it checks the signature if the signer is in my keyring. I want copious use of crypto partly out of a slight regard for the interests of the average user but mostly as cover for anything I might want to do. And partly to make harder the lives of the kind of bastards who'd go into a career of looking at other people's mail. 1: I don't have any workable ideas on how to find the right person's key in the face of changing email addresses. But the selection of the particular key from those available for a given person needs to be automated; having to drill down through several levels and then choosing from several possible keys is too confusing and too much work even if it's not confusing. -- Steve FurlongComputer Condottiere Have GNU, Will Travel Vote Idiotarian --- it's easier than thinking
Re: What email encryption is actually in use?
On Sun, Nov 03, 2002 at 11:23:36AM -0800, Tim May wrote: | I think most users, even casual ones, would accept this advice: | | Look, encrypted text is just a rearrangement of text. Compose your | message in whatever editor or word processor you want, apply the | encryption directly to that text, then paste in or otherwise send that | new text out. Expecting encryption to be closely tied in to to | ever-changing mailers, word processors, news readers, and multiple | iterations of OSes, is just too big a chore for developers to keep up | with. Most users think text comes in colors, and don't understand why documents produced by MS Word are different from text. This is inevitable as we shift towards a world of ubiquitous computing: The average user understands less and less. To put it another way, if most users could accept that advice, most of my business email would be encrypted after someone sent me an NDA. The person cares about confidentiality, but doesn't know how to achieve it, and doesn't understand why its not in their mailer. Adam -- It is seldom that liberty of any kind is lost all at once. -Hume
Re: Integrated crypto sounds useful, but it's fragile and ultimately a lose
On Sun, Nov 03, 2002 at 12:41:11PM -0800, Tim May wrote: | To expand on this point a bit, I suspect one of the main reasons people | who once used PGP stop using it, either privately or at corporations | (as we have heard folks here testify about), is because something | changes and things break. | | They upgrade their OS, they get a new release of a mailer, and things | break. And they don't have the time, energy, or inclination to track | down all of the little gotchas that may have cause things to break. I | know this happened to me several times over the years with various | versions of PGP, Eudora, and Mac OS 7, 8, and 9. These breaks have three causes: 1) changes in the PGP 'api,' 2) changes in the OS causing PGP to break, 3) changes in PGP causing it to not interoperate. My experience (mostly on unix) says that 1 and 3 are responsble for far more problems than 2. That is to say, PGP beaks because it isn't stable, not because the OS or apps aren't stable. PGP API changes used to be explainable by the need to do something else not previously thought of. Now it seems to be fashionable to make changes in minor versions (gpg 1.06 to 1.07 for example, changed a bunch of things, rather than holding them back to 1.2) PGP developers need to recognize this and make their APIs stable. Changes in PGP are of two forms: First is message encoding (PGP/Mime, x-application-pgp, what have you. Those seem to be fewer in number, although I still don't know if mutt's default encoding is right or not. The second was the penchant of PGP to add new algorithms for first patent and then speed reasons. Patent reasons are understandable, but the speed of PGP was never enough reason to add CAST and make it a default. So, almost all of these reasons are things that fall under the control of people doing development, who need to understand that their choices (new algorithms, new APIs, new message formats) are making it too much of a bother to get even half-decent message privacy. They don't have a lot to do with the mailers, newsreaders, or OS changes that are outside developers control. Adam -- It is seldom that liberty of any kind is lost all at once. -Hume
Intel's LaGrab
New PCs Likely to Cede Some Control Sun Nov 3, 1:58 PM ET By MATTHEW FORDAHL, AP Technology Writer SAN JOSE, Calif. (AP) - To thwart hackers and foster online commerce, the next generation of computers will almost certainly cede some control to software firms, Hollywood and other outsiders. That could break a long-standing tenet of computing: that PC owners ultimately control data on their own machines. Microsoft calls its technology Palladium. Intel dubs it LaGrande. I say we call it LaGrab. --Tim May Extremism in the pursuit of liberty is no vice.--Barry Goldwater
Re: What email encryption is actually in use?
FWIW In the Si biz, its quite common to encrypt files. I've seen (albeit lame, and with guessable passwords) zip encryption and the classic crypt used. Between engineers, and between lawyers and engineers. Typically the encrypted info is an attachment to unencrypted email (often describing its contents!), though this is also used for ftp sites. (The zip programs are considered universal today.) When we were working on a crypto chip (ca 1998), we did actually manage to have half a dozen engineers/managers regularly using PGP, between Macs and PCs. That's since faded to nil. Thinking about this, I conclude that email is considered useful because its *so* easy to send. Adding non-transparent decryption is too much of a bother. (Though the way that later PGP versions can retain your passphrase *can* make it transparent (at a security-cost of retaining your passphrase!)) Maybe it'll take an ISP-snoop-based insider trading scandal for the SEC to require email crypto :-) Version issues haven't been a problem with PGP, but we had to find the right versions of PGPfone to interoperate between Mac/PCs. At 11:01 PM 11/2/02 -0500, Tyler Durden wrote: Prior to that, the encrypted email I've sent in the past year or so has almost always failed, because of version incompatibilities, While in Telecom I was auditing optical transport gear, and we adopted the practice of encrypting all of our audit reports to vendors. Of course, the chance of there being an eavesdropper (uh...other than NSA, that is) was a plank energy above zero, but it gave the vendors the imporession we really cared a lot about their intellectual property (if we determined a problem with their equipment, and if that info ever leaked, it could have a major impact on them). That the mesages were decrypted I know for sure, and it was easy for the customers: we would verbally tell them the password for unpacking the encrypted file, and they merely typed it in a it extracted itself. I think the encryption tool was installed directly into the file manager (or whatever it's called now), so it was easy to do.
Re: What email encryption is actually in use?
On Sunday, November 3, 2002, at 06:14 PM, David W. Hodgins wrote: -BEGIN PGP SIGNED MESSAGE- The advantages really disappear, when the key used to sign the message isn't sent to the key servers {:. Those who need to know, know. You, I've never seen before. Even if you found my key at the Liberal Institution of Technology, what would it mean? Parts of the PGP model are ideologically brain-dead. I attribute this to left-wing peacenik politics of some of the early folks. --Tim May
Re: Sending bricks through the mail
At 09:36 AM 11/3/2002 -0800, Major Variola (ret) [EMAIL PROTECTED] wrote: There exists a website by someone who enjoyed sending unusual things through the US mail. He once sent a brick, with proper postage, no envelope. Some friends used to wrap up bricks and returned them to companies they disliked using their prepaid response card taped to the outside for addressing. Bulk mail can only be claimed in bulk after you've paid the freight and there was no weight max. associated with bulk reply cards. Nice way to anonymously punish. steve