What phishers want
In message <[EMAIL PROTECTED]>, "James A. Donald" writes: >-- You wrote: > >2. Phishers are after shared secrets, so secure each >shared secret, and thus each relationship, with >SRP-TLS-OpenSSL This also requires that establishing a >relationship, and verifying a shared secret, should be >part of the browser chrome, rather than a particular >application of generic web forms. > No -- what phishers are after is money. They get that today by going after shared secrets. If banks change, they'll change. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Hey kids, come join the NSA!
Hey boys and girls! Want to help your country defeat that mean old Osama? Then check out the National Security Agency's CryptoKids web site (http://www.nsa.gov/kids/): On this site, you can learn all about codes and ciphers, play lots of games and activities, and get to know each of us - Crypto Cat, Decipher Dog, Rosetta Stone, Slate, Joules, T.Top, and, of course, our leader CSS Sam. You can also learn about the National Security Agency/Central Security Service - they're Americas real codemakers and codebreakers. Our Nation's leaders and warfighters count on the technology and information they get from NSA/CSS to get their jobs done. Without NSA/CSS, they wouldnt be able to talk to one another without the bad guys listening and they wouldnt be able to figure out what the bad guys were planning. We hope you have lots of fun learning about cryptology and NSA/CSS. You might be part of the next generation of Americas codemakers and codebreakers. The site comes complete with a bunch of material on making and breaking simple codes (cool), resources to teach kids about crypto (also cool), and detailed biographies of the CryptoKids characters (kind of creepy). Here's some of what CryptoCat does for fun: I'm usually hanging out with my friends at the mall or catching the latest movie. I love helping people so I find different ways to help out around the community. Right now, I volunteer as a swim coach for children with special needs. Its a lot of fun AND I get to spend extra time with my sister who has Downs Syndrome. The NSA Gifted and Talented program looks pretty cool, though. -Ekr - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: another feature RNGs could provide
On Tue, Dec 27, 2005 at 11:34:15PM +, Ben Laurie wrote: > If you don't have sufficient plain/ciphertext, then of course you can > choose incorrect pairs. Yep - that's my point. The thing to note is that for an arbitrary permutation, knowing the image of n plaintexts tells you (almost) nothing else. Usually for a block cipher with a smaller key space, knowing a plaintext/ciphertext pair actually has a pretty big impact on what you know about the key, and this is how people usually think about block ciphers. In AES with a 128 bit block and 256 bit key, if the images are uniformly and independently distributed, then each pair known reduces the possible amount of key space by about 128 bits, so 2 or 3 pairs will nail the key down with reasonable probability. For good measure we could say 20 or 30 would be sufficient, even if the images aren't well distributed. For S_(2^128) the original key space has (2^128)! keys so it is about 128*(2^128) bits. Knowing 30 pairs here will reduce the key space by about 128*30 bits, leaving us with 128*(2^128) - 128*30 = 128*(2^128-30) bits. We've barely had any impact at all, because the key space was much bigger to begin with. Of course, this also shows why using an arbitrary permutation in S_(2^128) isn't very practical - you need to store 128*(2^128) bits to remember which one you're using! David. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
new openssh directions
Interview with OpenSSH developer: http://www.securityfocus.com/columnists/375 Summary: Arbitrary layer 2/3 tunnelling using tun(4) interfaces over ssh. Various changes to reduce attack possibilities. My first encounter with the term "attack surface". Commentary: TCP over TCP --- retransmit timeout synchrony. Creeping featurism? Ubiquitous network tunnelling is just a revision away. This is inevitable. Aside: I'm currently imagining some kind of network shell that deals with tunnels between nodes like /bin/sh deals with pipes between programs. -- http://www.lightconsulting.com/~travis/ "Vast emptiness, nothing sacred." -- Bodhidharma -><- GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: ADMIN: end of latest SSL discussion
-- In the SSL thread various solutions were proposed, or rather existing solutions pointed to: 1. SSH just works. So generalizing from the success of SSH, the browser should remember who you have relationships with, and the keys of the people you have relationships with. To avoid the name overload problem, those relationships should be named by Zooko's triangle, as the petname tool does, and should be a special kind of favorite, as the petname tool makes them. This requires that establishing a relationship, and verifying a shared secret, should be part of the browser chrome, as it is with SSH, rather than a particular application of generic web forms, as it is with existing practice. So when you hit a phisher, significantly different chrome comes up. 2. Phishers are after shared secrets, so secure each shared secret, and thus each relationship, with SRP-TLS-OpenSSL This also requires that establishing a relationship, and verifying a shared secret, should be part of the browser chrome, rather than a particular application of generic web forms. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 8epIQqxZ+sfUW+5ao0hWd4g/hAhRlqifZr6xWoQn 47kvMBcL6UqQ54XSgEcxbJd8xqAh2LSxufi/3IBdG - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
