Re: skype not so anonymous...
One thing is possible with Skype: any user can easily obtain any other user's IP address (actually both internal and external IPs). Those users don't even need to be on his contact list. Of course one would need cracking tools or a decrypted patched Skype executable with all the 288 integrity checks removed to make Skype spit out its debugging logs, unless one knows the right values for the HKCU\Software\Skype\Phone\UI\General\Logging and Logging2 registry keys that Skype checks comparing their MD5 hashes. There is not much else that can be done, but that is one possibility. Of course, if a direct connection is established, any TCP/IP monitoring tool would show all the contacted IPs. Although in this case it's obviously the man's stupidity using an instant messenger with his old virtual identity that got him tracked down. No one stopped him from registering a different Skype account to contact whoever he trusted if he didn't want to be found. But I have to agree that Skype could be made anonymous and is not anonymous at all. It's much harder to obtain someone's IP address in other instant messengers where users can disallow direct connections and thus remain anonymous at least to other users. Ruptor - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
signing all outbound email
Has anyone created hooks in MTAs so that they automagically sign outbound email, so that you can stop forgery spam via a SRV DNS record? -- If you're not part of the solution, you're part of the precipitate. Unix guru for rent or hire -- http://www.lightconsulting.com/~travis/ GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Debunking the PGP backdoor myth for good. [was RE: Hypothesis: PGP backdoor (was: A security bug in PGP products?)]
| On 8/28/06, Ondrej Mikle [EMAIL PROTECTED] wrote: | Take as an example group of Z_p* with p prime (in another words: DLP). | The triplet (Z, p, generator g) is a compression of a string of p-1 | numbers, each number about log2(p) bits. | | Pardon my mathematical ignorance, but isn't Z just a notation to indicate | a ring, as opposed to a parameter that you'd have to store? Z is universally used to represent the integers. (From Zahlen, German for numbers.) In printed mathematics, Z used this way is taken from a special blackboard bold font. A common representation uses two parallel strokes for the Z, with somewhat thickened horizontal bars. (Back when math was typed on a typewriter, you produced this by typing Z, backspacing almost but not quite all the way, then typing it again.) The same font is also used for the reals (R), rationals (Q - from quotient?) and the complexes (C). The Hamiltonians are less common, but you'll sometimes see an H from this font to name them. N is sometimes used for the natural numbers (positive integers). (The naturals are not much used beyond elementary-school texts) The other letters in the font have no universal meaning, but get used in specialized areas. I think I've seen a black-board bold A used for an affine space, for example. In all cases, the usual operations are assumed, so R is the reals as a complete ordered field, Z is the ring of integers under the usual addition and multiplication (with the usual ordering, though there is no common formal name I know of for a ring with an associated ordering), and so. There are a bunch of associated notions, like Z_n (_ for subscript - TeX notation) for the group of integers mod n under addition. When n\p is a prime, Z_p^* (^ for superscript) for the group of integers 1..p mod p under multiplication. Z_n is actually a ring under addition and multiplication mod n, and Z_p a field, and where appropriate, they are taken to be so. Q_p is the p-adics, but that's getting specialized. In ASCII, we don't of course have blackboard bold fonts, but Z is mainly taken to be the integers, and Z_p is universally taken to be the integers mod p, in discussions even vaguely related to integer properties. R and the others are less commonly used, and you'd have to understand the context. Mr. Mikle's notation is ... a bit odd. What else might one conceivably substitute for the integers in (Z, p, generator g)? If it has to be the integers, why describe this as a triplet? -- Jerry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
IGE mode in OpenSSL
I've added IGE mode to OpenSSL - it should be in the next release (0.9.8c). More info here: http://www.links.org/?p=131. Including test vectors! Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.links.org/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: IGE mode in OpenSSL
Nevermind the algorithm, I saw the second PDF. For the other readers, the algorithm in more standard variable names is: c_i = f_K(p_i xor c_(i-1)) xor p_(i-1) IV = p_(-1), c_(-1) I suppose the dependency on c_(i-1) and p_(i-1) is the part that prevents the attacker from predicting and controlling the garble. -- If you're not part of the solution, you're part of the precipitate. Unix guru for rent or hire -- http://www.lightconsulting.com/~travis/ GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: IGE mode in OpenSSL
The NIST server is down. Care to post the algorithm? By the term crib do you mean a known-plaintext? I'd like to see a proof that it is not possible to alter the final block to make it decrypt to all zeroes; that seems worse than CRCs and putting a CRC at the end of the plaintext is a common, and often broken, way to do integrity checking, because it's linear and allows the opponent to toggle bits in the plaintext and fix the CRC without breaking the encryption. I don't see how appending a hash of the plaintext could be a crib. The encryption prevents the opponent from knowing the plaintext, so he wouldn't know what the hash preimage is. If you encrypt the hash, you basically have HMAC without using a keyed hash. There are block modes that do integrity and encryption at the same time; does this offer and advantage over them, and if so how? -- If you're not part of the solution, you're part of the precipitate. Unix guru for rent or hire -- http://www.lightconsulting.com/~travis/ GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: signing all outbound email
On 4 Sep 2006, at 4:13 AM, Travis H. wrote: Has anyone created hooks in MTAs so that they automagically sign outbound email, so that you can stop forgery spam via a SRV DNS record? Take a look at DKIM (Domain Keys Identified Mail) which does precisely that. There is an IETF working group for it, and it is presently being deployed by people like Yahoo, Google, and others. There's support for it in SpamAssassin as well as a Sendmail milter. Go look at http://www.dkim.org/ for many more details. Jon - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: skype not so anonymous...
Although in this case it's obviously the man's stupidity using an instant messenger with his old virtual identity that got him tracked down. No one For that matter, he could just have gotten a phonecard and used a payphone. Wearing sunglasses, a wig and a false beard while limping to and from the payphone would have even rendered surveillance cameras useless. Sometimes the way to defeat high-tech policing is with low-tech measures. Unfortunately, the terrorists have already figured this out. /ji - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
