Re: Israeli coders, Arab testers

2004-04-01 Thread Barney Wolff
The fly in this ointment is that the testers (of whatever stripe)
are being trusted to reveal all the flaws that they find.  One way
of assuring that is flaw injection, but it's imperfect, because
you can never prove that failure to find the flaw was deliberate.

The same problem applies to penetration tests, which is why hiring
former felons to do it is not risk-free.

Barney Wolff
I'm available by contract or FT, in the NYC metro area or via the 'Net.

The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Verisign CRL single point of failure

2004-04-01 Thread Dirk-Willem van Gulik
On Jan 9, 2004, at 8:06 PM, Rich Salz wrote:

dave kleiman wrote:

Because the client has a Certificate Revocation Checking function 
turned on
in a particular app (i.e. IE or NAV).

I don't think you understood my question.  Why is 
getting overloaded *now.*  What does the expiration of one of their CA 
certificates have to do with it?  Once you see that a cert has 
expired, there's no need whatsoever to go look at the CRL.  The point 
of a CRL is to revoke certificates prior to their expiration.
Though I have no particular experience with the virus-scan software; 
we've seen exactly
this behavior with a couple of medical app's build onto the same 
libraries. Once any cert
in the bundle is expired the software -insists- on checking with the 
CRL at startup. And it will
hang if it cannot. When it gets the info back - It does not cache the 
(negative) information;
nor does that seem to trigger any clever automated roll-over. We tried 
tricking it with flags like
'superseded' and cessationOfOperation in the reasons/cert status mask - 
but no avail. The
only workaround  we've found is to remove all expired certs from the 
system asap.

My guess it is just a bug in a library; albeit a commonly used one.


The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

The 'Privacy' Jihad

2004-04-01 Thread R. A. Hettinga,,SB108079540145771406,00.html

The Wall Street Journal

  April 1, 2004


The 'Privacy' Jihad

April 1, 2004; Page A14

The 9/11 Commission hearings have focused public attention again on the
intelligence failures leading up to the September attacks. Yet since 9/11,
virtually every proposal to use intelligence more effectively -- to connect
the dots -- has been shot down by left- and right-wing libertarians as an
assault on privacy. The consequence has been devastating: Just when the
country should be unleashing its technological ingenuity to defend against
future attacks, scientists stand irresolute, cowed into inaction.

The privacy advocates -- who range from liberal groups focused on
electronic privacy, such as the Electronic Privacy Information Center, to
traditional conservative libertarians, such as Americans for Tax Reform --
are fixated on a technique called data mining. By now, however, they have
killed enough different programs that their operating principle can only be
formulated as this: No use of computer data or technology anywhere at any
time for national defense, if there's the slightest possibility that a
rogue use of that technology will offend someone's sense of privacy. They
are pushing intelligence agencies back to a pre-9/11 mentality, when the
mere potential for a privacy or civil liberties controversy trumped
security concerns.

* * *

The privacy advocates' greatest triumph was shutting down the Defense
Department's Total Information Awareness (TIA) program. Goaded on by New
York Times columnist William Safire, the advocates presented the program as
the diabolical plan of John Poindexter, the former Reagan national security
adviser and director of Pentagon research, to spy on every public and
private act of every American -- in Mr. Safire's words.

The advocates' distortion of TIA was unrelenting. Most egregiously, they
concealed TIA's purpose: to prevent another attack on American soil by
uncovering the electronic footprints terrorists leave as they plan and
rehearse their assaults. Before terrorists strike, they must enter the
country, receive funds, case their targets, buy supplies, and send phone
and e-mail messages. Many of those activities will leave a trail in
electronic databases. TIA researchers hoped that cutting-edge computer
analysis could find that trail in government intelligence files and,
possibly, in commercial databases as well.

TIA would have been the most advanced application yet of data mining, a
young technology which attempts to make sense of the explosion of data in
government, scientific and commercial databases. Through complex
algorithms, the technique can extract patterns or anomalies in data
collections that a human analyst could not possibly discern. Public health
authorities have mined medical data to spot the outbreak of infectious
disease, and credit-card companies have found fraudulent credit-card
purchases with the method, among other applications.

But according to the privacy community, data mining was a dangerous,
unconstitutional technology, and the Bush administration had to be stopped
from using it for any national-security or law-enforcement purpose. By
September 2003, the hysteria against TIA had reached a fevered pitch and
Congress ended the research project entirely, before learning the
technology's potential and without a single privacy violation ever having
been committed.

The overreaction is stunning. Without question, TIA represented a radical
leap ahead in both data-mining technology and intelligence analysis. Had it
used commercial data, it would have given intelligence agencies
instantaneous access to a volume of information about the public that had
previously only been available through slower physical searches. As with
any public or private power, TIA's capabilities could have been abused --
which is why the Pentagon research team planned to build in powerful
safeguards to protect individual privacy. But the most important thing to
remember about TIA is this: It would have only used data to which the
government was already legally entitled. It differed from existing
law-enforcement and intelligence techniques only in degree, not kind.
Pattern analysis -- the heart of data mining -- is conventional
crime-solving, whether the suspicious patterns are spotted on a crime pin
map, on a city street, or in an electronic database.

The computing world watched TIA's demolition and rationally concluded:
Let's not go there. People and companies will no longer enter into
technology research [involving national-security computing] because of the
privacy debates, says a privacy officer for a major information retrieval

But the national-security carnage was just beginning. Next on the block: a
biometric camera to protect embassies and other critical government
buildings from terrorist attack; and an artificial intelligence program to
help battlefield 

Testing cryptographic hash functions

2004-04-01 Thread Danko Ilik

I have put on-line an implementation of an Eric Filiol's Moebius Statistical 
Analysis of Symmetric Ciphers and Hash Functions, if anyone might need such a 

It is a part of a package of utilities for testing cryptographic hash 
functions (Maurer's universal statistical test, (partial) collision searching 
and avalanche property measurement).


The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Using PDAs as Tokens or Smart Card Readers

2004-04-01 Thread R. A. Hettinga

Cryptonomicon.Net -


 Using PDAs as Tokens or Smart Card Readers
Posted on Monday, January 19 @ 08:00:00 EST by mhamrick
Cryptographic smart card technology has been with us for a quite a while
now, and standardization efforts have been proceeding since the early
1980's. Through the 1990's we began to see adoption first in market niches,
and later in governmental and financial markets. The new millenium brought
a surge of new initiatives (the most sucessful being the US Department of
Defense's Common Access Card initiative.) Studies indicate that using
hardware tokens to login to remote computers or networks enhances security
and drives costs down by reducing the numbers of support personnel to
assist users in recovering from lost or stolen passwords. Smart Card
vendors have been pointing out the benefits of cryptographic hardware
tokens for years, but we've yet to see the wide-scale adoption of the
technology in consumer class PCs. If hardware tokens are so great, why
don't we see a smart card reader on every desktop computer sold?

Security experts agree that authenticating with a smart card and a PIN is
generally more secure than authenticating with a password alone. The
oft-heard mantra of the hardware token industry is something you have,
something you know. In this case, the token (smart card) itself it the
thing you have, while the PIN is the thing you know.

Authenticating with hardware tokens and public key cryptography minimizes
the opportunity for eavesdroppers to capture passwords as they fly across
potentially insecure networks. (PINs used to unlock hardware tokens
generally do not travel across networks the way login passwords do.)
Most likely the answer is that it's unclear which vendor in the supply
chain gets the benefit, but it's very clear who bears the cost. The PC
manufacturing business is, as most know, a cutthroat competition to
decrease production and sales costs. In this climate PC manufacturers are
unlikely to include a smart card reader. The reader increases the price of
the systems they sell, while adding uncertain benefit. In other words, it's
unclear how many consumers would value an integrated smart card reader
enough to pay for the manufacturer to include one. Admittedly, smart card
readers are plummeting in price, but there is still a non-zero cost
associated with them; on the bottom end of the consumer market, adding cost
of the reader means subtracting an equivalent cost somewhere else in the
design. But unless there is wide-spread demand for hardware tokens, and PC
manufacturers just can't sell PCs that don't support them, it's unlikely
we'll see any gap-crossing into the consumer market. We believe there is a
market, however, it's just a question of jump-starting demand. Small and
medium sized enterprises and ISPs would directly benefit from a user
population dense with smart card capabilities.

Costs for smart cards and smart card readers have been on the decline for a
decade. Vendors should be able to find readers for under $15 in bulk. At
this price point, it's beginning to be in the ISPs best interest to start
distributing smart card readers to some subscribers to see if the projected
cost savings materialize.

But readers and cards still have a non-zero cost associated with them, and
competition between ISPs will only increase as Wireless ISPs begin to
compete with DSL and Cable modem providers in the last-mile arena.

Another option discussed on Cryptonomicon.Net years ago (see Security for
Palm Platform) was to use Personal Digital Assistants as hardware tokens.
Most PDAs are already designed to connect to desktop machines via USB,
Infra-Red, or Blue Tooth.

Using a smart card reader with a dedicated PIN keypad and display could
help reduce risks of keyboard sniffers or rogue code piggy-backing
requests once the user has logged in to the card. PDAs would be an ideal
platform to serve as such a reader. Most already have relatively large
displays; large enough alert the user which program is requesting
authentication and why. Each time an application needs to access sensitive
information on the card, it would alert the user on the main computer
screen and on the PDA screen. If a user sees a request on the PDA screen
that is not on the computer's main screen, this may be a cue to investigate
the possibility of rogue code.

We're in a market where security solutions are supposedly attracting
capital. There's also no shortage of security vulnerabilities. Palm and
Handspring were both distracted by a corporate merger over the past year,
and PalmSource has recently released PalmOS 6.0 to it's partners. It seems
that now is the perfect time for PDA vendors to attack a new market. With a
minimal cost to the customer, modern PDAs could be bundled with soft
token technology.

For higher security, a smart card reader could be added to the PDA for use
with smart cards or USB dongles. The user 

All Internet voting is insecure: report

2004-04-01 Thread Ian Grigg

All Internet voting is insecure: report
Posted: 23/01/2004 at 11:37 GMT
Get The Reg wherever you are, with The Mobile Register

Online voting is fundamentally insecure due to the architecture of the
Internet, according to leading cyber-security experts.

Using a voting system based upon the Internet poses a serious and
unacceptable risk for election fraud and is not secure enough for
something as serious as the election of government officials, according to
the four members of the Security Peer Review Group, an advisory group
formed by the US Department of Defense to evaluate a new on-line voting

The review group's members, and the authors of the damning report, include
David Wagner, Avi Rubin and David Jefferson from the University of
California, Berkeley, Johns Hopkins University and the Lawrence Livermore
National Laboratory, respectively, and Barbara Simons, a computer
scientist and technology policy consultant.

The federally-funded Secure Electronic Registration and Voting Experiment
(SERVE) system is currently slated for use in the US in this year's
primary and general elections. It will allow eligible voters to register
to vote at home and then to vote via the Internet from anywhere in the
world. The first tryout of SERVE is early in February for South Carolina's
presidential primary and its eventual goal is to provide voting services
to all eligible US citizens overseas and to US military personnel and
their dependents, a population estimated at six million.

After studying the prototype system the four researchers said that from
anywhere in the world a hacker could disrupt an election or influence its
outcome by employing any of several common types of cyber-attacks.
Attacks could occur on a large scale and could be launched by anyone from
a disaffected lone individual to a well-financed enemy agency outside the
reach of US law, state the three computer science professors and a former
IBM researcher in the report.

A denial-of-service attack would delay or prevent a voter from casting a
ballot through a Web site. A man in the middle or spoofing attack
would involve the insertion of a phoney Web page between the voter and the
authentic server to prevent the vote from being counted or to alter the
voter's choice. What is particularly problematic, the authors say, is that
victims of spoofing may never know that their votes were not counted.

A third type of attack involves the use a virus or other malicious
software on the voter's computer to allow an outside party to monitor or
modify a voter's choices. The malicious software might then erase itself
and never be detected, according to the report.

While acknowledging the difficulties facing absentee voters, the authors
of the security analysis conclude that Internet voting presents far too
many opportunities fo

The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Announcement: New mailing list for UK crypto

2004-04-01 Thread Ben Laurie
By popular demand, I've created a moderated alternative to the UKCrypto 
mailing list. See for the 
charter and subscription information.

This is intended to be complementary to the cryptography (because its 
about the UK) and ukcrypto (because its moderated) mailing lists, rather 
than competitive with them.

And no, I'm not interested in discussing why we haven't burnt our money 
buying a cert from your favourite money sink.



There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit. - Robert Woodruff
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]