Re: A web site that believes in crypto
Am Mittwoch, den 10.01.2007, 18:31 -0500 schrieb Steven M. Bellovin: I just stumbled on a web site that strongly believes in crypto -- *everything* on the site is protected by https. If you go there via http, you receive a Redirect. The site? www.cia.gov: http://www.trustedcomputing.org/ does this for some time now. A lot of years ago, http://www.ccc.de/ (german hacker club, something like 2600 in the usa) switched to https only, but switched back to http later. This happened when netscape 4.x was the most common browser and a lot of users had problems with https. signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Re: Private Key Generation from Passwords/phrases
- Original Message - From: Matthias Bruestle [EMAIL PROTECTED] Subject: Private Key Generation from Passwords/phrases What do you think about this? I think you need some serious help in learning the difference between 2^112 and 112, and that you really don't seem to have much grasp of the entire concept. 112 bits of entropy is 112 bits of entropy, not 76 bits of entropy, 27 bits of bull, 7 bits of cocaine, and a little bit of alcohol, and the 224 bits of ECC is approximate anyway, as you noted the time units are inconsistent. Basically just stop fiddling around trying to convince yourself you need less than you do, and locate 112 bits of apparent entropy, anything else and you're into the world of trying to prove equivalence between entropy and work which work in physics but doesn't work in computation because next year the work level will be different and you'll have to redo all your figures. Joe - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[Cryptocollectors] STU III 2500
Good morning all, Available to those in the U.S., STU-III 2500 with manual and AC adapter (and perhaps even a key in the plastic bag but it's not stated nor obvious) on eBay: 330073910569 Best regards from a finally much colder Ottawa (-15 deg C), Richard. [Non-text portions of this message have been removed] Attachments are not permitted on this list to prevent the spread of viruses. Yahoo! Groups Links * To visit your group on the web, go to: http://groups.yahoo.com/group/cryptocollectors/ * Your email settings: Individual Email | Traditional * To change settings online go to: http://groups.yahoo.com/group/cryptocollectors/join (Yahoo! ID required) * To change settings via email: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * To unsubscribe from this group, send an email to: [EMAIL PROTECTED] * Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Private Key Generation from Passwords/phrases
Matthias Bruestle wrote: Hi, I am thinking about this since last night. On the web I haven't found much and I want to go in a different direction as I have found. Say I want to have 112bit security, i.e. as secure as 3DES. For this I would choose (as everybody writes) 224bit ECC (or Tipsy Curve Cryptosystem/TCC as I prefer, because the European Citizen Card is also called ECC officially). With the Passwords I would have to provide so much entropy, that a bruteforce attack needs as much time as 3DES to get the same security. (Higher value of ECC key ignored.) When I look at benchmarks ratio of the number of 3DES operations and of point multiplications is about 4000:1, so I have gained here about 2^12 bits. (Processing of Password with a hash function is so fast that it can be ignored unless the procession is artificially extended.) I am aware that a DES unit is cheaper than an ECC unit and that for DES there are special implementations for key search possible, so the gain might be even more. Lets assume the key is only very seldom regenerated. Then we could add a short fragment of real entropy to the passwords and throw it away after our first key generation. If a point multiplication takes around 4ms then we can brute force on one day 2^24 keys. So if the user is willing to wait for one day for his key recreation than he can add 3 random bytes to his passwords and throw them away. If we add this together, than we have already 2^36 bits of security from our goal of 2^112 bits. The remaining necessary entropy is then 2^76 bits which would have then to be provided by the passwords/phrase. That means the necessary length is reduced by about one third. What do you think about this? You are not going to get 76 bits of entropy in a password. Memorizing a 76 bit password is equivalent to memorizing three seven digit telephone numbers. Assume that the private key is generated from the password plus an n bit true random number. To regenerate the private key we have to try 2^n private keys, looking for a match to the public key. Assume this takes time X. Assume the actual entropy in the password is m bits. Then an attacker who has similar computing resources is going to take time X * 2^m Any time a password can be subject to offline attack by anyone, it is not a good design. You are better off fixing it so that only certain people can offline attack the password, and everyone else has to do an online attack on the passwrod. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Banking Follies
As many people here are aware, one of my least favorite banks, especially in terms of system security, is Chase. Today I received an email message from Chase informing me that I'd gotten a brand new hotel rewards program branded Visa card from them, and inviting me to click on various links to set up my internet access to the account, and inviting me to call a particular phone number to activate the account. Unfortunately, I had never applied for such an account. The name in the email was also not my name, and the email was also sent to an account I never give out to anyone. A detailed examination of the email made it appear genuine, though of course one can never know. (Chase's credit card operations send similar emails all to customers all the time, including links to click on, training their customers to become victims of phishing while carefully explaining to them that they should be very careful about phishing. Chase also has the bad habit of sending their security critical emails through third party providers -- in this case bigfootinteractive.com was in the path the mail took, though past experience tells me this alone does not mean the mail is fraudulent. Thank you, Chase, for making it so easy for people.) It was possible that the mail in question was purely fraudulent, but one couldn't really know. I suspected it was more likely that Chase had either sent the email to the wrong place or that a particularly stupid person had given the wrong email address to Chase when applying for the card and that it happened to be one of mine by accident. (Note to banks: 1) Always require round trip confirmations before accepting an email address for an account holder. 2) Never send anyone email inviting them to click on things, period. In fact, you probably shouldn't be sending people email. 3) Study what Chase does carefully and send out reports internally saying don't let this happen to us.) Now, here I am, either the subject of phishing, the victim of some sort of identity theft (possible but not likely) or in possession of important information that would allow me to commit credit card fraud. As an honest person, my reaction is to call the bank. Unsurprisingly, Chase's confirm that you have gotten your credit card number has a small bug. It really doesn't want to allow you to report that something is wrong, it only wants to let you report that everything is okay. One wonders at a confirm you got your card phone number where you can't easily report a problem but only success -- it certainly isn't brilliant security design. By pretending to not have a touch tone phone (I'm sure that trick to get to a person will end when they put voice recognition on the line) I managed to eventually get through to a live sentient being, but sadly the human in question was not really well equipped to speak with other humans -- in particular, beyond the fact that this person was remarkably unintelligent, he was also remarkably unintelligible. By the accent, I don't think he was in an offshore call center, but he might as well have been. First, he asked me what I expected him to do about the situation. Now, generally speaking, one imagines that a bank would want to know about such a situation, but this being Chase I suppose I should not have been surprised at the quality of personnel training involved. When I explained that I thought that perhaps the bank would be interested in preventing fraud, he then asked that I give him all my personal information, even though I explained that not only was I suspicious enough under the circumstances that I didn't want him to have my social security number, but also that I thought it was unlikely that the card in question had my social security number attached to it. After a few passes back and forth, I asked to speak to his supervisor, which after a number of minutes on hold didn't happen. Then finally he transferred me to an anti-fraud department. The anti-fraud group seemed to be at least slightly more on the ball, but kept insisting on things like knowing my zip code when I was pretty sure my zip code would not be attached to the card in question. After I carefully guided the phone agent through doing a the database query, she finally located the card in question, which may or may not be legitimate but which (we established by checking a couple of digits) was not associated with my address, name or social security number. I suggested to her that she might want to have the account frozen, but she declined, and said that someone would simply contact the card holder. Not my problem any more, I said, and we ended the call. I suppose the lesson of all of this is that security is hard, and a security system that depends on large numbers of telephone center representatives to function is probably a bad idea. There are several ways that this could have been avoided, and that the entire problem could, in fact, have been avoided -- Chase could have avoided attaching an unconfirmed
Why AACS will fail
I have just finished a positional paper holding the view that AACS, Advanced Access Control System used for protection of HD recordable media, will fail as an effective measure against unauthorized copying of content. The argument is largely of an economical nature. http://traxme.net/aacs-fail.html The document may be revised if questions and comments demands it. Any feedback is welcome. In leu of a proper copyright notice, the article is published on a creative commons licence where it mey be quoted in full or in part, as long as reference is made to the author and the above link. Frank A. Stevenson - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
How to leak a secret and not get caught
FYI: Leaking a sensitive government document can mean risking a jail sentence - but not for much longer if an online service called WikiLeaks goes ahead. WikiLeaks is designed to allow anyone to post documents on the web without fear of being traced. http://www.newscientist.com/channel/tech/mg19325865.500-how-to-leak-a-secret -and-not-get-caught.html Peter - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
