[fc-announce] CFP FC'06: Financial Cryptography and Data Security

[R.A. Hettinga]

--- begin forwarded text


 To: [EMAIL PROTECTED]
 From: Avi Rubin <[EMAIL PROTECTED]>
 Subject: [fc-announce] CFP FC'06: Financial Cryptography and Data Security
 Sender: [EMAIL PROTECTED]
 Date: Tue, 2 Aug 2005 13:58:29 -0400

 
 Call for Papers

  FC'06: Financial Cryptography and Data Security
   http://fc06.ifca.ai/

  Tenth International Conference
   February 27 to March 2, 2006
   Anguilla, British West Indies

  Submissions Due Date: October 17, 2005

 Program Chairs: Giovanni Di Crescenzo (Telcordia)
  Avi Rubin (Johns Hopkins University)

 General Chair: Patrick McDaniel (Penn State University)

 Local Arrangements Chair: Rafael Hirschfeld (Unipay Technologies)

 At its 10th year edition, Financial Cryptography and Data Security
 (FC'06) is a well established and major international forum for
 research, advanced development, education, exploration, and debate
 regarding security in the context of finance and commerce. We will
 continue last year's augmentation of the conference title and expansion
 of our scope to cover all aspects of securing transactions and systems.
 These aspects include a range of technical areas such as: cryptography,
 payment systems, secure transaction architectures, software systems and
 tools, user and operator interfaces, fraud prevention, secure IT
 infrastructure, and analysis methodologies. Our focus will also
 encompass financial, legal, business and policy aspects. Material both
 on theoretical (fundamental) aspects of securing systems, on secure
 applications and real-world deployments will be considered.

 The conference goal is to bring together top cryptographers,
 data-security specialists, and scientists with economists, bankers,
 implementers, and policy makers. Intimate and colorful by tradition,
 the FC'06 program will feature invited talks, academic presentations,
 technical demonstrations, and panel discussions. In addition, we will
 celebrate this 10th year edition with a number of initiatives, such as:
 especially focused session, technical and historical state-of-the-art
 panels, and one session of surveys.

 This conference is organized annually by the International Financial
 Cryptography Association (IFCA).

 Original papers, surveys and presentations on all aspects of financial
 and commerce security are invited. Submissions must have a visible
 bearing on financial and commerce security issues, but can be
 interdisciplinary in nature and need not be exclusively concerned with
 cryptography or security. Possible topics for submission to the various
 sessions include, but are not limited to:

 Anonymity and Privacy   Microfinance and
 AuctionsMicropayments
 Audit and Auditability  Monitoring, Management and
 Authentication and  Operations
 Identification, including   Reputation Systems
 Biometrics  RFID-Based and Contactless
 Certification and   Payment Systems
 Authorization   Risk Assessment and
 Commercial CryptographicManagement
 ApplicationsSecure Banking and Financial
 Commercial Transactions and Web Services
 Contracts   Securing Emerging
 Digital Cash and PaymentComputational Paradigms
 Systems Security and Risk
 Digital Incentive and   Perceptions and Judgments
 Loyalty Systems Security Economics
 Digital Rights Management   Smart Cards and Secure
 Financial Regulation andTokens
 Reporting   Trust Management
 Fraud Detection Trustability and
 Game Theoretic Approaches toTrustworthiness
 SecurityUnderground-Market Economics
 Identity Theft, Physhing andUsability and Acceptance of
 Social Engineering  Security Systems
 Infrastructure Design   User and Operator Interfaces
 Legal and Regulatory Issues Voting system security

   Submission Instructions

 Submission Categories

 FC'06 is inviting submissions in four categories: (1) research papers,
 (2) systems and applications presentations, (3) panel sessions, (4)
 surveys. For all accepted submissions, at least one author must attend
 the conference and present the work.

 Research Papers

 Research papers should describe novel scientific contributions to the
 field, and they will be subject to rigorous peer review. Papers can be
 a maximum of 15 pages in length (including references and appendices),
 and accepted submissions will be published in full in the conference
 proceedings.

 Systems and Application Presentations

 Submissions in this category should describe novel or successful
 systems with an emphasis on secure digital commerce applications.
 Presentations may concern commercial systems, academi

Re: Ostiary

[Nicolas Rachinsky]

* Karl Chen <[EMAIL PROTECTED]> [2005-08-02 09:24 -0700]:
> As an authentication protocol, it looks vulnerable to a time
> synchronization attack: an attacker that can desynchronize the server
> and client's clocks predictably can block the client's authentication
> and use it as his own.  (Assuming the server's clock is monotonically

I don't see where the client's time is used. What am I missing?

Nicolas

PS:
Why is this list blocking my mail if the envelope-from is not
subscribed?

[Moderator's note: there is this little known phenomenon called "spam"
we like to avoid... it is much harder to moderate a list if you have
to wade through 400 garbage messages a day... --Perry]
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Possibly new result on truncating hashes

["Hal Finney"]

Joseph Ashwood writes:
> From: "John Kelsey" <[EMAIL PROTECTED]>
> > Now, this is an attack on SHA256 truncated to 160 bits.
> > Does it lead to an attack on SHA256 as a whole?
>
> Actually it does. Such an attack would reduce the difficulty of producing a 
> collision in SHA-256 to 2^(64+(96/2)) or 2^112. The math for this is fairly 
> easy, the remaining 96 bits will collide in on average 2^(96/2) tries, since 
> it takes 2^64 work for each of these tries, we get 2^112 work, hence an 
> attack on the original hash has been found.

No, this doesn't (necessarily) work.  The Wang-type attacks may generate
pairs that collide in the left 160 bits, but such that each collision
has a unique value in those leftmost bits.  For example, the collision
pairs may be of the form:

L1||R1
L1||R2

where L1 is the left 160 bits that match, and R1 and R2 are the right 96
bits which differ.  Run the algorithm again and you get a new collision:

L2||R3
L2||R4

And another:

L3||R5
L3||R6

The point is that L1, L2, and L3, which are the colliding left 160 bits in
each pair, are different.  If you got lucky and R6 matched R1, it doesn't
represent a 256 bit collision, because the left halves aren't the same.

Now, if the algorithm were different and it generated pairs such that
all the L values matched each other, then you would be right.  But that
doesn't matter, for two reasons: first, the Wang attack doesn't work that
way; and second, even if it did, this analysis has to look at the worst
case, and there would still be conceivable attacks that work in the way
shown above.  Given that we are trying to show a black-box reduction from
collisions in the leftmost bits to collisions in the whole function,
we have to make the most unfavorable assumptions about the nature of
the algorithm.

Hal Finney

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Ostiary

[Karl Chen]

As an authentication protocol, it looks vulnerable to a time
synchronization attack: an attacker that can desynchronize the server
and client's clocks predictably can block the client's authentication
and use it as his own.  (Assuming the server's clock is monotonically
increasing, the command can only be used once.)  If the command utilizes
the IP address (e.g. as a port knock), this is a security hole.

Karl

On Tue, 2005-08-02 at 17:56 +0530, Udhay Shankar N wrote:
> Sounds interesting. Has anybody used this, and are there any comments?
> 
> Udhay
> 
> http://ingles.homeunix.org/software/ost/


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Last WWII Comanche "code talker" dies in Oklahoma

[Victor Duchovni]

On Mon, Aug 01, 2005 at 08:25:35PM -0300, Andreas Hasenack wrote:

> Em Segunda 01 Agosto 2005 02:40, Udhay Shankar N escreveu:
> > [resending this, after it didn't reach the list first time. I seem to have 
> > fallen off the list, and am back on now. I hope this isn't a repeat. /udhay]
> > 
> > http://aolsvc.news.aol.com/news/article.adp?id=20050721170009990017
> > 
> > Last WWII Comanche "code talker" dies in Oklahoma
> 
> Wasn't that "navajo" instead?
> 

No, the Navajo code talkers were used in the Pacific, in Europe it was
the Comanches.

-- 

 /"\ ASCII RIBBON  NOTICE: If received in error,
 \ / CAMPAIGN Victor Duchovni  please destroy and notify
  X AGAINST   IT Security, sender. Sender does not waive
 / \ HTML MAILMorgan Stanley   confidentiality or privilege,
   and use is prohibited.

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

[Clips] Online ID Thieves Exploit Lax ATM Security

[R.A. Hettinga]

--- begin forwarded text


 Delivered-To: [EMAIL PROTECTED]
 Date: Tue, 2 Aug 2005 09:41:54 -0400
 To: Philodox Clips List <[EMAIL PROTECTED]>
 From: "R.A. Hettinga" <[EMAIL PROTECTED]>
 Subject: [Clips] Online ID Thieves Exploit Lax ATM Security
 Reply-To: [EMAIL PROTECTED]
 Sender: [EMAIL PROTECTED]

 

 The Wall Street Journal

  August 2, 2005


 Online ID Thieves
  Exploit Lax ATM Security

 DOW JONES NEWSWIRES
 August 2, 2005


 Online identity thieves are exploiting lax cash-machine security to bilk
 banks out of as much as a million dollars a month each, a report from
 research firm Gartner Inc. shows.

 According to the report, which is scheduled for release today, fraudsters
 are increasingly gathering consumer automated-teller-machine information
 with "phishing" scams and hacker programs for capturing keystrokes, which
 they are using to make fake cards and empty consumer bank accounts.

 Gartner said thieves are taking advantage of the fact that as many as half
 of banks don't check special, difficult-to-steal security codes that are
 hidden on ATM cards' magnetic strips before dispensing cash, Gartner says.
 Attackers even trade information online about which banks don't check the
 codes.

 "They're phishing for the account number and PIN. That's all they need to
 create a counterfeit card," said Gartner analyst Avivah Litan. In phishing
 scams, fraudsters use deceptive email and Web sites to trick people into
 divulging sensitive financial information.

 ATM fraud is emerging as a major new problem for banks. Losses are
 approaching those from credit-card fraud, a Gartner survey of 5,000
 consumers found. The firm estimates ATM fraud resulted in $2.75 billion in
 losses in the year ended May 2005, compared with $2.9 billion for
 credit-card fraud and $3.5 billion for fraudulent checking-account
 transfers.

 --
 -
 R. A. Hettinga 
 The Internet Bearer Underwriting Corporation 
 44 Farquhar Street, Boston, MA 02131 USA
 "... however it may deserve respect for its usefulness and antiquity,
 [predicting the end of the world] has not been found agreeable to
 experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
 ___
 Clips mailing list
 [EMAIL PROTECTED]
 http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Ostiary

[Ian Grigg]

On Tuesday 02 August 2005 13:26, Udhay Shankar N wrote:
> Sounds interesting. Has anybody used this, and are there any comments?
> 
> Udhay
> 
> http://ingles.homeunix.org/software/ost/

> ... 
> Perhaps you only really need to remotely initiate a limited set of 
> operations. In this case, you don't need a shell prompt, just a way to 
> securely kick off scripts from elsewhere.
> 
> Enter 'Ostiary'. It is designed to allow you to run a fixed set of commands 
> remotely, without giving everyone else access to the same commands. It is 
> designed to do exactly and only what is necessary for this, and no more. 

I recently wrote this as a login program that was
hard coded to run the commands concerned.

The reason for doing this instead of the Ostiary
approach is that SSH had to be running anyway,
and SSH provides the key management regime.
Without that, I'd have to invent my own which
in Ostiary's case was the Hashing mechanisms.
So on this point it would come down to whether
we cared enough to replace SSH's authentication
regime, which I'd think would be rarer (perhaps
in the embedded market where Unix doesn't need
maintaining??).

Also, efficiency of command sending was not
an issue - each send was about 10 seconds in
my tests.


> * Keep things simple. I'm no crypto expert; I know I'm not capable of 
> coming up with an ssh replacement. So I need to keep things so utterly 
> simple that I can be sure I'm not missing anything important.

I think it is smart to keep things simple regardless
of ones expertise :)  Also, I wouldn't overdo the
"hackability" argument.  If flaws are found, you'll
find time to fix them, and for the cost of a few
hacked boxes, you'll have the benefit of a lot
more secured boxes.

iang
-- 
Advances in Financial Cryptography, Issue 2:
   https://www.financialcryptography.com/mt/archives/000498.html
Mark Stiegler, An Introduction to Petname Systems
Nick Szabo, Scarce Objects
Ian Grigg, Triple Entry Accounting

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Last WWII Comanche "code talker" dies in Oklahoma

[Udhay Shankar N]

At 04:55 AM 8/2/2005, Andreas Hasenack wrote:


> Last WWII Comanche "code talker" dies in Oklahoma

Wasn't that "navajo" instead?


From the article:

Chibitty joined the Army in 1941 at Ft. Sill, Oklahoma, when he and other 
Comanches heard the Army wanted them. Navajo Indians were used for the 
same purpose in the Pacific theater.


By the time the code talkers got to England, the Allies had amassed the 
largest invasion force in history.


Chibitty's unit landed on June 6, 1944, with Brig. Gen. Theodore Roosevelt 
Jr. on Utah beach, but in the wrong place. One of the code talkers sent 
the first message of D-Day: "Right beach, wrong place."



--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Ostiary

[Udhay Shankar N]

Sounds interesting. Has anybody used this, and are there any comments?

Udhay

http://ingles.homeunix.org/software/ost/


Tools like ssh and lsh are great for allowing secure remote access to your 
system. They offer essentially full, flexible remote control of a machine, 
in an ecrypted and authenticated manner. But they are complex pieces of 
software; there's no way to do what they do without being complex. And with 
complexity comes bugs. Tools like ssh and lsh, and VPNs like CIPE, PPTP, 
and more have all had serious flaws that would allow an attacker to get 
full control over your system.


If you leave such programs running all the time, you take the risk that 
someone is going to use an exploit on you before you have a chance to apply 
a patch. For some purposes, this is an acceptable - even necessary - 
tradeoff, but it would be nice to enable them only when actually needed, to 
minimize the risk. And for other purposes, ssh et. al. are overkill. 
Perhaps you only really need to remotely initiate a limited set of 
operations. In this case, you don't need a shell prompt, just a way to 
securely kick off scripts from elsewhere.


Enter 'Ostiary'. It is designed to allow you to run a fixed set of commands 
remotely, without giving everyone else access to the same commands. It is 
designed to do exactly and only what is necessary for this, and no more. 
The only argument given to the command is the IP address of the client, and 
only if the authentication is successful. The following are the key design 
goals:


   * "First, do no harm." It should not be possible to use the Ostiary 
system itself to damage the host it's running on. In particular, it's 
willing to accept false negatives (denying access to legitimate users) in 
order to prevent false positives (allowing access to invalid users).
   * Insofar as possible, eliminate any possibility of bugs causing 
undesired operations. Buffer overflows, timing attacks, etc. should be 
impossible for an external attacker to execute. There's no point in 
installing security software if it makes you less secure.
   * Be extremely modest in memory and CPU requirements. I want to be able 
to fire off commands on my webserver (running on a Mac SE/30, a 16MHz 68030 
machine) from my Palm Pilot (a 16MHz 68000 machine). Things like ssh 
already take 30 seconds or more to start up - I can't afford anything too 
fancy.
   * Keep things simple. I'm no crypto expert; I know I'm not capable of 
coming up with an ssh replacement. So I need to keep things so utterly 
simple that I can be sure I'm not missing anything important.





--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

AW: Possibly new result on truncating hashes

[Kuehn, Ulrich]

 
John Kelsey wrote:

> Unfortunately, we can't make this argument, because this 
> postulated collision algorithm can't be used to find a 
> collision in the whole SHA256 more efficiently than brute force.
> 
> Let's do the counting argument:  Each time we call the 
> 160-bit collision algorithm, we get a new pair which has the 
> same first 160 bits of SHA256 output, and random unrelated 
> last 96 bits of SHA256 output.  Each pair has a probability 
> of 2^{-96} of colliding in the remaining bits.  So, to get a 
> collision on the whole SHA256 using this 160-bit collision 
> algorithm, we expect to have to try about 2^{96} collision 
> pairs, each found at a cost of 2^{64}.  The resulting work is 
> 2^{64} * 2^{96} = 2^{160}, more than a straight brute-force 
> collision search on SHA256.  
> 

Hmm, wouldn't you expect a lot of partial collisions among all those 2^96 
collision pairs? That is, after
2^80 runs of the algorithm you would obtain your first partial collision in 
collision pairs, don't you?
For 2^96 that's roughly 2^32 such pairs of pairs. Those might help you to speed 
up your search.

Am I missing something here?

Ulrich


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Possibly new result on truncating hashes

[Joseph Ashwood]

- Original Message - 
From: "John Kelsey" <[EMAIL PROTECTED]>

Subject: Possibly new result on truncating hashes



How could this work?  Suppose we have an algorithm like the
Wang attacks on MD5, SHA0, or SHA1 for finding a single
collision pair.  The algorithm returns a single collision
pair on the first 160 bits of SHA256 for (say) 2^{64} work.
(Remember that this is just an example--I don't have any
such algorithm!)  Each time the algorithm is run, it gives a
new, unrelated collision pair, and the remaining 96 bits are
completely randomized by the collision pair.

Now, this is an attack on SHA256 truncated to 160 bits.
Does it lead to an attack on SHA256 as a whole?


Actually it does. Such an attack would reduce the difficulty of producing a 
collision in SHA-256 to 2^(64+(96/2)) or 2^112. The math for this is fairly 
easy, the remaining 96 bits will collide in on average 2^(96/2) tries, since 
it takes 2^64 work for each of these tries, we get 2^112 work, hence an 
attack on the original hash has been found.



Let's do the counting argument:  Each time we call the
160-bit collision algorithm, we get a new pair which has the
same first 160 bits of SHA256 output, and random unrelated
last 96 bits of SHA256 output.  Each pair has a probability
of 2^{-96} of colliding in the remaining bits.  So, to get a
collision on the whole SHA256 using this 160-bit collision
algorithm, we expect to have to try about 2^{96} collision
pairs


There's the mistake. To find a collision in the remaining bits requires 
2^(96/2) work, not 2^96 work. For a chosen initial value you will of course 
have the 2^96 work, but there you'll only have 2^(64+96) work instead of 
2^256, the attack still works.
   Joe 




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

[Clips] "Clippre": Leaving a trail of tech

[R.A. Hettinga]

--- begin forwarded text


 Delivered-To: [EMAIL PROTECTED]
 Date: Mon, 1 Aug 2005 22:38:26 -0400
 To: Philodox Clips List <[EMAIL PROTECTED]>
 From: "R.A. Hettinga" <[EMAIL PROTECTED]>
 Subject: [Clips] "Clippre": Leaving a trail of tech
 Reply-To: [EMAIL PROTECTED]
 Sender: [EMAIL PROTECTED]

 




 Newsday.com:

 Leaving a trail of tech

 Cell phones and the encryption of files on computers are tools authorities
 now focus on in tracking terror


  BY MARK HARRINGTON
  STAFF CORRESPONDENT

  August 2, 2005

  LONDON --  He may have skipped Britain on an ordinary rail ticket amid the
 country's highest level of security since World War II, but it was not long
 before authorities picked up his signal, literally.

  By the time they seized him in Rome on Friday, Hamdi Issac, also known as
 Osman Hussain -- one of the suspects in London's failed July 21 bombings --
 had made a call to Saudi Arabia, scattered a trail across Europe and even
 tried to throw authorities off his track by changing the electronic chip in
 his cell phone, according to an Italian anti-terror chief yesterday.

  But even as authorities in London celebrated a series of technological
 successes in the complex probe of the city's terror attacks last month,
 they were asking for more powers.

  In a move reminiscent of the fast-track treatment received by the USA
 Patriot Act following the Sept. 11 attacks in 2001, Parliament is expected
 to swiftly weigh a number of anti-terror measures, including legislation
 that would make it a crime for anyone to withhold access codes to computer
 files that have been encrypted. Sentences of up to 10 years in prison are
 reported to be on the table, though any such measure would have to wait
 until Parliament reconvenes in the fall.

  The call for stiffer anti-encryption laws comes as investigators have
 gained unprecedented insight into the movement and training of suspects
 through cell phones and computers.

  In a televised news briefing in Rome yesterday, Italian anti-terror chief
 Carlo De Stefano described in surprising detail the path of suspected
 bomber Issac as he entered Italy and traveled around the country before
 being captured by authorities over the weekend.

  "You always have this evolving technological struggle between
 counterterrorism forces and the terrorist," said Jeremy Binnie, an analyst
 with the London-based Jane's Terrorism and Insurgency Center, describing
 why authorities are pushing for tougher rules. The law "makes sense if
 authorities are trying to gather evidence and they think the information is
 crucial and can't get it otherwise."

  But Peter Neumann, an international anti-terrorism expert at King's
 College in London, wondered whether tougher laws would simply push
 increasingly sophisticated terrorists to means other than encrypted files
 to hide evidence. He suggested that Issac's apparent failure to understand
 the trail he was leaving behind with his cell phone use is relatively
 uncommon among generally more techno-savvy Islamic terrorists.

  One of the suspects in the July attacks here, he said, has acknowledged
 using Internet tutorials to learn the techniques of bomb-making. While a
 London Metropolitan Police spokeswoman declined to comment, Neumann said it
 is increasingly common for terrorists to plan attacks and outline
 techniques on Web pages that are set up and taken down in a matter of
 hours, before police can discover or trace them. "It's a very fluid system
 and very effective," he said.

  Encryption technology is commonly available and relatively easy to use,
 Neumann noted, but it is still considered sophisticated. "The big irony of
 these movements is that while they are very medieval in ideology, they are
 also very modern in employing technology," Neumann said.

  Still, legislation that would try to force users to unlock access codes
 may not prove particularly effective if it is enacted for Britain alone.
 "National legislation doesn't strike me as something very useful" unless
 the effort is undertaken across Europe, he said.

 --
 -
 R. A. Hettinga 
 The Internet Bearer Underwriting Corporation 
 44 Farquhar Street, Boston, MA 02131 USA
 "... however it may deserve respect for its usefulness and antiquity,
 [predicting the end of the world] has not been found agreeable to
 experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
 ___
 Clips mailing list
 [EMAIL PROTECTED]
 http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experienc

[Clips] Hackers Hit Microsoft Windows Genuine Advantage

[R.A. Hettinga]

--- begin forwarded text


 Delivered-To: [EMAIL PROTECTED]
 Date: Mon, 1 Aug 2005 22:34:52 -0400
 To: Philodox Clips List <[EMAIL PROTECTED]>
 From: "R.A. Hettinga" <[EMAIL PROTECTED]>
 Subject: [Clips] Hackers Hit Microsoft Windows Genuine Advantage
 Reply-To: [EMAIL PROTECTED]
 Sender: [EMAIL PROTECTED]

 

 InformationWeek > Security >


 Genuine Advantage was supposed to block users from pirating Windows, but
 hackers defeated the program in a matter of days.
  By The Associated Press


  Days after Microsoft launched a new anti-piracy program, hackers have
 found a way to get around it.

 The software company's new program, called Windows Genuine Advantage,
 requires computer users to go through a process validating that they're
 running a legitimate copy of the Windows operating system before
 downloading any software updates except for security patches.

 But the check can be bypassed by entering a simple JavaScript command in
 the Web browser's address bar and hitting the "Enter" key. When that's
 done, the validation does not run and the user is taken directly to the
 download.

 Microsoft said it was investigating and that the glitch was not a security
 vulnerability.

 The hack appears only to work when a computer user is trying to download
 software through the Windows Update service. Some software, such as
 Microsoft's AntiSpyware beta, isn't available there but can be found
 elsewhere on microsoft.com.

 Such downloads also require validation, but the hack does not appear to
 work. On Friday, attempts to download the antispyware program resulted in a
 server error, with a message that read, "It appears that our activation
 servers are not functioning properly."

 All Windows users, even those with pirated copies, can still download
 security patches. For any other software updates, Microsoft now requires
 computer users to validate that their computers aren't running counterfeit
 copies of Windows.

 --
 -
 R. A. Hettinga 
 The Internet Bearer Underwriting Corporation 
 44 Farquhar Street, Boston, MA 02131 USA
 "... however it may deserve respect for its usefulness and antiquity,
 [predicting the end of the world] has not been found agreeable to
 experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
 ___
 Clips mailing list
 [EMAIL PROTECTED]
 http://www.philodox.com/mailman/listinfo/clips

--- end forwarded text


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Last WWII Comanche "code talker" dies in Oklahoma

[Andreas Hasenack]

Em Segunda 01 Agosto 2005 02:40, Udhay Shankar N escreveu:
> [resending this, after it didn't reach the list first time. I seem to have 
> fallen off the list, and am back on now. I hope this isn't a repeat. /udhay]
> 
> http://aolsvc.news.aol.com/news/article.adp?id=20050721170009990017
> 
> Last WWII Comanche "code talker" dies in Oklahoma

Wasn't that "navajo" instead?

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Possibly new result on truncating hashes

["Hal Finney"]

John Kelsey writes:
> The high order bit is that you can't generally guarantee
> that truncating your hash (chopping off some bits) won't
> weaken it.  That is, if you chop SHA256 off to 160 bits as a
> replacement for SHA1 (something I'm working on with Niels
> Ferguson for X9 right now), it's possible that there's no
> attack on SHA256, but there is an attack on SHA160.  

This is a good point, but I think the lesson is that all the bits of a
hash have to be strong, for it to be considered strong.  If you have
a 2^64 attack to find a collision in 160 bits of SHA256, then SHA256
is broken.

It should not be possible to identify any subset of k bits in the output
of a hash function, or more generally any function mapping the hash
output to a k bit result, which can have collisions found in less than
2^(k/2) work.

Whether hash functions like SHA256 can meet this standard is far from
clear, unfortunately.

Hal Finney

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

CORRECTION / RE: Qualified Certificate Request

[Nap van Zuuren]

CORRECTION:

You are right about the (real life) notaries function, still being necessary.

As far as I am informed, by my contributorship within CEN & ETSI -EESSI and 
CEN-NIS, there is still no solution for (very) long TERM
Storage AND RETRIEVAL of documents, key pairs, certificates, relating 
algorithms, software used etc.

Greetings, Nap

-Original Message-
From:   Florian Weimer [SMTP:[EMAIL PROTECTED]
Sent:   Friday, July 22, 2005 7:42 PM
To: [EMAIL PROTECTED]
Cc: cryptography@metzdowd.com
Subject:Re: Qualified Certificate Request

* Nap van Zuuren:

> Might be a nice (intellectual) crypto-exercise, but I am afraid that the 
> concept of the Qualified Signature will not get a widespread 
> implementation, expect for very specific areas/disciplines.

That's by design, all those notaries public don't like being replaced
by smartcards.

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]



-- 
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.9.4/57 - Release Date: 22/07/2005




-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.9.7/60 - Release Date: 28/07/2005


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]