Re: Entropy of other languages
On Sun, Feb 04, 2007 at 03:46:41PM -0800, Allen wrote: An idle question. English has a relatively low entropy as a language. Don't recall the exact figure, but if you look at words that start with q it is very low indeed. I seem to recall Shannon did some experiments which showed that with a human as your probability oracle, it's roughly 1-2 bits per letter. Many of his papers are online last time I looked, but some of his experimental results are harder to locate online. What about other languages? Does anyone know the relative entropy of other alphabetic languages? What about the entropy of ideographic languages? Pictographic? Hieroglyphic? IIRC, it turned out that Egyptian heiroglyphs were actually syllabic, like Mesopotamian, so no fun there. Mayan, on the other hand, remains an enigma. I read not long ago that they also had a way of recording stories on bundles of knotted string, like the end of a mop. -- The driving force behind innovation is sublimation. -- URL:http://www.subspacefield.org/~travis/ For a good time on my UBE blacklist, email [EMAIL PROTECTED] pgpyE3iyc6JFI.pgp Description: PGP signature
Discrete logarithms modulo 530-bit prime
Thorsten Kleinjung reports recent success on computing discrete logarithms modulo 530-bit (160 decimal digits) prime: http://listserv.nodak.edu/cgi-bin/wa.exe?A2=ind0702L=nmbrthryT=0P=194 Max - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
FW: Entropy of other languages
Steven M. Bellovin wrote: On Sun, 04 Feb 2007 15:46:41 -0800 Allen [EMAIL PROTECTED] wrote: Hi gang, An idle question. English has a relatively low entropy as a language. Don't recall the exact figure, but if you look at words that start with q it is very low indeed. What about other languages? Does anyone know the relative entropy of other alphabetic languages? What about the entropy of ideographic languages? Pictographic? Hieroglyphic? It should be pretty easy to do at least some experiments today -- there's a lot of online text in many different languages. Have a look at http://www.gutenberg.org/catalog/ for freely-available books that one could mine for statistics. As a very rough proxy, look at the length of the same text in different translations. My father was in advertising in Europe. When they laid out a print ad, they always did so using the German text. If the German fit, any other language they were interested in would do so as well. Now that I work (among other things) on cellphone applications, I'm running into similar issues in internationalizing text on tiny screens. Peter Trei Disclaimer: This is a personal opinion. It may or may not jibe with my employer's opinion. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: man in the middle, SSL
| somewhat related | Study Finds Bank of America SiteKey is Flawed | http://it.slashdot.org/it/07/02/05/1323243.shtml Recall how SiteKey works: When you register, you pick an image (from a large collection) and a phrase. Whenever you connect, the bank will play back the image and phrase. You aren't supposed to enter your password until you see your own image and phrase. The usability problem found in the study was that if you build a login page with the image and phrase replaced by something else that seems to go that - like a notification about a systems upgrade, or maybe an ad for a bank service - most people (90%?) will just go ahead and enter their password anyway. Unfortunately, the all ads all the time nature of today's web sites has conditioned people not to expect *anything* to remain constant. We're used to judging the trustworthiness of those with interact with in the real world by various invariant marks and other features. If you go to your bank and find the signs have all changed, you will at the least be a bit suspicious. At a web site - who would think twice? SiteKey tries to use something that's invariant but unique to you. That's a distinction people clearly don't make automatically. Whether with sufficient training and experience they will learn to do so remains to be seen. (BofA is very consistent in telling you *never* to enter your password without first checking for your image and phrase. Clearly, though, it hasn't clicked for people.) Of course, SiteKey isn't the full answer - if I know your login name, I can try to log in to BofA and get a copy of your image and phrase. What SiteKey at best prevents is broad-based non-personalized attacks. Automating skimming of SiteKey information using some virus is a plausible attack, and we'll see it eventually if it appears worth someone's while. Combined with some of the other reports coming out about the lack of effectiveness of EV cert indicators (why *that* surprises anyone is beyond me) and of pretty much every other technique that anyone has proposed so far, it's clear that the battle against phishing is going to be long and hard, and that victory is very far from clear. In architecture, there is the notion of a building have human scale. Places built ignoring that notion feel overwhelming. (Sometimes that's the point, of course.) The Internet, as it's evolved to this point, clearly lacks human scale. People's intuitions quick responses, all the things we've evolved and learned to deal with the real world, don't match the world of the web. Until we can figure out how to bring human capabilities and limitations into the picture much more effectively and thoroughly than we have so far, things are going to get much worse. -- Jerry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: man in the middle, SSL
Leichter, Jerry wrote: Recall how SiteKey works: When you register, you pick an image (from a large collection) and a phrase. Whenever you connect, the bank will play back the image and phrase. You aren't supposed to enter your password until you see your own image and phrase. i.e. it is a countermeasure to a impersonation attack ... not a man-in-the-middle (impersonation). all it presumably attempts to address is are you talking to the website you think you are talking to ... which is the same thing that SSL countermeasure to man-in-the-middle is supposed to be doing. man-in-the-middle can defeat simple impersonation countermeasures by impersonating the server to the client and impersonating the client to the server ... and (somewhat) transparently passing traffic in both directions. requiring the server to present unique something you know authentication information is then straight forward for man-in-the-middle by having access to the real server. i would contend that the issue for introducing sitekey ... was that SSL wasn't adequately protecting against man in the middle attacks ... i.e. previous posts http://www.garlic.com/~lynn/aadsm26.htm#26 man in the middle, SSL http://www.garlic.com/~lynn/aadsm26.htm#27 man in the middle, SSL ... addenda http://www.garlic.com/~lynn/[EMAIL PROTECTED] man in the middle, SSL ... however, i contend that sitekey isn't even designed to be countermeasure against man-in-the-middle attacks ... it only is a countermeasure against simple impersonation attacks ... so it isn't even addressing the short-comings in SSL that (my opinion) gave rise for the need for sitekey in the first place. the other issue is that your own image and phrase is a shared secret (and a flavor of static something you know authentication) ... so it presumably requires similar practices required for password shared secrets ... if it had turned out to significantly address SSL short-comings (mitm-attacks) and saw wide deployment then presumably you would need a unique flavor for every unique security domain (ala password shared secrets). The implication then is that it would scale as poorly as password shared secret paradigm. previous post mentioning that the paradigm might scale as poorly as other shared secret based authentication implementations http://www.garlic.com/~lynn/2007b.html#10 Special characters in passwords was Re: RACF - Password rules misc. posts mentioning man-in-the-middle attacks http://www.garlic.com/~lynn/subintegrity.html#mitm misc. posts mentioning shared secret (authentication) paradigm http://www.garlic.com/~lynn/subintegrity.html#secret - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Entropy of other languages
Allen [EMAIL PROTECTED] wrote: An idle question. English has a relatively low entropy as a language. Don't recall the exact figure, but if you look at words that start with q it is very low indeed. What about other languages? Does anyone know the relative entropy of other alphabetic languages? What about the entropy of ideographic languages? Pictographic? Hieroglyphic? The most general answer is in a very old paper of Mandelbrot's. Sorry, I don't recall the exact reference or have it to hand. He starts from information theory and an assumption that there needs to be some constant upper bound on the receiver's per-symbol processing time. From there, with nothing else, he gets to a proof that the optimal frequency distribution of symbols is always some member of a parameterized set of curves. Pick the right parameters and Mandelbrot's equation simplifies to Zipf's Law, the well-known rule about word, letter or sound frequencies in linguistics. I'm not sure if you can also get Pareto's Law which covers income wealth distributions in economics. -- Sandy Harris Quanzhou, Fujian, China - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: convenience vs risk -- US public elections by email and beyond
Thanks for all the comments in and off list. A revised write-up is available at http://www.gather.com/viewArticle.jsp?articleId=281474976901451 More examples where convenience trumps ease-of-use, and risk, will be added from time to time. Please check back. Comments and suggestions are welcome. Best, Ed Gerck - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: man in the middle, SSL ... addenda 2
so the assertion in the previous post http://www.garlic.com/~lynn/aadsm26.htm#30 man in the middle, SSL was that sitekey as being introduced because of shortcomings in SSL countermeasures to man-in-the-middle attacks however sitekey only deals with simple impersonation and is easily defeated with a man-in-the-middle attack in earlier post http://www.garlic.com/~lynn/aadsm26.htm#27 man in the middle, SSL there was reference to SSL attempting to address man-in-the-middle attacks and are you really talking to the server that you think you are talking to. however, SSL might be better characterized as verifying that the operator of the webserver is the owner of the corresponding domain name ... aka a digital certificate pki operation demonstrates that the operator of the webserver has use of the private key that corresponds to the public key in the digital certificate ... bound to the domain name. The browser than validates that the domain name in the URL is the same as the domain name in the (validated) digital certificate. one of my assertions is that problems cropped up when the public started associating webservers with buttons that they clicked on ... significantly degrading any association in most of the publics' mind between URLs and the webserver. Since the public weren't effectively associating URLs with webservers ... and the only function provided by SSL (as countermeasure to man-in-the-middle attacks) was validating the correspondence between the URL and the webserver a widening security gap exists between the buttons that the public associate with webservers and the URL, which is the unit of validation by SSL one conclusion is if countermeasures are introduced that don't actually address the actual security vulnerabilities ... then they may not be able to eliminate those security vulnerabilities. so one countermeasure that has been introduced (to close some part of the security gap) is by some of the email clients which look for buttons in the content ... and if the label of the button appears to be a url/http ... it checks if the actual url/http is the same as the claimed url/http. if they don't match ... the email client will flag the email as potential problem. The simple countermeasure by attackers ... is to not use a http/url label for the button (i.e. just label the button something else, say the name of some financial institution). Another kind of approach trying to close the gap between what the people associate with webservers and the actual URL used ... is to take a page out of PGP and have a list of trusted urls (or at least domain names). Browsers display the assigned trust level recorded for that domain name used in the URL (and then SSL verifies that the webserver contacted is actually the webserver for that URL). This would start to provide a mechanism for closing the gap between what the public deals with and the part of the infrastructure being checked by SSL. (at least) two problems with this approach: 1) a repository of URL trust levels is almost identical to a trusted public key repository (directly used by PGP). the repository could directly record both the URL, the public key for that URL as well as the associated trust level. this would be another demonstration of digital certificates being redundant and superfluous in an online world and would provide the basis for a more trusted environment than the current SSL operation misc. past posts mentioning certificateless public key operation http://www.garlic.com/~lynn/subpubkey.html#certless 2) so the new (old) attack is social engineering attempting to get people to click on various buttons that change the trust level in their local trust repository. however, that also exists today ... social engineering to get people to load certification authority digital certificates into their local (certificate authority public key) repository. so number #1 doesn't eliminate all possible attacks ... however, it actually addresses one of the identified security vulnerabilities/attacks ... as opposed to supplying fixes for things other than what is actually broken. lots of past posts mentioning ssl domain name certificates including posts in long thread about the certificates providing more of a feeling of comfort, as opposed to actually security, integrity, trust, etc. http://www.garlic.com/~lynn/subpubkey.html#sslcert note that #1, in attempt to close the gap between what the public associates with websites ... and what is SSL is validated for a website (i.e. some chance that the operator of a webserver reached by the domain name in the URL is the same as the owner of that domain name) ... it can actually close some of the gaps ... but in doing so, it increases the need for endpoints with some level of integrity ... and/or it leaves the end-points as possibly the weaskest link in the trust chain. also as outlined in #1, the
Re: Entropy of other languages
On Mon, Feb 05, 2007 at 09:08:07PM -0600, Travis H. wrote: IIRC, it turned out that Egyptian heiroglyphs were actually syllabic, like Mesopotamian, so no fun there. Mayan, on the other hand, remains an enigma. I read not long ago that they also had a way of recording stories on bundles of knotted string, like the end of a mop. Er, no, Mayan has been decoded: http://www.omniglot.com/writing/mayan.htm The knotted string system was an Inca writing system, IIRC. Nico -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Entropy of other languages
Travis H. wrote: On Sun, Feb 04, 2007 at 03:46:41PM -0800, Allen wrote: [...] What about other languages? Does anyone know the relative entropy of other alphabetic languages? What about the entropy of ideographic languages? Pictographic? Hieroglyphic? IIRC, it turned out that Egyptian heiroglyphs were actually syllabic, like Mesopotamian, so no fun there. Mayan, on the other hand, remains an enigma. I read not long ago that they also had a way of recording stories on bundles of knotted string, like the end of a mop. The string-encoding system was Incan, not Mayan. They're called 'quipus', and while they contain a lot of numeric data, its highly debated whether they were a generalized writing system (most experts seem to doubt it). The Maya used an logosyllabic writing system which has been deciphered, most of the progress having been made in the last 25 years or so. Peter Trei - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
One Laptop per Child security
Earlier today, I publicly released the architecture-level specification for Bitfrost, the security platform on the One Laptop per Child machines: http://dev.laptop.org/git.do?p=security;a=blob;hb=HEAD;f=bitfrost.txt This is a complete but non-technical spec, with its technical complement scheduled for release sometime in late March (there's a pile of crypto powering various choice bits of the system). Comments are very much invited. Cheers, -- Ivan Krstić [EMAIL PROTECTED] | GPG: 0x147C722D - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: One Laptop per Child security
And here is the wired coverage of the BitFrost platform: http://www.wired.com/news/technology/0,72669-0.html?tw=wn_culture_1 From the article: But it should come as no surprise -- given how thoroughly the project has rewritten the conventions of what a laptop should be -- that the OLPC's security isn't built on firewalls and anti-virus software. Instead, the XO will premiere a security system that takes a radical approach to computer protection. For starters, it does away with the ubiquitous security prompts so familiar to users of Windows and anti-virus software, said Ivan Krstic, a young security guru on break from Harvard, who's in charge of security for the XO. How can you expect a 6-year old to make a sensible decision when 40-year olds can't? Krstic asked, in a session at the 2007 RSA Conference. Those boxes simply train users to check yes, he argued. Krstic's system, known as the BitFrost platformRead more at: http://www.wired.com/news/technology/0,72669-0.html?tw=wn_culture_1 saqib http://www.full-disk-encryption.net - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Entropy of other languages
On Wed, Feb 07, 2007 at 05:42:49AM -0800, Sandy Harris wrote: He starts from information theory and an assumption that there needs to be some constant upper bound on the receiver's per-symbol processing time. From there, with nothing else, he gets to a proof that the optimal frequency distribution of symbols is always some member of a parameterized set of curves. Do you remember how he got from the upper bound on processing time to anything other than a completely uniform distribution of symbols? Seems to me a flat distribution has the minimal upper bound on information content per symbol for a given amount of information! -- Good code works. Great code can't fail. -- URL:http://www.subspacefield.org/~travis/ For a good time on my UBE blacklist, email [EMAIL PROTECTED] pgpmipxzIhxBi.pgp Description: PGP signature
Re: One Laptop per Child security
On Wed, 7 Feb 2007 15:04:40 -0800 Saqib Ali [EMAIL PROTECTED] wrote: And here is the wired coverage of the BitFrost platform: http://www.wired.com/news/technology/0,72669-0.html?tw=wn_culture_1 From the article: But it should come as no surprise -- given how thoroughly the project has rewritten the conventions of what a laptop should be -- that the OLPC's security isn't built on firewalls and anti-virus software. Instead, the XO will premiere a security system that takes a radical approach to computer protection. For starters, it does away with the ubiquitous security prompts so familiar to users of Windows and anti-virus software, said Ivan Krstic, a young security guru on break from Harvard, who's in charge of security for the XO. How can you expect a 6-year old to make a sensible decision when 40-year olds can't? Krstic asked, in a session at the 2007 RSA Conference. Those boxes simply train users to check yes, he argued. Krstic's system, known as the BitFrost platformRead more at: http://www.wired.com/news/technology/0,72669-0.html?tw=wn_culture_1 We're digressing to general security topics here, but I'll take a chance that our moderator will allow this through -- I do mention crypto... That firewalls should be omitted is no surprise. A firewall is a device for centralized policy enforcement; it's useful when policy to the outside -- whatever that is -- is different than policy for the inside. If you don't have a well-defined inside and outside, they're not very useful. However, their primary benefit comes from keeping the bad guys away from buggy code. That problem, I predict, will afflict this project as well -- just because a service uses cryptographic authentication doesn't make it immune to bugs, including bugs before the crypto authentication has succeeded. Even if the crypto authentication succeeds, all it means is that some process on the other machine has access to the credentials; it says nothing about whether or not the human in front of that machine wants to connect. The AV decision is more problematic. While a good security model can prevent system files from being overwritten, most worms use purely user-level abilities. It would take a fairly radical OS design to prevent a user-level worm from spreading. (Thought experiment: explain what OS facilities would have prevented the 1988 Internet worm from succeeding. My conclusion, way back when, that nothing in, say, the Orange Book would have stopped it was a major step in my evolution as a security researcher. It can be done, I suspect, but only by very stringent restrictions on application privileges. Have you designed such restrictions? Now assume it's a dual-mode worm, that attacks web servers and web browsers.) --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Entropy of other languages
On Wed, Feb 07, 2007 at 05:53:16PM -0500, Steven M. Bellovin wrote: Speakers of such Native American languages as Navajo, Choctaw and Cheyenne served as radio operators, know as Code Talkers, to keep communications secret during both World Wars. Welsh speakers played a similar role during the Bosnian War. Does anyone know anything more about this use of Welsh? http://en.wikipedia.org/wiki/Welsh_Guards says: In 2002 the regiment arrived in Bosnia as part of SFOR, a NATO-led force intended to ensure peace and stability reigns supreme in the Balkan nation. During their deployment HM the Queen Mother died. A number of officers of the Welsh Guards stood in vigil around the Queen Mother's coffin which was lying in state in Westminster Hall, one of a number of regiments to do so. The regiment returned home from their deployment to Bosnia later in the year. That's all I could find in a 10 minute search... -- Good code works. Great code can't fail. -- URL:http://www.subspacefield.org/~travis/ For a good time on my UBE blacklist, email [EMAIL PROTECTED] pgp0PTSZawU9U.pgp Description: PGP signature