Re: [Cryptography] Crypto being blamed in the London riots.
On 2011-08-09, Nick wrote: However, as was pointed out then, apparently the encryption is to from RIM's servers, not the recipient. So RIM have access to all the 'secret' messages. I expect GCHQ the Met will make sure said systems are patched in to their surveillance programme in no time. Thus, why not turn the Trusted Computing idea on its head? Simply make P2P public key cryptography available to your customers, and then bind your hands behind your back in an Odysseian fasion, using hardware means? Simply make it impossible for even yourself to circumvent the best cryptographic protocol you can invent, which you embed in your device before ever unveiling it, and then just live with it? Unfortunately the present climate in England is such that I can't imagine such measures being anything but lauded. Thus the need for credible precommitment, TC-style, at the hardware level.. -- Sampo Syreeni, aka decoy - de...@iki.fi, http://decoy.iki.fi/front +358-50-5756111, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2 ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
[Cryptography] Today's XKCD is on password strength.
Today's XKCD is on password strength. The advice it gives is pretty good in principle... http://xkcd.com/936/ -- Perry E. Metzgerpe...@piermont.com ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Today's XKCD is on password strength.
On Wed, Aug 10, 2011 at 10:12 AM, Perry E. Metzger pe...@piermont.com wrote: Today's XKCD is on password strength. The advice it gives is pretty good in principle... http://xkcd.com/936/ For a single password on a system with flexible rules, it's good advice. Real world, with a dozen non-reused passwords needed on systems with limited password lengths, not so much. correct stable horse battery? -- Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209 ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
[Cryptography] Vulnerabilities (in theory and in practice) in P25 two-way radios
Our (Sandy Clark, Travis Goodspeed, Perry Metzger, Zachary Wasserman, Kevin Xu and me) Usenix Security paper on vulnerabilities in the P25 two-way radio system (used by public safety agencies in the US and elsewhere) is out today. See http://www.crypto.com/papers/p25sec.pdf for the paper (pdf format) and http://www.crypto.com/p25 for a summary of mitigations. -matt ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Crypto being blamed in the London riots.
On Wed, 10 Aug 2011 11:53:11 -0400 Ken Buchanan ken.bucha...@gmail.com wrote: On Tue, Aug 9, 2011 at 8:02 PM, Sampo Syreeni de...@iki.fi wrote: Thus, why not turn the Trusted Computing idea on its head? Simply make P2P public key cryptography available to your customers, and then bind your hands behind your back in an Odysseian fasion, using hardware means? Simply make it impossible for even yourself to circumvent the best cryptographic protocol you can invent, which you embed in your device before ever unveiling it, and then just live with it? Why not, indeed... Because no regulatory regime in the world would allow this. Funny, that, since Sampo's proposal is more or less how Blackberry chat actually works. (Various previous posters had the details wrong.) Also all blackberry corporate services work without RIM having any access to the content -- they only get access to email for individual users for whom they terminate the encrypted tunnel. Perry -- Perry E. Metzgerpe...@piermont.com ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Crypto being blamed in the London riots.
On Wed, 10 Aug 2011 11:59:53 -0400 John Ioannidis j...@tla.org wrote: On Tue, Aug 9, 2011 at 8:02 PM, Sampo Syreeni de...@iki.fi wrote: Thus, why not turn the Trusted Computing idea on its head? Simply make P2P public key cryptography available to your customers, and then bind your hands behind your back in an Odysseian fasion, using hardware means? Simply make it impossible for even yourself to circumvent the best cryptographic protocol you can invent, which you embed in your device before ever unveiling it, and then just live with it? Customers? There is no profit in any manufacturer or provider to build that kind of functionality. Blackberry already more or less has that functionality, which disproves your hypothesis. Perry -- Perry E. Metzgerpe...@piermont.com ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Today's XKCD is on password strength.
On Aug 10, 2011, at 10:12 AM, Perry E. Metzger wrote: Today's XKCD is on password strength. The advice it gives is pretty good in principle... http://xkcd.com/936/ You still need a password manager to remember which of the dozens of easily-remembered passwords you used, so you might as well just use the 20-character random generator they all have. Not bad for a stopgap if you're caught needing to make one up on the fly though. ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Crypto being blamed in the London riots.
On Aug 10, 2011, at 12:19 53PM, Perry E. Metzger wrote: On Wed, 10 Aug 2011 11:59:53 -0400 John Ioannidis j...@tla.org wrote: On Tue, Aug 9, 2011 at 8:02 PM, Sampo Syreeni de...@iki.fi wrote: Thus, why not turn the Trusted Computing idea on its head? Simply make P2P public key cryptography available to your customers, and then bind your hands behind your back in an Odysseian fasion, using hardware means? Simply make it impossible for even yourself to circumvent the best cryptographic protocol you can invent, which you embed in your device before ever unveiling it, and then just live with it? Customers? There is no profit in any manufacturer or provider to build that kind of functionality. Blackberry already more or less has that functionality, which disproves your hypothesis. More precisely, Blackberry email is encrypted from the recipient's Exchange server to the mobile device. The scenario is corporate email; the business case is that RIM could claim that they *couldn't* read the email; they never had it in the clear. However, that's only true for that service. For personal Blackberries, there is no corporate-owned server doing the encryption. The service in question here, though, is Blackberry Messenger. There seems to be some confusion about whether or not such messages are encrypted, and if so under what circumstances. One link (http://www.berryreview.com/2010/08/06/faq-blackberry-messenger-pin-messages-are-not-encrypted/) says that they're not, in any meaningful form. More authoritatively, http://web.archive.org/web/20101221211610/http://www.cse-cst.gc.ca/its-sti/publications/itsb-bsti/itsb57a-eng.html says that they aren't. The most authoritative source is RIM itself. P 27 of http://docs.blackberry.com/16650/ confirms the CSE document. Looking at things more abstractly, there's a very difficult key management problem for a decentralized, many-to-one encryption service. Here, you're either in CA territory or web of trust territory. In this case, are the alleged perpetrators of the riots careful enough about to which keys they're sending the organizing messages? If the pattern is anything like Facebook friending, I sincerely doubt it. --Steve Bellovin, http://www.cs.columbia.edu/~smb ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Today's XKCD is on password strength.
On Wed, Aug 10, 2011 at 10:12 AM, Perry E. Metzger pe...@piermont.comwrote: Today's XKCD is on password strength. The advice it gives is pretty good in principle... http://xkcd.com/936/ FWIW, http://tim.dierks.org/2007/03/secure-in-browser-javascript-password.html - Tim ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Today's XKCD is on password strength.
On Wed, Aug 10, 2011 at 07:12:07AM -0700, Perry E. Metzger wrote: Today's XKCD is on password strength. The advice it gives is pretty good in principle... . . . unless the person trying to crack the password treats the password as a passphrase like the user does, and uses combinations of common words rather than strings of random letters to try to crack the password. The problem is that ~44 bits of entropy here assumes the person trying to crack the password is using the simplest possible means of brute force cracking, and is not clever enough to consider the possibility that there may be patterns of character selection based on terms in the English language. The correct horse battery staple example imposes patterns on password generation that do not exist in, say, gCac2 RY9%sK%/3Q2!P}p2?'H1q?. I find it frankly shocking that most of the people in the world trying to come up with a clever trick to get around using strong passwords simply do not think about the fact that when the characters in your password have predictable relationships to one another (e.g., Y9%sK as a pattern appears in no natural language word, but horse certainly does appear, and is a predictable relationship between characters), that cuts into the effective randomness of the string of characters you use. A collection of words does *not* produce as many bits of entropy as people seem to think. I also find it frankly shocking that it seems like nobody in the world has heard of a password manager. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] pgpL4IG0kw4R2.pgp Description: PGP signature ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
[Cryptography] ADMIN: sending from a second account to the list
Several people have complained to me that they get their email for the list sent from a different address than the one they send from and that their mail has bounced as a result. To take care of this, on your own, just add a second account using the web interface and click the no mail option. You will then be able to mail to the list from that address but you won't get mail to it. For those that asked, this isn't a normal Mailman feature -- I hacked it in with a Postfix policy daemon so it happens at the MTA dialog. It is necessary because the list gets hundreds and sometimes thousands of spam attempts a day and I didn't want to deal with the mail queues being clogged with thousands of bounce messages that would never be delivered Perry -- Perry E. Metzgerpe...@piermont.com ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography