Re: Forced Oaths to Pieces of Cloth
On Tuesday 11 February 2003 09:52, Dr. mike wrote: No reason we can't start a movement to plege alegiance to the constitution The main body of the constitution does not apply to the individuals, it is the law the politicians and bureaucrats of the federal government are supposed to obey (and instead completely ignore). The fourteenth amendment prohibits the state governments from violately individual rights. What is needed is the death penalty or life imprisonment for politicians and bureaucrats who violate their oaths to uphold the constitution. The proper recipient of a pledge of allegiance is individual liberty. As Ben Franklin said, Where liberty dwells, there is my country. David Neilson This will be the best security for maintaining our liberties. A nation of well-informed men who have been taught to know and prize the rights which God has given them cannot be enslaved. It is in the religion of ignorance that tyranny begins. (also by Ben)
Re: The burn-off of twenty million useless eaters and minorities
On Tuesday 18 February 2003 20:16, Bill wrote: At 5:53 PM -0800 2/17/03, Tyler Durden wrote: Any kid coming to school with a knife or gun gets thrown out, period. Gee, when I was in high school, I was on the high school rifle team. I still have the varsity letter with the crossed rifles on it. Our ammo was paid for by the US military, who wanted recruits who could shoot. I brought my gun to school at the beginning of the season, and took it home at the end. Teenager have the same right to self defense that adults do. Why would any sane kid want to go into one of those war zones unarmed? Why would any sane parent allow them to do so? David Neilson
thirty year plan
Here's a link to an interesting article about the US plan to control the world's oil supply. It points put the hazard of inviting the wolves to watch your henhouse for you. http://www.motherjones.com/news/feature/2003/10/ma_273_01.html David Neilson
Re: Fw: Drunk driver detector that radios police
On Friday 07 March 2003 00:52, gann wrote: A tiny fuel cell that detects the alcoholic breath of a drink-driver and calls the police has been developed snip I'm in favor of it snip Neither you nor anyone else has the right to force me or any other individual to subsidize your welfare. This device, if forced on individuals by a government entity, would violate fourth amendment protections against self-incrimination. DUI laws requiring breath or blood tests do the same thing. DUI laws define a political crime (as opposed to a crime with an actual victim) based on an arbitrary biological baseline (blood alcohol content). Reckless endangerment of another person is a real crime with a real victim regardless of the amount of alcohol or other drugs in the person's system. Laws against reckless endangerment can be enforced without violating constitutionally protected rights. DUI laws need to be abolished. This would all be academic if this were not a socialist country where the roads are built on stolen property with stolen money. If the roads were private property owned by private individuals then you would be free to travel on roads that required onboard breath testers, submission to random searches of your vehicle and body cavities, along with background checks of your criminal history, credit, and bank records if that made you feel safe and secure. If the terms of use of that road company were not to your liking you would be free to travel on a competing company's roads. Live free or die, David Neilson
Re: Fw: Drunk driver detector that radios police
On Sunday 09 March 2003 18:16, you wrote: On Sunday 09 March 2003 10:31 am, david wrote: Neither you nor anyone else has the right to force me or any other individual to subsidize your welfare. This device, if forced on individuals by a government entity, would violate fourth amendment protections against self-incrimination. DUI laws requiring breath or blood tests do the same thing. But you wouldn't mind if insurance companies required the device in order for you to get a policy (whether or not it called the police or just the insurance company) ? Right ?
Re: Fw: Drunk driver detector that radios police
On Sunday 09 March 2003 18:16, A.Melon wrote: On Sunday 09 March 2003 10:31 am, david wrote: Neither you nor anyone else has the right to force me or any other individual to subsidize your welfare. This device, if forced on individuals by a government entity, would violate fourth amendment protections against self-incrimination. DUI laws requiring breath or blood tests do the same thing. But you wouldn't mind if insurance companies required the device in order for you to get a policy (whether or not it called the police or just the insurance company) ? Right ? Not as long as it was truly a free market transaction involving no government regulation of the insurance company or laws requiring you to buy the insurance. Any transaction freely entered into by both parties is acceptable. David Neilson
Re: Biometrics helping privacy: excerpt from Salon article on fo rensics
Peter Trei wrote: Encrypted files on a portable device that you keep with you would seem to be the best of all worlds. any of the usb mini drives can manage that - just set them to autorun Scramdisk Traveller and mount a SD volume from the device. just don't forget to dismount it before you remove the drive :)
Re: Two ideas for random number generation
Jim Choate [EMAIL PROTECTED] wrote: But that changes the game in the middle of play, the sequence of digits in pi is fixed, not random. You can't get a random number from a constant. Otherwise it wouldn't be a constant. PRNG output is fixed/repeatable too - that is a properly you *want* from a PRNG. any subset of the digits of pi is as close to RNG output as you would need to satisfy any entropy tests - unless you *knew* you had derived it from pi you couldn't distinguish it from a true random string of the same size. You can't stop them from using their tables. Slow them down, not stop them. You can't use that huge a seed, hardware limitations. They can match you. *shrug* given that adding a bit to the seed doubles the quantity of data they would have to cache in their tables, it can quickly become unworkable; the single-digit-of-pi formula is too slow to form a good stream cypher, but is otherwise ok; if you aren't constrained to matching a real world sequence (pi in this case) but are happy with *any* non-repeating but deterministic stream, you can probably find something much faster.
Re: Cypherpunks Europe
On Sunday, April 28, 2002, at 07:32 AM, Jan Dobrucki wrote: Greetings, I've been reading the list for a while now, and what I find annoying is that there are mostly American news and little about what's happening in Europe. As little as I respect America, America is not all of the world. Come on Cypherpunks from Europe, make your presence noticed! Not sure about the rest of europe - but we have a targetted crypto list in the UK (UKCrypto, sensibly enough) so already have a forum for uk-specific issues. Thats not to say some of it wouldn't be better here - but I am sure our problems with Godfrey would bore you all to tears anyhow :)
Re: Cypherpunks Europe
I don't think you get freelance IRA guys. Not with both kneecaps, anyway. might be surprised - donations from the states have apparently tailled off (having been the subject of a terrorist attack themselves they seem less willing to fund them) and they could do with the revenue - but you are probably better off talking with the dodgier firms in london - the prices will be better and they will do a more professional/painful job. The price improvement is because reusable sledgehammers are cheaper than having to dispose of a gun ;) L** G*** is a nice man. He wrote that the Cult of the Dead Cow were a bunch of barely literate mindless American teenage delinquents. If they lived in England they could possibly sue him for that :-) Maybe they could anyhow - juristiction shopping isn't exclusive to LG. In fact, I am sure half the list will chip in a tenner or so each to help out the legal fees ;)
Re: Bad guys vs. Good guys
Jim Choate [EMAIL PROTECTED] gave us the benefit of the following opinion: It makes no sense to talk about 'cheapness of payment' from the recipients view. It costs them nothing to get paid (outside of whatever service or labor was involved in the exchange). You have your cognates reversed (ie payer v payee). Nope, Usually credit card transactions are free for the payer (provided they pay their bill at the end of the month) while a percentage of that money is lost if you are the payee to the credit card company (if it were a flat fee for the service, it could be a business expense; as it is, it is a cost of handling the payment). The CC contract insists on no surcharge (to the customers) for CC payments for the very good reason that most businesses would want to pass that handling fee onto the customer, and the CC company's business model wouldnt' survive that happening.
Re: Bad guys vs. Good guys
Nope, Usually credit card transactions are free for the payer Bullshit, they charge interest on the loans and such. You should read your credit card bills closer. Not sure if the rules are different over there then - after all, you add on extra charges to the ticket price when you reach the paypoint :) in the UK, almost all credit cards charge *no* interest at all on payments made with it provided you clear your balance when the bill comes in, and most charge no annual fee for usage either. A handling charge is applied if you use a cashpoint to withdraw money, but that is sensible as there there isn't a vendor to gouge :) The CC contract insists on no surcharge (to the customers) for CC payments ??? I guess the vendor who pays the fees to use credit cards just pulls the money out of thin air...not hardly. *shrug* I am not responsible for for your problems there. In my experience (limited to the uk, admittedly) card usage is free, and vendors are under a contractual obligation (and I know this because I have signed such a contract) to the CC swipe box supplier (the merchant account provider) not to add a surcharge for use of the card to pay; this leads to some strange situations, where companies will accept CCs to purchase goods, but will *not* accept them to pay bills. Mind you, if you wave a bundle of cash and mutter discount for cash payment? to a lot of companies, you can get a discount. but then, this is true *anyhow* particularly for payments over 100ukp to anything but the biggest of the high street names - and even then, usually a store manager has the discretionary power to apply discounts (usually booked as shop soiled (ie ex-display model) or manager's special promotion)
Re: Open-Source Fight Flares At Pentagon Microsoft Lobbies Hard Against Free Software
Microsoft also said open-source software is inherently less secure because the code is available for the world to examine for flaws, making it possible for hackers or criminals to exploit them. Proprietary software, the company argued, is more secure because of its closed nature. Presumably the contrast between this and their other recent declaration (that their code is so insecure releasing it would be a national security risk) doesn't occur to them? Or maybe they think the two compliment each other (eg look, our code is so insecure that we can't release it, and we can't believe anyone is any better than us, so theirs must be so insecure it can't be released too)
Re: When encryption is also authentication...
Mike Rosing [EMAIL PROTECTED] wrote: Having it be transparent where the user doesn't need to know anything about how it works does not have to destroy the effectiveness of digital signatures or crypto. When people sign a document they don't know all the ramifications because few bother to read all of any document they sign - most of it won't apply as long as you keep your part of the bargin, so why bother? Partially agreed - a user doesn't have to know *how* it works, but must have to take a positive step (eg, type in a password, answer yes to a are you really sure you want to do this message, that sort of thing) for it to be binding under most e-sig legislation. However, the law of contract assumes every dotted i and crossed t is read and fully understood to the full measure of the law. Enough people get caught out this way each year (they find the contract they signed isn't what they negotiated but (eg) binds them to a full term of service (say, two years) when they wanted a three month trial... There is a balance to be had here. it should be impossible for a random user to walk up to their powered off pc, power it on, then sign a document. It should be extremely difficult for a random user to walk up to a pc that has been left logged on (but which hasn't been used to sign documents for five minutes or so) and sign a document; it should be easy for the user to sign a large number of documents in rapid succession, without having to type in a complex password every single time. If this involves remembering the password for a specified idle time, or using a smartcard to auth (rather than a manual password or in addition) that the user can remove when he takes a coffee break then fine - but whatever you do must almost certainly use no other hardware than is already fitted to the machine, so a usb dongle could be ok for a home user but a credit-card style smartcard almost certainly won't be (although if anyone knows a decent floppy-adaptor for smartcards, I would love to know about it)
Re: When encryption is also authentication...
Mike Rosing [EMAIL PROTECTED] wrote: Having it be transparent where the user doesn't need to know anything about how it works does not have to destroy the effectiveness of digital signatures or crypto. When people sign a document they don't know all the ramifications because few bother to read all of any document they sign - most of it won't apply as long as you keep your part of the bargin, so why bother? Partially agreed - a user doesn't have to know *how* it works, but must have to take a positive step (eg, type in a password, answer yes to a are you really sure you want to do this message, that sort of thing) for it to be binding under most e-sig legislation. However, the law of contract assumes every dotted i and crossed t is read and fully understood to the full measure of the law. Enough people get caught out this way each year (they find the contract they signed isn't what they negotiated but (eg) binds them to a full term of service (say, two years) when they wanted a three month trial... There is a balance to be had here. it should be impossible for a random user to walk up to their powered off pc, power it on, then sign a document. It should be extremely difficult for a random user to walk up to a pc that has been left logged on (but which hasn't been used to sign documents for five minutes or so) and sign a document; it should be easy for the user to sign a large number of documents in rapid succession, without having to type in a complex password every single time. If this involves remembering the password for a specified idle time, or using a smartcard to auth (rather than a manual password or in addition) that the user can remove when he takes a coffee break then fine - but whatever you do must almost certainly use no other hardware than is already fitted to the machine, so a usb dongle could be ok for a home user but a credit-card style smartcard almost certainly won't be (although if anyone knows a decent floppy-adaptor for smartcards, I would love to know about it)
Re: Ross's TCPA paper
Scott Guthery wrote: Perhaps somebody can describe a non-DRM privacy management system. Uhh, anonymous remailers? I never disclose my identity, hence there is no need for parties I don't trust to manage it. Come on, folks. This ought to be cypherpunks 101. DRM might be one way to achieve privacy, but it is not the only way. One simple way for me to ensure my privacy is simply never to disclose my personal information. There's no DRM here. Sure, maybe we could envision some alternate world where I disclose my personal information in return for some promise from Big Brother to protect my personal information with DRM, but this doesn't mean that DRM is the only way to achieve privacy!
Re: Piracy is wrong
Anonymous wrote: Piracy - unauthorized copying of copyrighted material - is wrong. http://www.gnu.org/philosophy/words-to-avoid.html When an artist releases a song or some other creative product to the world, they typically put some conditions on it. Don't overlook the fact that when the government gives an artist a limited monopoly through copyright, the government retains some rights (e.g., fair use) to the public, whether the artist likes it or not.
Re: DRM will not be legislated
Anonymous wrote: Legislation of DRM is not in the cards, [...] Care to support this claim? (the Hollings bill and the DMCA requirement for Macrovision in every VCR come to mind as evidence to the contrary)
Re: Virtuallizing Palladium
Ben Laurie [EMAIL PROTECTED] was seen to declaim: Albion Zeglin wrote: Similar to DeCSS, only one Palladium chip needs to be reverse engineered and it's key(s) broken to virtualize the machine. If you break one machine's key: a) You won't need to virtualise it b) It won't be getting any new software licensed to it I would think it would be more likely to match the mod chips that address this very issue in the Gaming world - a replacement chip that tells the OS yeah, everythings ok even when it isn't :)
Re: DRM will not be legislated
AARG! Anonymous wrote: David Wagner wrote: The Hollings bill was interesting not for its success or failure, but for what it reveals the content companies' agenda. The CBDTPA, available in text form at http://www.politechbot.com/docs/cbdtpa/hollings.s2048.032102.html, does not explicitly call for legislating DRM. What's your point? If you think the CBDTPA wasn't about legislating DRM or something like it, we must be from different planets. I'll elaborate. CBDTPA delegated power to the FCC to specify standards that all digital devices would have to implement. It is not at all surprising that CBDTPA was drafted to allow the FCC great freedom in choosing the technical details as necessary to achieve the bill's objectives. It is equally clear that supporters of the bill were pushing for some mandatory Fritz chip, do-not-copy bit, Macrovision protection, copy protection, or other DRM-like technical measure. This issue is not going away quietly.
Re: Challenge to David Wagner on TCPA
James A. Donald wrote: According to Microsoft, the end user can turn the palladium hardware off, and the computer will still boot. As long as that is true, it is an end user option and no one can object. Your point is taken. That said, even if you could turn off TCPA Palladium and run some outdated version of Windows, whether users would object is not entirely obvious. For instance, suppose that, thanks to TCPA/Palladium, Microsoft could design Office 2005 so that it is impossible for StarOffice and other clones to read files created in Office 2005. Would some users object? I don't know. For many users, being unable to read documents created in a recent version of Office is simply not an option. However, in any case we should consider in advance the possible implications of this technology.
Re: Seth on TCPA at Defcon/Usenix
AARG! Anonymous wrote: His description of how the Document Revocation List could work is interesting as well. Basically you would have to connect to a server every time you wanted to read a document, in order to download a key to unlock it. Then if someone decided that the document needed to un-exist, they would arrange for the server no longer to download that key, and the document would effectively be deleted, everywhere. Well, sure. It's certainly how I had always envisioned one might build a secure Document Revocation List using TCPA or Palladium. I didn't realize this sort of thing would need explaining; I assumed it would be obvious to cypherpunk types. But I'm glad this risk is now clear. Note also that Document Revocation List functionality could arise without any intent to create it. Application developers might implement this connect to a server feature to enforce some seemingly innocuous function, like enforcing software licenses and preventing piracy. Then, after the application has been deployed with this innocuous feature, someone else might eventually notice that it could also be used for document revocation. Thus, Document Revocation List functionality could easily become widespread without anyone realizing it or intending it. This is a risk we should make think about now, rather than after it is too late.
Re: Thanks, Lucky, for helping to kill gnutella (fwd)
R. A. Hettinga wrote: [Ob Cypherpunks: Seriously, folks. How clueful can someone be who clearly doesn't know how to use more than one remailer hop, as proven by the fact that he's always coming out of the *same* remailer all the time? I hope I don't need to point out that always using the same exit remailer does *not* prove that he is using just one hop. One can hold the exit remailer fixed while varying other hops in the path. Your question seems to be based on a mistaken assumption about how remailers work.
Re: responding to claims about TCPA
AARG! Anonymous wrote: In fact, you are perfectly correct that Microsoft architectures would make it easy at any time to implement DRL's or SNRL's. They could do that tomorrow! They don't need TCPA. So why blame TCPA for this feature? The relevance should be obvious. Without TCPA/Palladium, application developers can try to build a Document Revocation List, but it will be easily circumvented by anyone with a clue. With TCPA/Palladium, application developers could build a Document Revocation List that could not be easily circumvented. Whether or not you think any application developer would ever create such a feature, I hope you can see how TCPA/Palladium increases the risks here. It enables Document Revocation Lists that can't be bypassed. That's a new development not feasible in today's world. To respond to your remark about bias: No, bringing up Document Revocation Lists has nothing to do with bias. It is only right to seek to understand the risks in advance. I don't understand why you seem to insinuate that bringing up the topic of Document Revocation Lists is an indication of bias. I sincerely hope that I misunderstood you.
Re: Cryptogram: Palladium Only for DRM
AARG! Anonymous wrote: Lucky Green wrote: In the interest of clarity, it probably should be mentioned that any claims Microsoft may make stating that Microsoft will not encrypt their software or software components when used with Palladium of course only applies to Microsoft [...] First, it is understood that Palladium hashes the secure portions of the applications that run. [...] With that architecture, it would not work to do as some have proposed: the program loads data into secure memory, decrypts it and jumps to it. The hash would change depending on the data and the program would no longer be running what it was supposed to. I think Lucky is right: Palladium does support encrypted programs. Imagine an interpreter interpreting data, where the data lives in the secure encrypted vault area. This has all the properties of encrypted code. In particular, the owner of the machine might not be able to inspect the code the machine is running. If you want a more concrete example, think of a JVM executing encrypted bytecodes, or a Perl interpreter running encrypted Perl scripts. For all practical purposes, this is encrypted software. Whether this scenario will become common is something we can only speculate on, but Palladium does support this scenario.
Re: Best Windows XP drive encryption program?
at Monday, September 23, 2002 10:35 PM, Curt Smith [EMAIL PROTECTED] was seen to say: http://www.drivecrypt.com/dcplus.html DriveCrypt Plus does everything you want. I believe it may have descended from ScramDisk (Dave Barton's disk encryption program). As an aside - Dave Barton? Shaun Hollingworth was the author of SD as far as I know. I can't remember exactly, but seem to recall Dave Barton did a delphi wrapper around some of the SD function calls...
Re: What email encryption is actually in use?
at Monday, September 30, 2002 7:52 PM, James A. Donald [EMAIL PROTECTED] was seen to say: Is it practical for a particular group, for example a corporation or a conspiracy, to whip up its own damned root certificate, without buggering around with verisign? (Of course fixing Microsoft's design errors is never useful, since they will rebreak their products in new ways that are more ingenious and harder to fix.) Yup. In fact, some IPSec firewalls rely on the corporate having a local CA root to issue keys for VPN access. from there it is only a small step to using the same (or parallel issued) keys for email security. The problem there really is that the keys will be flagged as faulty by anyone outside the group (and therefore without the root key already imported), and that will usually only work in a semi-rigid hierachical structure. There *is* an attempt to set up something resembling a Web of trust using x509 certificiates, currently in the early stages at nntp://news.securecomp.org/WebOfTrust I intended to sign this using Network Associates command line pgp, only to discover that pgp -sa file produced unintellible gibberish, that could only be made sense of by pgp, so that no one would be able to read it without first checking my signature. you made a minor config error - you need to make sure clearsign is enabled. I suggest that network associates should have hired me as UI design manager, or failing, that, hired the dog from down the street as UI design manager. It's command line. Most cyphergeeks like command line tools powerful and cryptic :)
Re: What email encryption is actually in use?
at Tuesday, October 01, 2002 3:08 AM, Peter Gutmann [EMAIL PROTECTED] was seen to say: For encryption, STARTTLS, which protects more mail than all other email encryption technology combined. See http://www.cs.auckland.ac.nz/~pgut001/pubs/usenix02_slides.pdf (towards the back). I would dispute that - not that it isn't used and useful, but unless you are handing off directly to the home machine of the end user (or his direct spool) odds are good that the packet will be sent unencrypted somewhere along its journey. with TLS you are basically protecting a single link of a transmission chain, with no control over the rest of the chain. For signing, nothing. The S/MIME list debated having posts to the list signed, and decided against it: If I know you, I can recognise a message from you whether it's signed or not. Signing has a limited application - I wouldn't use it routinely other than to establish an association (key--poster) early in a conversation, and then omit it except for things whose source *I* would want verified if I was receiving it. It is unusual for me to use a sig outside of encrypt+sign. If I don't know you, whether it's signed or not is irrelevant. Depends on the definition of know. If a poster had a regular habit of posting at least one signed message every week, and had never protested that the sigs were faked, then you could assume that the poster whose sig just cleared is the same as the poster who has been posting for that time period - mapping that to any real-world individual is more problematic, but mostly you don't need to. There are plenty of people I only know online from email exchanges, and in some cases am not even sure what sex they are :)
Re: What email encryption is actually in use?
at Tuesday, October 01, 2002 6:10 PM, James A. Donald [EMAIL PROTECTED] was seen to say: Not so. It turns out the command line is now different in PGP 6.5.8. It is now pgp -sta to clearsign, instead of pgp -sa. (Needless to say the t option does not appear in pgp -h *nods* its in the 6.5 Command Line Guide, but as identifies the input file as a text file The CLG is the best reference for this though - as it explictly lists sta as the correct option in section Ch2Common PGP FunctionsSigning MessagesSign a plaintext ASCII file. I could email you a copy of the PDF of that (its about 500K) if you wish. The clearsigning now seems to work a lot better than I recall the clearsigning working in pgp 2.6.2. They now do some canonicalization, or perhaps they guess lots of variants until one checks out. its canonicalization - again according to the CLG (CH3Sending ASCII text files to different machine environments) Perhaps they hid the clear signing because it used not to work, but having fixed it they failed to unhide it? its just an evolution. IIRC the command line tool was based at least partially on the unix version of pgp, which always had different command line switches. It would be nice if behaviour was more backwards compatable, but they *did* document it in the official M that you should RTF :)
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- at Tuesday, October 01, 2002 9:04 PM, Petro [EMAIL PROTECTED] was seen to say: Well, it's a start. Every mail server (except mx1 and mx2.prserv.net) should use TLS. Its nice in theory, but in practice look how long it takes the bulk of the internet to install urgent patches - how long is it going to take to get people to install an upgrade to privacy that actually causes more problems for them? Besides the core here is that 1) everyone with a server enroute can read the mail 2) you are relying on every other link in the chain to protect your privacy clientside crypto fixes both these problems, reduces the total crypto load on the chain (encryption/decryption is only ever done once) and allows use of digital signatures. Once you start using it, it becomes part of hte pattern by wich other people identify you. Exactly the intention, yes :) Just for the sake of it (anyone who cares will have seen my signature enough times by now) I will sign this one :) -BEGIN PGP SIGNATURE- Version: PGP - Cyber-Knights Templar iQIVAwUBPZqzpWDKt9Hjj5SVAQFlwA//cQYGFRb3sJEM695lWJ+rUhymcS5lTSEV vG3eRUvxpbhLcAS+QsdMXX3pDlu60UzOhxubpQch9E59yE/+uaeU+5AzkfDQjc2q jQ8SppCqf56+uevoZlH1RiKkBT6Hx7ctPimEIlq3FXWsaqA3ocPVghZwFhMaxA1G twCtBxR7Q3y6VePzCzeealx7TDgcoS7hoBKNTsueAIWd/9xB9JYjFvS8OecOMdZG B+yvSLHZn1YJG62JfZ8EWXr1xKh5BZxdRVxLVzhaumtyAFr2hCDQffDiz5UtyGSa JdMoJAzmZZZ5EvcHc0rMDVs5BiDr5/EaSU+xecPz/YxY4BWxGFprqsRi7IapTkb1 26zgJQ4miGylFlmZM30cxKYudi5PdSJ4VUWpuoHRg9clZlH9KzC7f0suYAnACDXC bzr5Fgp3+bvRnziMD65NT4G1hxA5pYPl+4IudVSKcaMsHLWSTE8Lnf0US283MdeR VXKbINvyEr0p0zrl7lVmHZbmuLjdUHrgAoyQEKcaMelE+Q8suXynDYtSV7LCfdAE CjKBz2RxAiNhi1vAq6NuFOMx+R9c23Sxg2uUUbpYeRbl5fPbjamDzIhK2ccNNmpU euuWj3O9e6YMtW0KPezYbJ/9fMMkOAv3KnfdeAgcjSnipMqVvqgJ4sWil3gfUADY X0TKznTghWs= =3uOF -END PGP SIGNATURE-
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE- at Tuesday, October 01, 2002 9:04 PM, Petro [EMAIL PROTECTED] was seen to say: Well, it's a start. Every mail server (except mx1 and mx2.prserv.net) should use TLS. Its nice in theory, but in practice look how long it takes the bulk of the internet to install urgent patches - how long is it going to take to get people to install an upgrade to privacy that actually causes more problems for them? Besides the core here is that 1) everyone with a server enroute can read the mail 2) you are relying on every other link in the chain to protect your privacy clientside crypto fixes both these problems, reduces the total crypto load on the chain (encryption/decryption is only ever done once) and allows use of digital signatures. Once you start using it, it becomes part of hte pattern by wich other people identify you. Exactly the intention, yes :) Just for the sake of it (anyone who cares will have seen my signature enough times by now) I will sign this one :) -BEGIN PGP SIGNATURE- Version: PGP - Cyber-Knights Templar iQIVAwUBPZrB22DKt9Hjj5SVAQF3eBAAh8RK5LgLIPv8JhBwX6kdj2x0c6NsrtdA xiH45Zb+bCNO07ac07n+qyKRZ5UiTGjekjQXjnSOczDFUgCyUymexqif7SnDZ04P S/55rQ31wfUWNRVrO/ULjdq4TVYHMsAUFKhrYgwvYyqJNOg2C+sBwgNsLM3gedm2 R0KRY6pO/wqpVsvki3c27h7wszfvCkmsRrqtuKTwktm23XdbmAs+21YWbThbqc3Y r1gtmH8QrJuUzhPXfE/L104reFo5yi2BMuY/ac1G7uXNc+6yAhy61q4z0v17OMcS glEASE0AO+XrtYFfq/3VXk1SN5S3x44GazHvKo9NgqpJn8pvoNq9TsXhXIa9c1/u hchVahwsuZ6rooMxur8ekLP86zTn8mfI+lFKd1n+LuFzcVbzezzKRH3PM+TjDMTF p0TzHsrDOeUkrYJ2ImznpJ1019oDPBVvDCwRyCqOeLZ9MvARTXLtO9gwjt1NAh2E h7WBYhQyMdlKeUMh6mUwIG7DOoitOnf/mQkmQWybPK7NT2tOhx9uHEWE92iWUxc+ AQF4UywdSvFpTskVBkQIQESsYWGs92A350zEapogB2+cDJxytqtRDN2mLGG6tPPt u+60lj65OQUdc0D91e2W3yif9mF7ul3aztt2Ca5qziyMRVwnoceSwbejDyr1fZLO 8MgGBffIDis= =jz44 -END PGP SIGNATURE- resent - with broken line wrap fixed. damned lousy MS email client :) Next time I *check* first before sending and don't look so clueless in a worldwide list :)
Re: What email encryption is actually in use?
at Wednesday, October 02, 2002 3:13 AM, Peter Gutmann [EMAIL PROTECTED] was seen to say: As opposed to more conventional encryption, where you're protecting nothing at any point along the chain, because 99.99% of the user base can't/won't use it. That is a different problem. if you assume that relying on every hop between you and your correspondent to be protected by TLS *and* the owner of that server to be trustworthy (not only in the normal sense, but resistant to legal pressure, warrants from LEAs and financial incentives from your competitors) then you are in for a rude awakening at some point. S/Mime isn't wonderful, but it is built-in to the M$oft email packages and you can trivially generate a key *for* your correspondents to be delivered to them out-of-band. installing is double-clicking a file, and decryption automatic. More security aware users will obviously want their own, a key from a recognised CA or prefer pgp, but that is upgrades to the basic security you can provide by five minutes work with a copy of OpenSSL. In any case most email is point-to-point, which means you are protecting the entire chain (that is, if I send you mail it may go through a few internal machines here or there, but once it hits the WAN it's straight from my gateway to yours). Depends on the setup. Few home users can afford always-up connections, and most dialup ranges are blocked from direct delivery anyhow. the typical chain goes Sender--Sender's ISP--Recipient's ISP--Mailspool--Recipient for a corporate user, a typical chain might go Sender--sender's internal email system--sender's outbound gateway--recipient's firewall--recipients inbound gateway--recipient's email system--recipient assuming *everyone* at both companies is trustworthy (or IT is on the ball and preventing sniffers from running on their lans; I will pause while everyone laughs and then drafts replies pointing out that is impossible) then you can get away with TLS-protecting just the link gateway--firewall. Yes, crypto should be transparent and enabled *by default* in those M$ corporate products; no, the US government wasn't (and still isn't even under the more relaxed regime) willing to wear on-by-default unbreakable, easy crypto in mass-market products.
Re: Echelon-like...
I assume everyone knows the little arrangement that lotus reached with the NSA over its encrypted secure email? I'm new here, so do tell if I am wrong. Are you referring to the two levels of Encryption available in Bogus Notes? More or less, yes. Lotus knew nobody would buy a 40 bit version of their crypto, so there is a two-level encryption all right, but not along those lines - in the export version, some of the session key is encrypted using a PKI work reduction factor key in the message header; this section of header is important, as lotus gateways won't accept messages that have had it disturbed. by decoding this block, the NSA have the actual keysize they need to block reduced to the legal export level of 40 bits; one government found this out *after* rolling it out to all their billing and contract negotiation departments... belgum or sweden by memory . Lotus thought it would be ok if only the NSA (and other US government orgs) could break the key, rather than letting everyone have an equal chance (and indeed, letting their customers know their crypto was still only 40 bit vs USA intel agencies) Still, even the domestic version was only 64 bits, which is painfully small even by the standards of the day. certainly, even strong lotus could have been crackable by the NSA, who after all own their own fab plant to make custom VLSI cracking chips.
Re: Echelon-like...
On Wednesday, October 9, 2002, at 07:28 PM, anonimo arancio wrote: The basic argument is that, if good encryption is available overseas or easily downloadable, it doesn't make sense to make export of it illegal. Nope. The biggest name in software right now is Microsoft, who wasn't willing to face down the government on this. no export version of a Microsoft product had decent crypto while the export regulations were in force - and the situation is pretty poor even now. If microsoft were free to compete in this area (and lotus, of notes fame) then decent security *built into* the operating system, the desktop document suite or the email package - and life would get a lot, lot worse for the spooks. I assume everyone knows the little arrangement that lotus reached with the NSA over its encrypted secure email?
Re: Echelon-like...
Trei, Peter [EMAIL PROTECTED] wrote: It was Sweden. They didn't really have an excuse - over a year earlier, Lotus announced their International version with details of the Work Factor Reduction Field at the RSA Conference. I immediately invented the term 'espionage enabled' to describe this feature, a term which has entered the crypto lexicon. Indeed so, yes - If my memory isn't failing me though, their excuse was that the lotus salesdroid they had awarded the contract to hadn't disclosed it to them in his bid and in fact, the original tender had specified *secure* encryption, not *secure, except for the american spy industry*. I don't know enough sweedish to even attempt a google on it though :)
Re: UK Censors, Shayler, Bin Laden
at Saturday, October 12, 2002 2:01 AM, Steve Furlong [EMAIL PROTECTED] was seen to say: On Thursday 10 October 2002 13:13, Tim May wrote: There are two advantages of web-based discussion fora over usenet: propagation time and firewalls. Not sure about that - propagation time is a issue of course, but a web interface to nntp isn't that hard (dejanews offered it for years) and the propagation issue is fixed only by limiting the web forum to a single server or local cluster of servers - if you were setting up a web-based interface anyhow, you could get all the benefits of a single server node while not preventing users not using the web interface from participating. yes, NNTP submissions from other usenet servers might take a while to propagate to the Master server (or vice versa) but that wouldnt' affect the web interface users amongst themselves or indeed, anyone using nntp directly to that server. On the other hand, few discussions are so urgent that they need near-real-time reparte, and participants shouldn't be cruising usenet from work. depends on the forum. there are groups I *only* read at work - technical ones of course, related to my job. Usenet is a resource, and at times a good one (provided you can live with the low signal-to-noise ratio). More generally, I've been watching the migration of many discussion groups over to Web-based forums (or fora). Usually the migration does not improve the discussion...it just puts dancing ads and cruft all over the pages. probably more to the point - *profit-making* dancing ads. Something like...Google? You can't count on their sweep schedule, but it does most of what you're looking for. deja-google is ok, but a lot of the more interesting threads include x-no-archive headers (which google respects, and rightly so) somewhere in them, so you have gaps...
Re: One time pads
at Wednesday, October 16, 2002 2:01 PM, Sarad AV [EMAIL PROTECTED] was seen to say: Though it has a large key length greater than or equal to the plain text,why would it be insecure if we can use a good pseudo random number generators,store the bits produced on a taper proof medium. because you have replaced a OTP (provably secure) with a PRNG stream cypher (only as secure as the PRNG). he isn't saying that stream cyphers can't be secure - just that they aren't OTP. There is also no point in distributing the output of a PRNG as a tamperproof tape - you just run the PRNG at both sides, in sync. if you use a *real* RNG, then you can do the tape disribution thing and it *will* be a OTP - but its the tape distribution that is the difficult bit (as he points out in the article) why do we always have to rely on the internet for sending the pad?If it is physically carried to the receiver we can say for sure if P or R is intercepted. two obvious points are 1. it isn't aways possible to ensure secure delivery - if a courier is compromised or falls asleep and the tape is substituted with another, a mitm attack can be made transparently. 2. if the parties are physically remote, they may not have time to exchange tapes securely; unless there is a airplane link directly or indirectly between the sites, it may be days or weeks in transit. can some one answer the issues involved that one time pads is not a good choice. OTP is the best choice for something that must be secret for all time, no matter what the expense. anything that secure for 20,000 years will be sufficient for, go for PKI instead :)
Re: The Register - UK firm touts alternative to digital certs (fwd)
at Monday, October 21, 2002 3:14 PM, Trei, Peter [EMAIL PROTECTED] was seen to say: I'd be nervous about a availability with centralized servers, even if they are triple redundant with two sites. DDOS attacks, infrastructure (backhoe) attacks, etc, could all wreck havoc. Indeed so, yes. I suspect (if it ever takes off) that they will have to scale their server setup in pace with the demand, but to be honest I think 600/sec is probably quite a high load for actual payments - we aren't talking logins or web queries, but actual real-money-payment requests. I suspect that, if it became the dominant payment method for amazon or ebay, they would need a much more hefty server, but at this stage I suspect a heavy load would be two auths per second :)
Re: The Register - UK firm touts alternative to digital certs (fwd)
at Monday, October 21, 2002 4:20 PM, Eric Murray [EMAIL PROTECTED] was seen to say: Looking at their web site, they seem pretty generic about what it's for, but I did not see any mention of using it for payments. So I assume it's for logins. well, I was working from: The Quizid registry The Quizid registry is a database that translates the customer profile information required to facilitate secure online payment. Once a customer has been authenticated by the Quizid vault, the payment transaction is completed between the registry and the acquiring bank using the appropriate payment protocols. The bank then performs the necessary clearing between acquirers and issuers. As well as storing credit and debit card details the registry can be used to securely hold any personal information you would rather not enter over the Internet. So you can pre-load your delivery address, details of loyalty cards or even your seating preference for airline tickets. As well as being more secure this makes shopping online faster and simpler as you don't have to enter in the same information time after time. plus the two of their demo sites I checked offer it only as a checkout payment option. They do say that their servers are benchmarked at 300 transactions/sec. That's pretty darn slow for single des. Not sure that 1Des is the bottleneck. From my (perhaps incorrect) idea of the process: 1. user checks out with QuizID code 2. Website opens link to QuizID and presents *its* credentials 3. QuizID checks database, confirms valid login for the website 4. Website presents user ID and Quizid code 5. QuizID checks database, verifies that QuizID code was recently generated, the sequence number is in a reasonable range, and that the user hasn't closed his account or something 6. QuizID returns to Website any site-specific data held in its registry for that Website+Customer pair, plus any data that the user has marked of general accessability (such as delivery address) 7. Website requests payment of $amount 8. QuizID retrieves bank details from database for user, signs onto merchant services, and gets a authorization for the amount; signs on again and commits the payment; gets the account details for the Website owner from the database; signs on to the merchant services *again* and makes a payment of equal amount (presumably minus their fees) into the Website owner's account 9. QuizID sends a success (or fail) message to the Website there are probably enough individual comms and database lookup tasks there to slow things down quite a bit, even leaving aside the crypto aspects.
Re: commericial software defined radio (to 30 Mhz, RX only)
at Thursday, October 17, 2002 4:54 AM, Morlock Elloi Also, if regular cheapo PC sounboards can digitize 30 MHz (and Nyquist says this requires 60 MHz sampling rate) then some product managers need ... flogging. If I am reading this correctly, they don't need to - a fixed-frequency first mixer bandshifts a frequency block down to khz (with presumably a bandpass filter for selectivity), and the soundcard samples down in the ranges it is designed for. I could be reading it wrong though, DSP is nowhere near being my field :)
Re: One time pads
at Wednesday, October 16, 2002 6:13 PM, Bill Frantz [EMAIL PROTECTED] was seen to say: OTP is also good when: (1) You can solve the key distribution problem. Its certainly usable provided key distribution isn't an issue - if it is also worth the trouble and expense is another matter. (2) You need a system with a minimum of technology (e.g. no computers) it certainly does shine in this context - few decent encryption methods can be done with pencil and paper, and certainly by protecting the key with extra (discarded) characters, you can make the key document look innoculous indeed. Of course, indicating those characters then becomes a problem (unless you use some simplistic scheme like the second and second from last characters of each word in a specified book, but the odds of a random distribution from such is low)
Re: XORing bits to eliminate skew
at Thursday, October 17, 2002 4:38 PM, Sarad AV [EMAIL PROTECTED] was seen to say: He wanted to know how I was able to do XOR on P(0) and P(1) when xor is defined only on binary digits. you don't. P(x) is a probability of digit x in the output. ideally, P(0)=P(1)=0.5 (obviously in binary, only 0 and 1 are defined, so they are the only two possible outcomes. Now assume that one output (1 say) is more probable than the other. If this is true, you can define some value of probability (e) that is the amount a given outcome is more or less probable than the ideal. Now add a second bit. assume that the bits are (i) and (ii) so we know that the probability of (i) being 1 is 0.5-e and and being 0 is 0.5+e (there isn't a bias btw in that notation - e could be negative) so all the possible combinations are P(i=1, ii=1) =(0.5-e)(0.5-e) P(i=1, ii=0) =(0.5-e)(0.5+e) P(i=0, ii=1) =(0.5+e)(0.5-e) P(i=0, ii=0) =(0.5+e)(0.5+e) but of course if you XOR (i) and (ii) together, then (i=1, ii=1) = 0 (i=1, ii=0) = 1 (i=0, ii=1) = 1 (i=0, ii=0) = 0 collecting identical outputs allows you to say P(0)=P(i=1, ii=1)+P(i=0, ii=0) = (0.5-e)(0.5-e)+(0.5+e)(0.5+e) P(1) P(i=1, ii=0) + P(i=0, ii=1) = (0.5-e)(0.5+e)+(0.5+e)(0.5-e) reducing P(0) as in the example you gave gives you the probability of P(0) being 0.5+(2*(e^2)) so the answer is - you don't ever apply XOR to anything but binary - you do straight algebraic math on the *probabilities* of a given output (0 or 1)
Re: One time pads
at Wednesday, October 16, 2002 7:17 PM, David E. Weekly [EMAIL PROTECTED] was seen to say: As for PKI being secure for 20,000 years, it sure as hell won't be if those million-qubit prototypes turn out to be worth their salt. I wasn't aware they even had a dozen-qbit prototypes functional yet - but even so - assuming that each qbit is actually a independent complete machine (it isn't - you need to build a machine bigger than one bit) and you had a million-unit module built - this would be equivilent to building one million (2^20, I'll be generous and give you the extra few thousand) machines each able to cross-check their results instantly (so identify if one of the million has a correct answer) This will mean you can brute force a key as though it were 20 bits shorter in keylength. even assuming you can use the usual comparison (3Kbit RSA=128 bit symmetric) this leaves you the equivilient of a 108 bit key to break - and even assuming a quantum virtual machine ran as fast as a real world one, that would take a while. Of course, if you have a machine that will break a 108 bit key in under a hundred years, I am sure the NSA would like to make you an offer.. I can't remember the last time I used an asymmetric key as small as 3Kbits. my current key is 4K and has been for some years, and my next will probably be 6K just to be sure.
Re: Office of Hollywood Security, HollSec
at Saturday, October 26, 2002 1:18 AM, Tim May [EMAIL PROTECTED] was seen to say: Yes, but check very carefully whether one is in violation of the anti-hacking laws (viz. DMCA). By some readings of the laws, merely trying to break a cipher is ipso fact a violation. IIRC, you can't be arrested for cracking a cypher unless that cypher is in use to protect a copyrighted work
Re: What email encryption is actually in use?
at Monday, November 04, 2002 2:28 AM, Tim May [EMAIL PROTECTED] was seen to say: Those who need to know, know. Which of course is a viable model, provided you are only using your key for private email to those who need to know if you are using it for signatures posted to a mailing list though, it just looks silly. You, I've never seen before. Even if you found my key at the Liberal Institution of Technology, what would it mean? it would at least give us a chance to check the integrity of your post (what a sig is for after all) and anyone faking your key on the servers would have to prevent you ever seeing one of your own posts (so that you can't check the signature yourself) Parts of the PGP model are ideologically brain-dead. I attribute this to left-wing peacenik politics of some of the early folks. The Web-of-Trust model is mildly broken - all you can really say about it is that it is better than the alternatives (X509 is not only badly broken, but badly broken for the purpose of hierachical control and/or profit) In the current case, one reason to sign important posts is to establish a pattern of ownership for posts, independent of real-world identity. If I know that posts a,b c sent from nym x are all signed, I will be reasonably confident that key y is owned by the normal poster of nym x. that I don't know who that is in meatspace is pretty irrelevant. Where both systems break down is when trying to assert that key y is tied to anything but an email address (or possibly a static IP). There is little to bind a key to anything or anyone in the real world, unless you meet in person, know each other reasonably well (if only via third parties that can identify you both) and exchange fingerprints. in fact, WoT is simply an attempt to automate this process offline, so that you can be introduced to someone by a third party without all three of you having to meet; you still have to make a value judgement based on how sure you are about the third party's reliability and how confident they seem about the identity of x - however in the real world, both of those are vague, hard-to-define values and in the WoT they are rigid (you have a choice of two levels of trust for an introducer, and no way to encode how much third parties should rely on your identification)
Re: What email encryption is actually in use?
at Monday, November 04, 2002 3:13 PM, Tyler Durden This is an interesting issue...how much information can be gleaned from encrypted payloads? Usually, the VPN is an encrypted tunnel from a specified IP (individual pc or lan) to another specified IP (the outer marker of the lan, usually the firewall/vpn combo box but of course that function can be split if needs be) sniffers can usually catch at least some of the initial login - normally a host name or user name is passed unencrypted as part of the setup - but any actual mail traffic will be indistinguishable from any other traffic; it is encapsulation of IP packets in an outer encrypted wrapper. similar statements can usually be made for Zeb, SSH and other similar tunnels - each encapsulates a low level (almost raw in the case of strict tunnels like zeb or ssh) packet passing tunnel in a crypto skin.
Re: Did you *really* zeroize that key?
At 03:55 PM 11/7/02 +0100, Steven M. Bellovin wrote: Regardless of whether one uses volatile or a pragma, the basic point remains: cryptographic application writers have to be aware of what a clever compiler can do, so that they know to take countermeasures. Wouldn't a crypto coder be using paranoid-programming skills, like *checking* that the memory is actually zeroed? (Ie, read it back..) I suppose that caching could still deceive you though? I've read about some Olde Time programmers who, given flaky hardware (or maybe software), would do this in non-crypto but very important apps.
Re: Transparent drive encryption now in FreeBSD
Tyler Durden wrote: Sorry, I'm new, but does this refer to the notion of splitting up a document holographically, and placing the various pieces of numerous servers throughout the 'Net? No. It is referring to conventional encryption of your local hard disk.
Re: Psuedo-Private Key -Methodology
at Thursday, November 21, 2002 2:26 PM, Sarad AV [EMAIL PROTECTED] was seen to say: 'A' uses a very strong crytographic algorithm which would be forced out by rubber horse cryptanalysis Now if Aice could give another key k` such that the cipher text (c) decrypts to another dummy plain text(D) the secret police gets to read the dummy plain text(D) using the surrendered key k` without compramising the real plain text(P). Depends on what (c) looks like and how it is obtained. if it is a random jumble of characters (like a scramdisk) then you might get away with claiming a key 'k is the otp key for it (and of course given (c) and the required plaintext, 'k is trivial to construct) if (c) is self-evidently in the format of a known encryption package (pgp, smime, lots of others) then your attackers are not going to believe they are really OTP encrypted if the message is intercepted, not sniffed (ie, you never receive a copy yourself) then you cannot construct 'k
Re: CNN.com - WiFi activists on free Web crusade - Nov. 29, 2002 (fwd)
at Monday, December 02, 2002 8:42 AM, Eugen Leitl [EMAIL PROTECTED] was seen to say: No, an orthogonal identifier is sufficient. In fact, DNS loc would be a good start. I think what I am trying to say is - given a normal internet user using IPv4 software that wants to connect to someone in the cloud, how does he identify *to his software* the machine in the cloud if that machine is not given a unique IP address? few if any IPv4 packages can address anything more complex than a IPv4 dotted quad (or if given a DNS name, will resolve same to a dotted quad) The system can negotiate whatever routing method it uses. If the node doesn't understand geographic routing, it falls back to legacy methods. odds are good that cloud nodes will be fully aware of geographic routing (there are obviously issues there though; given a node that is geographically closer to the required destination, but does not have a valid path to it, purely geographic routing will fail and fail badly; it may also be that the optimum route is a longer but less congested (and therefore higher bandwidth) path than the direct one. For a mental image, imagine a circular cloud with a H shaped hole in it; think about routing between the pockets at top and bottom of the H, now imagine a narrow (low bandwidth) bridge across the crossbar (which is a high cost path for traffic). How do you handle these two cases?
Re: Photographer Arrested For Taking Pictures Of Vice President'S Hotel
Declan McCullagh wrote: Also epic.org (not a cypherpunk-friendly organization, but it does try to limit law enforcement surveillance) [...] Is the cypherpunks movement truly so radicalized that it is not willing to count even EPIC among its friends?
Re: Libel lunacy -all laws apply fnord everywhere
at Tuesday, December 17, 2002 5:33 AM, the following Choatisms were heard: Nobody (but perhaps you by inference) is claiming it is identical, however, it -is- a broadcast (just consider how a packet gets routed, consider the TTL for example or how a ping works). ping packets aren't routed any differently from non-ping packets - they bounce up though your ISPs idea of best route to the recipient's ISP, who then use their idea of best route to the target (leaving aside the via IP flag). The reply bounces up their ISP's idea of best route to your ISP, and down though your ISP's best route to you. There isn't a sudden wave of ping packet travelling out across the internet like a radar pulse, and reflecting back to you - it is a directed transfer of a single discrete packet. The best analogy (made by someone else here earlier) is a telephone call; each call follows a routing path defined by the phone company's best idea of pushing comms one step closer to the destination at that time; it may be that a longer route (bouncing via a third country to get to a second, rather than using the direct line) has a lower cost due to the usage at that time, so that route is used.
Re: Singularity ( was Re: Policing Bioterror Research )
at Tuesday, January 07, 2003 1:14 AM, Michael Motyka [EMAIL PROTECTED] was seen to say: financial resources, other than those that pass through verified identity gatekeepers; That's an odd way to spell Campaign Fund Contributing Corporations
Re: [IP] Open Source TCPA driver and white papers (fwd)
at Friday, January 24, 2003 4:53 PM, Mike Rosing [EMAIL PROTECTED] was seen to say: Thanks Eugen, It looks like the IBM TPM chip is only a key store read/write device. It has no code space for the kind of security discussed in the TCPA. The user still controls the machine and can still monitor who reads/writes the chip (using a pci bus logger for example). There is a lot of emphasis on TPM != Palladium, and TPM != DRM. TPM can not control the machine, and for DRM to work the way RIAA wants, TPM won't meet their needs. TPM looks pretty useful as it sits for real practical security tho, so I can see why IBM wants those !='s to be loud and clear. Bearing in mind though that DRM/Paladium won't work at all if it can't trust its hardware - so TPM != Paladium, but TPM (or an improved TPM) is a prerequisite.
Re: the news from bush's speech...H-power
at Wednesday, January 29, 2003 11:18 PM, Bill Frantz [EMAIL PROTECTED] was seen to say: Back a few years ago, probably back during the great gas crisis (i.e. OPEC) years, there were a lot of small companies working on solar power. As far as I know, they were all bought up by oil companies. Of course, only a paranoid would think that they were bought to suppress a competing technology. Actually, Oil companies are all in favour of competing technologies - provided they get to control them. Solar may be an exception though; wind is ok as the massive installations, land usage permissions and nature of the output fluctuations mean you really can't start off small (they are fine to feed into a large system where the overall average would be fairly level, though) but solar is just too easy to reduce down to individual installations in individual homes or businesses; only technologies that permit a service based business model (delivery of electricity and/or production of fuels that can't be done without massive plant) are encouraged :(
Re: Sovereignty issues and Palladium/TCPA
at Friday, January 31, 2003 2:18 AM, Peter Gutmann [EMAIL PROTECTED] was seen to say: schnipp More particularly, governments are likely to want to explore the issues related to potential foreign control/influence over domestic governmental use/access to domestic government held data. In other words, what are the practical and policy implications for a government if a party external to the government may have the potential power to turn off our access to its own information and that of its citizens. And indeed - download patches silently to change the disable functionality to email anything interesting directly to the CIA functionality.
Re: A secure government
No, the various provisions of the Constitution, flawed though it is, make it clear that there is no prove that you are not guilty provision (unless you're a Jap, or the government wants your land, or someone says that you are disrespectful of colored people). Unfortuately, this is not true in the UK - the penalty for non-decryption of encrypted files on request by an LEA (even if you don't have the key!) is a jail term.
Re: A secure government
at Thursday, February 06, 2003 11:21 AM, Pete Capelli Then which one of these groups does the federal government fall under, when they use crypto? In the feds opinion, of course. Or do they believe that their use of crypto is the only wholesome one? Terrorism of course, using their own definition - they use force or the threat of force to achieve their political aims :)
Re: Putting the NSA Data Overwrite Standard Legend to Death... (fwd)
at Thursday, February 06, 2003 2:34 PM, Tyler Durden [EMAIL PROTECTED] was seen to say: I've got a question... If you actually care about the NSA or KGB doing a low-level magnetic scan to recover data from your disk drives, you need to be using an encrypted file system, period, no questions. OK...so I don't know a LOT about how PCs work, so here's a dumb question. Will this work for -everything- that could go on a drive? (In other words, if I set up an encrypted disk, will web caches, cookies, and all of the other 'trivial' junk be encrypted without really slowing down the PC?) Provided the drive is mounted, yes. and there is no without slowing down the pc - obviously it *will* cost CPU time (you are doing crypto on each virtual disk sector on the fly), but it shouldn't impact on bandwidth unless you have a really slow pc. Virtual drives occupy a drive letter like a normal drive. most (including pgpdisk) have to be mounted while windows is already running - ie, there is nothing at that disk letter until you run a program and type a password. Some (like DriveCrypt Pluspack) allow the boot volume to be a virtual volume and be mounted *before* windows starts running. Easiest way to find out what you can and can't do is download Scramdisk or E4M, and play :)
Re: A secure government
at Thursday, February 06, 2003 3:44 PM, Peter Fairbrother [EMAIL PROTECTED] was seen to say: David Howe wrote: a) it's not law yet, and may never become law. It's an Act of Parliament, but it's two-and-a-bit years old and still isn't in force. No signs of that happening either, except a few platitudes about later. Indeed - and the more FaxYourMP can do to keep that ever coming into force the better :) b) Plod would have to prove you have the key, and refused to give it, before you got convicted. Kinda hard to do. Not true - they have to prove you *had* the key at some point in the past. having lost the key isn't a defense c) you already know this!!! probably - it was an oversimplification of a complex legal situation. the law *is* on the books, and as far as I can see, all that is stopping the first part of it coming into force is the desire of the HO to add a shopping list of new people to the list already defined in the act. I am assuming that the part we are discussing here is held up in the queue until the bits before it come into effect.
Re: A secure government
at Thursday, February 06, 2003 4:48 PM, Chris Ball [EMAIL PROTECTED] was seen to say: Another point is that ``normal'' constables aren't able to action the request; they have to be approved by the Chief Constable of a police force, or the head of a relevant Government department. The full text of the Act is available at: at least in theory. It was only a massive public FaxYourMP campaign that aborted the attempt to extend the people able to authorise list for interception to the head of any local government department (and a few other groups). I have no reason to believe that a similar paper would not have extended authority to demand keys right down to the dogcatcher general too :)
Re: Putting the NSA Data Overwrite Standard Legend to Death... (fwd)
at Monday, February 10, 2003 3:09 AM, Jim Choate [EMAIL PROTECTED] was seen to say: On Mon, 10 Feb 2003, Dave Howe wrote: no, lilo is. if you you can mount a pgpdisk (say) without software, then you are obviously much more talented than I am :) Bullshit. lilo isn't doing -anything- at that point without somebody or something (eg dongle) being present that has the -plaintext- key. Without the key the disk isn't doing anything. So no, lilo isn't mounting the partition. It -is- a tool to do the mount. I don't understand why this concept is so difficult for you - software *must* perform the mount; there is absolutely no way you could personally inspect every byte from the disk and pass decrypted data to the os at line speed yourself. lilo is the actor here. If you gave a program spec to a programmer and said write this you wouldn't be able to claim you wrote the code yourself, no matter how good or essential the program spec was. As to mounting the disk without software, not a problem it could be done all in hardware. Though you'd still need the passphrase/dongle. you couldn't *mount* a disk in hardware; you *could* decrypt on-the-fly and make the physical disk look like a unencrypted one, but you would still need non-crypto software to mount it. for virtual drives, the real question is at what point in the boot process you can mount a drive - if it is not until the os is fully functional, then you are unable to protect the os itself. if the bootstrap process can mount the drive before the os is functional, then you *can* protect the os. No you can't. If the drive is mounted before the OS is loaded you can put the system into a DMA state and read the disk (screw the OS) since it's contents are now in plaintext. no, you can't. data from the hardware is *still* encrypted; only the output of the driver is decrypted, and a machine no longer running bootstrap or os is also incapable of decryption. you *could*, if good enough, place the processor in a halt state and use DMA to modify the code to reveal the plaintext, but it would be a major pain to do so and would require both physical access to the machine *while powered up and without triggering any anti-tamper switches* after the password has been supplied. This is actually a weakness in firmware cryptodrives (as I have seen advertised recently) - once the drive is unlocked it can usually be swapped over to another machine and the plaintext read. You can also prevent the default OS from being loaded as well. Indeed so, yes. however, usually that decision has to be made before the password would be entered - so making more awkward. you *could* finangle the bootstrap though; there must *always* be part of the code outside the crypto envelope (but of course this can be removable media such as the usb drive mentioned, and stored securely when not in use) Clue: If you own the hardware, you own the software. indeed so. however, if that applied to machines not already running, the police wouldn't be so upset when they find encrypted files on seized hardware.
Re: Putting the NSA Data Overwrite Standard Legend to Death... (fwd)
at Monday, February 10, 2003 3:20 AM, Jim Choate [EMAIL PROTECTED] was seen to say: On Sun, 9 Feb 2003, Sunder wrote: The OS doesn't boot until you type in your passphrase, plug in your USB fob, etc. and allow it to read the key. Like, Duh! You know, you really ought to stop smoking crack. Spin doctor bullshit, you're not addressing the issue which is the mounting of an encrypted partition -before- the OS loads (eg lilo, which by the way doesn't really 'mount' a partition, encrypted or otherwise - it just follows a vector to a boot image that gets dumped into ram and the cpu gets a vector to execute it - one would hope it was the -intended- OS or fs de-encryption algorithm). What does that do? Nothing (unless you're the attacker). indeed. it usually boots a kernel image with whatever modules are required to get the main system up and running; There are two and only two general applications for such an approach. A standard workstation which isn't used unless there is a warm body handy. The other being a server which one doesn't want to -reboot- without human intervention. Both imply that the physical site is -secure-, that is the weakness to all the current software solutions along this line. The solution is only applicable to cold or moderately tamper-proofed systems, to prevent analysis of such systems if confiscated. It can only become a serious component in an overall scheme, but this is universally true - there is no magic shield you can fit to *anything* to solve all ills; this will add protection against the specified attacks and in fact already exists for windows (drivecrypt pluspack) - it is just non-windoze platforms that lack a product in this area.
Re: School of the future
at Thursday, February 20, 2003 2:04 AM, Harmon Seaver [EMAIL PROTECTED] was seen to say: The real school of the future won't have classrooms at all, and no teachers as we now know them. Instead there will be workstations with VR helmets and a number of software gurus in the machine tailoring themselves to the individual students needs and personality. The machine will never be tired or grumpy or just having a bad day or serious personality problems like human teachers. They would if I wrote them :) Some days you need a kind, understanding, sympathetic teacher; others, you need the Scary kind :)
Re: Blood for Oil (was The Pig Boy was really squealing today
at Thursday, February 20, 2003 1:28 AM, Harmon Seaver [EMAIL PROTECTED] was seen to say: No oil but lots of dope, especially lots of high grade opium and the CIA and the US scum military has been just desperate to get control of the world heroin trade again like they did in Vietnam days. They don't need to build a pipeline though Afganistan any more then? I know they were pretty annoyed when the taleban refused to let them, prior to 9/11
Re: The burn-off of twenty million useless eaters and minoritie s
at Friday, February 21, 2003 4:44 PM, James A. Donald [EMAIL PROTECTED] was seen to say: Highly capitalist nations do not murder millions. but their highly capitalist companies sometimes do. is this a meaningful distinction?
Re: Scientists question electronic voting
at Thursday, March 06, 2003 5:02 PM, Ed Gerck [EMAIL PROTECTED] was seen to say: On the other hand, photographing a paper receipt behind a glass, which receipt is printed after your vote choices are final, is not readily deniable because that receipt is printed only after you confirm your choices. as has been pointed out repeatedly - either you have some way to bin the receipt and start over, or it is worthless (and merely confirms you made a bad vote without giving you any opportunity to correct it) That given, you could vote once for each party, take your photograph, void the vote (and receipt) for each one, and then vote the way you originally intended to :) No, as I commented before, voiding the vote in that proposal after the paper receipt is printed is a serious matter -- it means that either the machine made an error in recording the e-vote or (as it is oftentimes neglected) the machine made an error in printing the vote. Or more probably, as seen in the american case - the user didn't understand the interface and voted wrongly. of course, you could avoid this by stating that the voting software displays the vote and gives a yes/no choice before printing the slip, but there is no reason to actually display the slip if there is no hope of voiding it short of storming out of the booth and demanding someone fix it.
Re: I for one am glad that...
at Wednesday, March 19, 2003 3:39 AM, Keith Ray [EMAIL PROTECTED] was seen to say: Which resolution took away any Member State's authority to all necessary means to uphold resolution 690? I think the problem here is who gets to define what is necessary - the UN Security council thinks it is them, Bush thinks it is him personally.
Re: U.S. Drops 'E-Bomb' On Iraqi TV
at Thursday, March 27, 2003 6:36 AM, Sarad AV [EMAIL PROTECTED] was seen to say: there is a lot of self imposed sensor ship in US on the war.The Us pows's shown on al-jazeera were not broadcasted over Us and those sites which had pictures of POW's were removed as unethical graphics on web pages. May be the US itself might be stopping access to al-jazeera networks. It certainly sounds probable. All the US and UK coverage is being very carefully stage-managed - all reporters are embedded into units for a reason - they are permitted to film what they are told, when they are told, and striking out on your own (or using a uplink to upload raw news to the newsroom carries the death penalty - as the ITN crew found out. Having a raw source of news - particularly one that carries pictures of young children being pulled from the rubble minus their legs - cannot possibly be tolerated. That isn't to say *that* source isn't biassed as well - try finding pro-COW coverage, and there must be at least some of the pro-COW coverage that our major media puts out that isn't faked.
Re: U.S. Drops 'E-Bomb' On Iraqi TV
at Tuesday, April 01, 2003 11:53 PM, Kevin S. Van Horn [EMAIL PROTECTED] was seen to say: What's a legitimate government? One with enough firepower to make its rule stick? One with real (not imagined) WMD to frighten off american presidents. NK being a good example...
Re: Drunken US Troops Kill Rare Tiger
On Monday 22 September 2003 12:37 pm, Sarad AV wrote: Vote for some one who promises freedom,democracy These two don't co-exist too well if you're idle.
Re: Sunny Guantanamo (Re: Speaking of the Geneva convention)
On Friday 19 December 2003 20:35, James A. Donald wrote: In fact Glaspie told Saddam that if he invaded Kuwait, the shit would hit the fan. (That was not her words. Her words were subject of concern, Cite? The google groups article you linked to has two links to possible transcripts. Neither back up your claim.
Re: I am anti war. You stupid evil scum are pro Saddam.
On Monday 22 December 2003 13:49, Michael Kalus wrote: Well, in america instead of being the slave to the man (just yet) you're the slave to your credit card bills By choice. your employers By choice, through a range that is barely enough to eat and drink to unimaginable heights in historical terms. and all the other robber barons you have in the industry, while under Castro you are Well what? You can't travel to the US? You are not necessarily always able to state your political opinions (which sound vaguely familiar in the US right now) etc. Not even close to the US situation. Get a clue. A simple example, read Tim May's continued expressions on the state of the US. Now read this about Cuba: http://www.indymedia.org.uk/en/2003/05/67973.html Now, tell me that you still think the US is less free. Repeat after me: Freedom is something that is defined differently by every human being. So Cuban's choose oppression and no free speech, in exchange for freedom of slavery to credit-card spending on luxury items, employment and robber barons? Have you been to Cuba?
Re: voting
I think Ed's criticism is off-target. Where is the privacy problem with Chaum receipts when Ed and others still have the freedom to refuse theirs or throw them away? It seems a legitimate priority for a voting system to be designed to assure voters that the system is working. What I see in serious voting system research efforts are attempts to build systems that provide both accountability and privacy, with minimal tradeoffs. If some kind of tradeoff between accountability and privacy is inevitable, in an extreme scenario, I'd still prefer the option to make the tradeoff for myself, rather than have the system automatically choose for me. -- David At 11:05 AM 4/9/04 -0400, Trei, Peter wrote: 1. The use of receipts which a voter takes from the voting place to 'verify' that their vote was correctly included in the total opens the way for voter coercion. John Kelsey wrote: I think the VoteHere scheme and David Chaum's scheme both claim to solve this problem. The voting machine gives you a receipt that convinces you (based on other information you get) that your vote was counted as cast, but which doesn't leak any information at all about who you voted for to anyone else. Anyone can take that receipt, and prove to themselves that your vote was counted (if it was) or was not counted (if it wasn't). At 06:58 PM 4/15/04 -0700, Ed Gerck wrote: The flaw in *both* cases is that it reduces the level of privacy protection currently provided by paper ballots. Currently, voter privacy is absolute in the US and does not depend even on the will of the courts. For example, there is no way for a judge to assure that a voter under oath is telling the truth about how they voted, or not. This effectively protects the secrecy of the ballot and prevents coercion and intimidation in all cases.
Re: voting
David Jablon wrote: [...] Where is the privacy problem with Chaum receipts when Ed and others still have the freedom to refuse theirs or throw them away? At 11:43 AM 4/16/04 -0700, Ed Gerck wrote: The privacy, coercion, intimidation, vote selling and election integrity problems begin with giving away a receipt that is linkable to a ballot. These problems begin elsewhere. Whether a receipt would add any new problem depends on further analysis. It is not relevant to the security problem whether a voter may destroy his receipt, so that some receipts may disappear. What is relevant is that voters may HAVE to keep their receipt or... suffer retaliation... not get paid... lose their jobs... not get a promotion... etc. Also relevant is that voters may WANT to keep their receipts, for the same reasons. These are all relevant issues, and the system needs to be considered as a whole. The threat of coercion is present regardless of whether there's a system-provided receipt, linkable, anonymous, or none. For example, I might be told that after I vote I'll come face-to-face with a thug around the corner, who will ask who I voted for, and who has a knack for spotting liars. Or I may be told there's a secret camera in the booth. Or I may think I'm at risk in simply showing up to vote, due to my public party affiliation records, physical appearance, etc. These issues must be addressed, and these concerns show that the integrity of receipt validation must be ensured to at least the same degree as the integrity of vote casting. But *absolute* voter privacy seems like an unobtainable goal, and it should not be used to trump other important goals, like accountability. -- David
Re: no anon conversations?
An Metet wrote: What technologies currently exist for receiving a/psuedononymous message? With Mixmaster, sending mail, posting news, and even blog posting are possible, However, receiving replies securely or, better, holding a private conversation is difficult or impossible. Best bet seems is to encrypt and spam somewhere very public? Ugly, ugly. No technological method, just a few trust me remailers. Other options? Mixminion offers a basic building block called SURBs, Single User Reply Blocks. http://mixminion.net/ http://mixminion.net/minion-spec.txt There is a draft spec. for a nymserver which uses this building block but I've seen no news of an ongoing implementation: http://mixminion.net/nym-spec.txt Mixminion installation still indicates that anonymity is still not available, due to traffic levels still being too low. The mailing list discussed current traffic levels recently: http://archives.seul.org/mixminion/dev/Apr-2004/msg1.html
Re: Is there a Brands certificate reference implementation?
Steve Furlong wrote: Does anyone know of a reference implementation for Stefan Brands's digital certificate scheme? Alternatively, does anyone have an email address for Brands so I can ask him myself? (I haven't gotten anything back from ZKS's contact us address. But I don't know if Brands is still at ZKS.) He started a new company called Credentica. http://archives.abditum.com/cypherpunks/C-punks20020603/0053.html http://www.credentica.com/
Re: MD5 collisions?
At 09:04 PM 8/17/04 -0400, R. A. Hettinga wrote: At 7:33 PM -0500 8/17/04, Declan McCullagh wrote: One is enough. Less is more. Let's eliminate redundancy, thus eliminating redundancy. LMAO RAH :-) = 36 Laurelwood Dr Irvine CA 92620-1299 VOX: (714) 544-9727 (home) mnemonic: P1G JIG WRAP VOX: (949) 462-6726 (work -don't leave msgs, I can't pick them up) mnemonic: WIZ GOB MRAM ICBM: -117.7621, 33.7275 HTTP: http://68.5.216.23:81 (back up, but not 99.999% reliable) PGP PUBLIC KEY: by arrangement Send plain ASCII text not HTML lest ye be misquoted -- Don't 'sir' me, young man, you have no idea who you're dealing with Tommy Lee Jones, MIB No, you're not 'tripping', that is an emu ---Hank R. Hill
Re: Eyes on the Prize...not the Millicent Ghetto
R. A. Hettinga e-said: Compared, again, to, regulated, monitored, bank-to-bank foreign exchange of several *trillion* dollars a *day*, it's chicken feed. On Bob's list, yesterday: About $1.2 trillion in currencies is traded daily, according to the Bank for International Settlements. Regards, Dave Birch. -- == My own opinion (I think!) given solely in my capacity as an == interested member of the general public == mail(at)davebirches.org, http://www.davebirch.org/
Re: DOJ proposes US data-rentention law.
Trei, Peter wrote: - start quote - Cyber Security Plan Contemplates U.S. Data Retention Law http://online.securityfocus.com/news/486 Internet service providers may be forced into wholesale spying on their customers as part of the White House's strategy for securing cyberspace. By Kevin Poulsen, Jun 18 2002 3:46PM An early draft of the White House's National Strategy to Secure Cyberspace envisions the same kind of mandatory customer data collection and retention by U.S. Internet service providers as was recently enacted in Europe, according to sources who have reviewed portions of the plan. In recent weeks, the administration has begun doling out bits and pieces of a draft of the strategy to technology industry members and advocacy groups. A federal data retention law is suggested briefly in a section drafted in part by the U.S. Justice Department. If the U.S. wasn't in an undeclared 'war', this would be considered an unfunded mandate. Does anyone realize the cost involved? Think of all the spam that needs to be recorded for posterity. ISPs don't currently record the type of information that this is talking about. What customer data backup is being performed by ISPs is by and large done by disk mirroring and is not kept permanently. I did a bit of back of the envelope calculation and the cost in the U.S. approaches half a billion dollars a year in additional backup costs a year without any CALEA type impact to make it easy for law enforcment to do data mining. The estimate could easily be low by a factor of 5-10. AOL of course would be hit by 40 percent of this though, not to mention a nice tax on MSN. Call it ten cents a day per customer in fee increases to record all that spam for review by big brother. I feel safer already. Whats next, censorship?
Re: Ross's TCPA paper
Hadmut Danisch writes: You won't be able to enter a simple shell script through the keyboard. If so, you could simple print protected files as a hexdump or use the screen (or maybe the sound device or any LED) as a serial interface. Since you could use the keyboard to enter a non-certified program, the keyboard is to be considered as a nontrusted device. This means that you either * have to use a certified keyboard which doesn't let you enter bad programs * don't have a keyboard at all * or are not able to use shell scripts (at least not in trusted context). This means a strict separation between certified software and data. The latter is closest to what's intended in Palladium. Individual programs using Palladium features are able to prevent one another from reading their executing or stored state. You can write your own programs, but somebody else can also write programs which can process data in a way that your programs can't interact with. The Palladium security model and features are different from Unix, but you can imagine by rough analogy a Unix implementation on a system with protected memory. Every process can have its own virtual memory space, read and write files, interact with the user, etc. But normally a program can't read another program's memory without the other program's permission. The analogy starts to break down, though: in Unix a process running as the superuser or code running in kernel mode may be able to ignore memory protection and monitor or control an arbitrary process. In Palladium, if a system is started in a trusted mode, not even the OS kernel will have access to all system resources. That limitation doesn't stop you from writing your own application software or scripts. Interestingly, Palladium and TCPA both allow you to modify any part of the software installed on your system (though not your hardware). The worst thing which can happen to you as a result is that the system will know that it is no longer trusted, or will otherwise be able to recognize or take account of the changes you made. In principle, there's nothing wrong with running untrusted; particular applications or services which relied on a trusted feature, including sealed storage (see below), may fail to operate. Palladium and TCPA both allow an application to make use of hardware-based encryption and decryption in a scheme called sealed storage which uses a hash of the running system's software as part of the key. One result of this is that, if you change relevant parts of the software, the hardware will no longer be able to perform the decryption step. To oversimplify slightly, you could imagine that the hardware uses the currently-running OS kernel's hash as part of this key. Then, if you change the kernel in any way (which you're permitted to do), applications running under it will find that they're no longer able to decrypt sealed files which were created under the original kernel. Rebooting with the original kernel will restore the ability to decrypt, because the hash will again match the original kernel's hash. (I've been reading TCPA specs and recently met with some Microsoft Palladium team members. But I'm still learning about both systems and may well have made some mistakes in my description.) -- Seth Schoen Staff Technologist[EMAIL PROTECTED] Electronic Frontier Foundationhttp://www.eff.org/ 454 Shotwell Street, San Francisco, CA 94110 1 415 436 9333 x107
Re: Challenge to David Wagner on TCPA
Jon Callas wrote: On 8/1/02 1:14 PM, Trei, Peter [EMAIL PROTECTED] wrote: So my question is: What is your reason for shielding your identity? You do so at the cost of people assuming the worst about your motives. Is this a tacit way to suggest that the only people who need anonymity or pseudonymity are those with something to hide?
Re: Wolfram on randomness and RNGs
It would seem that while the bitstream generated by the center column of rule 30 might be a good random number source, its repeatability is the very thing that detracts from its usefulness in cryptographic application. An obviously poor application would be to have a one time pad where two parties would xor their plaintext with the bitstream produced by rule 30, starting at the top. While the resulting bitstream would appear random, an attacker with knowledge of the algorithm could just run rule 30 themselves and decode the result. To have cryptographically strong random numbers, one needs to have an *unreproducable* source of randomness -- the very thing that Wolfram seems to sneer at as being purely academic but that the above methodology makes clear. While a slightly modified approach of having both sides start at a secret row of rule 30 could be used, the key is now merely the row number; defeating the purpose. One interesting possibility might be to seed a wide row of rule 30 with bits gleamed from the environment; this would make it difficult to reproduce the bitstream without the bits representing the initial conditions, but without continuing to add bits to rows, the bit strength of the randomness is only the width of the seeded row (namely, if you're using 8 bits of randomness to seed rule 30, an attacker could brute force the 256 possibilities to find your random bitstream). The problem is, IMHO, exactly analogous to deriving randomness from irrational numbers, such as the digits of pi, e, or the square root of two; this just might be a slightly more efficient way to generate the bitstream. The point is, they're all very good sources of randomness, but the fact that their sequences are so well-defined keeps them from being a good source of secrecy; picking out which portions of the sequence to use end up becoming your secret and your sequence is truly only as unpredictable as this secret. In another sense, the sequence you're using is only as strong as its inputs. Just my $0.02; please bitchslap me if I got this wrong. David E. Weekly Founder Executive Director California Community Colocation Project (an OPG project) http://CommunityColo.net/ - the world's first non-profit colo! - Original Message - From: Steve Schear [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 06, 2002 1:57 PM Subject: Wolfram on randomness and RNGs Background Stephen Wolfram's book, A New Kind of Science, is nothing if not interesting. This encyclopedia-sized volume traces how his fascination with cellular automata, beginning in the 1970s, led him to spend decades exploring the significance of complexity created from simple rules. I hope the following will not be too wordy and generate interest in the cryptographic implications of his work. Intrinsic Generation of Randomness In the chapter Mechanisms and Programs in Nature, pp 297 - 361, he presents his case that behavioral similarities between certain simple programs and systems in nature are no coincidence but reflect a deep correspondence. In this section he explores three mechanisms for randomness: external input (noise) captured in so-called stochastic models, those related to initial conditions (e.g., chaos theory), and those based on the behavior of simple programs described in the book and which believes are the most common in nature. Under the section The Intrinsic Generation of Randomness he presents evidence for his third mechanism in which no random input from the outside is needed, and in which the randomness is instead generated inside the systems themselves. When one says that something seems random, what one usually means in practice is that one cannot see any regularities in it. So when we say that a particular phenomenon in nature seems random, what we mean is that none of our standard methods of analysis have succeeded in finding regularities in it. To assess the randomness of a sequence produced by something like a cellular automaton, therefore, what we must do is to apply to it the same methods of analysis as we do to natural systems ... some of these methods have been well codified in standard mathematics and statistics, while others are effectively implicit in our processes of visual and other perception. But the remarkable fact is that none of these methods seem to reveal any real regularities whatsoever in the rule 30 cellular automaton sequence. And thus, so far as one can tell, this sequence is at least as random as anything we see in nature. But is it truly random? Over the past century or so, a variety of definitions of true randomness have been proposed. And according to most of these definitions, the sequence is indeed truly random. But there are a certain class of definitions which do not consider it truly random. For these definitions are based on the notion of classifying as truly random only sequences which can never be generated by any simple
Re: One time pads
Naive question here, but what if you made multiple one time pads (XORing them all together to get your true key) and then sent the different pads via different mechanisms (one via FedEx, one via secure courier, one via your best friend)? Unless *all* were compromised, the combined key would still be secure. As for PKI being secure for 20,000 years, it sure as hell won't be if those million-qubit prototypes turn out to be worth their salt. Think more like 5-10 years. In fact, just about everything except for OTP solutions will be totally, totally fucked. Which means that you should start thinking about using OTP *now* if you have secrets you'd like to keep past when an adversary of yours might have access to a quantum computer. I'd put 50 years as an upper bound on that, 5 years as a lower. -d - Original Message - From: David Howe [EMAIL PROTECTED] To: Email List: Cypherpunks [EMAIL PROTECTED] Sent: Wednesday, October 16, 2002 7:52 AM Subject: Re: One time pads at Wednesday, October 16, 2002 2:01 PM, Sarad AV [EMAIL PROTECTED] was seen to say: Though it has a large key length greater than or equal to the plain text,why would it be insecure if we can use a good pseudo random number generators,store the bits produced on a taper proof medium. because you have replaced a OTP (provably secure) with a PRNG stream cypher (only as secure as the PRNG). he isn't saying that stream cyphers can't be secure - just that they aren't OTP. There is also no point in distributing the output of a PRNG as a tamperproof tape - you just run the PRNG at both sides, in sync. if you use a *real* RNG, then you can do the tape disribution thing and it *will* be a OTP - but its the tape distribution that is the difficult bit (as he points out in the article) why do we always have to rely on the internet for sending the pad?If it is physically carried to the receiver we can say for sure if P or R is intercepted. two obvious points are 1. it isn't aways possible to ensure secure delivery - if a courier is compromised or falls asleep and the tape is substituted with another, a mitm attack can be made transparently. 2. if the parties are physically remote, they may not have time to exchange tapes securely; unless there is a airplane link directly or indirectly between the sites, it may be days or weeks in transit. can some one answer the issues involved that one time pads is not a good choice. OTP is the best choice for something that must be secret for all time, no matter what the expense. anything that secure for 20,000 years will be sufficient for, go for PKI instead :)
Re: One time pads and Quantum Computers
David E. Weekly[SMTP:[EMAIL PROTECTED]] Which means that you should start thinking about using OTP *now* if you have secrets you'd like to keep past when an adversary of yours might have access to a quantum computer. ... OTPs won't help a bit for that problem. They're fine for transmitting new data if you've already sent a pad, but they're useless for storing secrets, because you can only decrypt something if you've got the pad around, and you have to burn the pad after use. Yes, sorry -- I should have clarified as you should start thinking about encrypting data transmissions using OTP *now* if you'd like to send secrets you'd like to keep... -- destroying both pads after transmission should be obvious. I wasn't attempting to address secure data storage. -d
ISP Utilty To Cypherpunks?
Cypherpunks, I run a 501(c)(3) non-profit focuses on providing free, donation-based colocation to individuals and other non-profits (i.e., no companies are hosted. Additionally, we try to do things that are useful to the not-for-profit Internet community as a whole; for instance, we run a freenode.info IRC server (freenode is used by a lot of Open Source development groups to coordinate developer teams). I'd like to understand how we could be useful to the cypherpunk community. I've got some wild guesses (run a public keyserver, run a mixmaster node, etc), but I don't really know what is most badly needed, or how we could provide the most bang for the bandwidth buck. (We do pay for bandwidth, so serving up Debian ISOs is not a viable way we can help the community at this time.) Ideally, we'd like to find applications that don't use a lot of bandwidth (500kbps aggregate), but require a server that's got a fixed IP, is up all the time, and has very low latency to most of the Net. How can we help? David E. Weekly Founder Director California Community Colocation Project http://CommunityColo.net/ PS: We are entirely volunteer-based. Nobody gets paid.
Re: What email encryption is actually in use?
-BEGIN PGP SIGNED MESSAGE-
If you signed your messages on a regular basis, it would let me know
whether or not you're the same Tim May, I've been reading since back
when toad.com was the only server for the list.
If you're key was signed by anyone I've dealt with, who I know will
actually check your id, it would increase my confidence that you
really are Tim May, and not just a net persona.
It doen't make one iota of difference, whether you choose to
distribute your key or not. Your ideas are usually thought
provoking,
and consistent enough to form a persona in the minds of the list
readers. Or at least, in mine.
I know you know (whether or not you agree) with the above. It just
struck me as humourous that you'd sign the post, with the comment
to the effect that there isn't much point in doing so, with a key
that isn't on the servers.
Do you see the PGP web of trust as completly useless?
As to who I am, well...
I'm a programmer, living in London, Ont. Canada.
I've been lurking, off and on, since 94 or so. I don't think I've
actually posted anything to the list since back in 96, when I
wrote a freeware program to simplify using PGP with dos based
offline mail readers (MPI.ZIP).
While I normally promote privacy issues, only with those I meet
face to face, I still consider myself a cypherpunk. I normally
only post to the list, when my point of view isn't being
expressed by any of the regular posters.
Regards, Dave Hodgins.
Tim May wrote:
On Sunday, November 3, 2002, at 06:14 PM, David W. Hodgins wrote:
-BEGIN PGP SIGNED MESSAGE-
The advantages really disappear, when the key used to sign the
message
isn't sent to the key servers {:.
Those who need to know, know.
You, I've never seen before. Even if you found my key at the
Liberal Institution of Technology, what would it mean?
Parts of the PGP model are ideologically brain-dead. I attribute
this to left-wing peacenik politics of some of the early folks.
- --Tim May
-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use http://www.pgp.com
iQEVAwUBPcXu94s+asmeZwNpAQFQuAf+LbwrdQV8CPAc/lw2AF5HPvKLGopHCj3i
tFR+drfFAYDDA6UHMPJOFxzDdhFYrRbhQ3c3cSkExSSoI7Mce389KPdGimWQZTJZ
rCYyvnXtG+S//ya8yCELXC3SSwwra0+laPpoSz6lseIU6YJUYFyMLnnXaH5gpxHi
O7TtK8kfPFQVVdbBuJC4mp9SjNO3DqIM29UbPSrf9KZ1w2zPXA4eov9GL9jjU808
CzT+wncCYaE1EU8cT3C+TFJyd8r8B1S6CLbjX9hC71kIt5bVUt1EHMHUx8u2YaXZ
i4o2kKQGePbJvIIiOuwngIUOuwnbgLlGO7+zhsL4y2UuXeJ1/W5NVQ==
=8BJt
-END PGP SIGNATURE-
Re: Press Coverage, Snarky Media Personalities, and War
On Sat, 1 Mar 2003 16:14:58 -0600, Shawn K. Quinn [EMAIL PROTECTED] wrote: At least two of my prior e-mail addresses made never ever spam these addresses lists (unlike remove lists, these are actually heeded by a lot of spamming vermin), so I know that this can work. Where can one sign up to these never ever spam lists? Dave Hodgins
Public hearing in Boston on Mass DMCA bill
For those on this list from the Boston area there is a public hearing on the Mass version of the Super-DMCA bill on Wed April 2nd at 10 AM in Room 222 of the Mass State house in downtown Boston. This might be a chance to find out who is sponsoring this legislation and raise some objections to its overbroad nature. The actual sponsor of this legislation is a Rep Stephen Tobin from Boston He advertises the bill as legislation to establish a crime of illegal internet and broadband access. I hope some Mass list members show up... (And for some strange reason my [EMAIL PROTECTED] address has suddenly become blocked by lne.com as a spam site. This has never happened before and is rather scary. It suggests a targetted counterattack by someone). Dave Emery - [EMAIL PROTECTED]
Re: Logging of Web Usage
Bill Frantz writes: The http://cryptome.org/usage-logs.htm URL says: Low resolution data in most cases is intended to be sufficient for marketing analyses. It may take the form of IP addresses that have been subjected to a one way hash, to refer URLs that exclude information other than the high level domain, or temporary cookies. Note that since IPv4 addresses are 32 bits, anyone willing to dedicate a computer for a few hours can reverse a one way hash by exhaustive search. Truncating IPs seems a much more privacy friendly approach. This problem would be less acute with IPv6 addresses. I'm skeptical that it will even take a few hours; on a 1.5 GHz desktop machine, using openssl speed, I see about a million hash operations per second. (It depends slightly on which hash you choose.) This is without compiling OpenSSL with processor-specific optimizations. That would imply a mean time to reverse the hash of about 2100 seconds, which we could probably improve with processor-specific optimizations or by buying a more recent machine. What's more, we can exclude from our search parts of the IP address space which haven't been allocated, and optimize the search by beginning with IP networks which are more likely to be the source of hits based on prior statistical evidence. Even without _any_ of these improvements, it's just about 35 minutes on average. I used to advocate one-way hashing for logs, but a 35-minute search on an ordinary desktop PC is not much obstacle. It might still be helpful if you used a keyed hash and then threw away the key after a short time period (perhaps every 6 hours). Then you can't identify or link visitors across 6-hour periods. If the key is very long, reversing the hash could become very hard. The logging problem will depend on what server operators are trying to accomplish. Some people just want to try to count unique visitors; strangely enough, they might get more privacy-protective (and comparably precise) results by issuing short-lived cookies. -- Seth David Schoen [EMAIL PROTECTED] | Very frankly, I am opposed to people http://www.loyalty.org/~schoen/ | being programmed by others. http://vitanuova.loyalty.org/ | -- Fred Rogers (1928-2003), |464 U.S. 417, 445 (1984)
Re: [camram-spam] Re: Microsoft publicly announces Penny Black PoW postage project
Eric S. Johansson writes: Ben Laurie wrote: Richard Clayton wrote: and in these schemes, where does our esteemed moderator get _his_ stamps from ? remember that not all bulk email is spam by any means... or do we end up with whitelists all over the place and the focus of attacks moves to the ingress to the mailing lists :( He uses the stamp that you generated. Each subscruber adds [EMAIL PROTECTED] as an address they receive mail at. Done. Trivial. take a look at my headers and you'll see a real example. ---eric (No. 1 generator of stamps on the Internet) It seems like one risk for hashcash is that, when mailing lists are whitelisted, a spammer can then use the lists to amplify spam (which I think is what Richard Clayton was suggesting above). For instance, you generated a single hashcash stamp for [EMAIL PROTECTED] of the same value as the stamp you generated for [EMAIL PROTECTED] That stamp would hypothetically induce metzdowd.com to send your message to _all_ of the cryptography subscribers, all of whom have hypothetically whitelisted the list. That means that, if your message were spam, you delivered it to the whole subscriber base at very low cost. Or does hashcash only help moderated mailing lists (where it pays the moderator for her time)? My current impression is that it will benefit individual e-mail recipients but not help subscribers to large unmoderated mailing lists. -- Seth David Schoen [EMAIL PROTECTED] | Very frankly, I am opposed to people http://www.loyalty.org/~schoen/ | being programmed by others. http://vitanuova.loyalty.org/ | -- Fred Rogers (1928-2003), |464 U.S. 417, 445 (1984)
Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems
On Thu, 20 Oct 2005, cyphrpunk wrote: system without excessive complications. Only the fifth point, the ability for outsiders to monitor the amount of cash in circulation, is not satisfied. But even then, the ecash mint software, and procedures and controls followed by the issuer, could be designed to allow third party audits similarly to how paper money cash issuers might be audited today. One approach, investigated by Hal Finney, is to run the mint on a platform that allows remote attestation. Check out rpow.net - he has a working implementation of a proof of work payment system hosted on an IBM 4758. -David Molnar
