Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
On Sat, 23 Oct 2004, Aaron Whitehouse wrote: Oh, and make it small enough to fit in the pocket, put a display *and* a keypad on it, and tell the user not to lose it. How much difference is there, practically, between this and using a smartcard credit card in an external reader with a keypad? Aside from the weight of the 'computer' in your pocket... The risks of using *somebody else's keypad* to type passwords or instructions to your smartcard, or using *somebody else's display* to view output that is intended to be private, should be obvious. --apb (Alan Barrett) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Are new passports [an] identity-theft risk?
On Fri, 22 Oct 2004, Perry E. Metzger wrote: I don't know who *else* has said it, but I've said this repeatedly at conferences. With phased arrays, you should be able to read RFID tags at surprising distances, and in spite of attempts to jam such signals (such as RSA's proposed RFID privacy mechanism). One thing that I have seen confuse people writing about the new passports is that RFID may mean different technologies. So I'd like to mention that the passports will not use the simple bar-code kind of RFID tags -- they will use chip cards communicating over ISO/IEC 14443. The current technology has big problems with working at a distance (in fact, the tests done with COTS 14443 readers shows that most have problems with reading passport-like cards even when placed at the optimal distance...), but I don't know enough about antenna technology to be able to guess what can be done by a dedicated attacker... /Krister PS. Most of the MRTD (Machine Readable Travel Documents) specifications are available at http://www.icao.int/mrtd/Home/index.cfm. PPS. Most people on this list seems to be interested in the US passport, so you may be interested in that the US department of state, and department of homeland security, seems to be doing a pilot of the new passport. The RFP is available from: http://www.statewatch.org/news/2004/jul/us-biometric-passport-original.pdf with some consolidated Q and A at http://www.statewatch.org/news/2004/jul/us-biometric-passport-QandA.pdf - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Are new passports [an] identity-theft risk?
On Sat, Oct 23, 2004 at 03:23:21PM -0400, Adam Shostack wrote: The technology will mature *very* rapidly if Virginia makes their driver's licenses RFID-enabled, or if the US goes ahead with the passports. Why? Because there will be a stunning amount of money to be stolen by not identity thieves, but real thieves. Imagine sitting with a laptop, a good antenna, and some software outside a metro station in Virginia. Or an upscale restaurant in Adams-Morgan, reading off the addresses of those who will be away from home for the next 3 hours. Correct me if I am wrong, but don't most of the passive, cheap RF or magnetic field powered RFIDs transmit maybe 128 bits of payload, not thousands and thousands of bits which would be enough to include addresses, names, useful biometric data and so forth ? For many if not most applications (inventory control and tracking) a 128 bit unique serial number is enough - are the passport and drivers license (soon apparently to be the same thing here in the USA at least in respect to an internal passport required for travel on public transportation) applications of RFID actually intended to allow reading tens of kilobytes of data or just a unique serial that can be used as a key in an on line database system ? The signaling reliability problem of successfully transmitting say 10 or 100 kb of data error free (enough for reasonable info about someone and some biometric measurements) is quite different from repeating 128 bits over and over and over until the reader succeeds in making the FEC and checksums work for a couple of reads out of thousands of repetitions of the 128 bits. Detecting a weak repeated short pattern in noise is much easier than reading thousands of bits with few or no errors (few enough to be corrected by a reasonable rate FEC). Whilst unique serial numbers read at a distance could be used in a variety of rather sinister ways, they aren't equivalent to dumping the names, addresses, weight, height, birth date, social security number and biometric signatures of someone in the clear. And obviously are much less useful to an unsophisticated thief without access to the database mapping the serial number to useful information. And further it seems reasonable to suppose that if larger blocks of useful data get dumped, it would be encrypted under carefully controlled keys at least for passport and similar applications. Granted that very sophisticated attackers might obtain some of these keys, but the average thief presumably would not have access to them. It does occur to me that RFID equipped passports or internal passports/driver licenses (your papers please) COULD be equipped with some kind of press to read switch the would require active finger pressure on the card to activate the RFID transmitter - this would leave them disabled and incapable of transmitting the ID when sitting in someone's wallet or purse. Aside from very sinister covert reading applications I cannot think of any reason why a RFID equipped identity card would need to be readable without the active cooperation and awareness of the person carrying the card, thus such a safeing mechanism would not be a real burden except to those with sinister covert agendas. And needless to say, copper screen or foil lined wallets would become very popular... -- Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass 02493 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: VIA PadLock reloaded (fwd from [EMAIL PROTECTED])
From: Michal Ludvig [EMAIL PROTECTED] Subject: Re: VIA PadLock reloaded To: James Morris [EMAIL PROTECTED] Cc: CryptoAPI List [EMAIL PROTECTED] Date: Sun, 24 Oct 2004 01:55:03 +0200 From: Michal Ludvig [EMAIL PROTECTED] Date: Sun, 24 Oct 2004 01:55:03 +0200 To: James Morris [EMAIL PROTECTED] Cc: CryptoAPI List [EMAIL PROTECTED] Subject: Re: VIA PadLock reloaded User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040616 Michal Ludvig wrote: James Morris wrote: On Sat, 23 Oct 2004, Michal Ludvig wrote: I'm currently updating the driver for VIA PadLock cryptoengine and once I'm on it I'd like to prepare it for kernel inclusion. Have you done any performance measurements with this? It would be interesting to see its effect on IPSec and disk encryption. Yes, some numbers are at http://www.logix.cz/michal/devel/padlock/bench.xp Just in case you have already looked there - few minutes ago I have added a new section with IPsec benchmark. Rough results: Plaintext throughput: 11.21 MB/s IPsec (ESP/transport) without HMAC: - PadLock AES: 11.00 MB/s (keylen independent) - AES-i586: 8.01 to 9.84 MB/s depending on the keylen - Generic C AES: 6.37 to 8.24 MB/s IPsec with HMAC-SHA256: - PadLock AES: 8.06 MB/s - Software AES slower by some 45% than without HMAC. As soon as I get VIA Esther that can do SHA1/SHA256 in hardware I'll update the padlock driver as well. Than I expect almost no slowdown even in HMAC mode (which is almost always used in ESP). Michal Ludvig ___ Subscription: http://lists.logix.cz/mailman/listinfo/cryptoapi List archive: http://lists.logix.cz/pipermail/cryptoapi -- -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgp2BDUwIHk2S.pgp Description: PGP signature
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
| [EMAIL PROTECTED] writes: | | I'm pretty sure that you are answering the question | Why did Microsoft buy Connectix? | | The answer to that one is actually To provide a | development environment for Windows CE (and later XP | Embedded) (the emulator that's used for development | in those environments is VirtualPC). Thank you for | playing. TILT No need to buy a company just to use its product in your development shop. Please insert additional coins. --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Are new passports [an] identity-theft risk?
On Sun, Oct 24, 2004 at 12:58:56AM -0400, Dave Emery wrote: | On Sat, Oct 23, 2004 at 03:23:21PM -0400, Adam Shostack wrote: | | The technology will mature *very* rapidly if Virginia makes their | driver's licenses RFID-enabled, or if the US goes ahead with the | passports. Why? Because there will be a stunning amount of money to | be stolen by not identity thieves, but real thieves. Imagine sitting | with a laptop, a good antenna, and some software outside a metro | station in Virginia. Or an upscale restaurant in Adams-Morgan, | reading off the addresses of those who will be away from home for the | next 3 hours. | | Correct me if I am wrong, but don't most of the passive, cheap | RF or magnetic field powered RFIDs transmit maybe 128 bits of payload, | not thousands and thousands of bits which would be enough to include | addresses, names, useful biometric data and so forth ? Unclear. Presuming you're right, that 128 bit number will become your ID, just like your SSN is now. If you broadcast it at the right time, you'll be Alice. | And further it seems reasonable to suppose that if larger blocks | of useful data get dumped, it would be encrypted under carefully | controlled keys at least for passport and similar applications. | Granted that very sophisticated attackers might obtain some of these | keys, but the average thief presumably would not have access to them. You're reasonable, they're the United States Government, and they have responsed to questions about how to protect the keys that would be used to read it. (which, after all, would need to be in at least thousands of readers, just in the US, never mind in the other 190 odd countries which will want to verify passports..) ACLU's Technology and Liberty Program describes what they were told in a briefing by Frank Moss, USA Deputy Assistant Secretary of State for Passport Services and director of the State Department's Bureau of Consular Affairs: passport issued in San Diego from January 2005 to August 2005. But you can't use the public key to then create a signature on a fraudulent document. And the public key is not used to access the data on the document -- that is wide open -- it is used only to verify the authenticity of the passport. (From http://hasbrouck.org/blog/archives/000434.html) | It does occur to me that RFID equipped passports or internal | passports/driver licenses (your papers please) COULD be equipped with | some kind of press to read switch the would require active finger | pressure on the card to activate the RFID transmitter - this would | leave them disabled and incapable of transmitting the ID when sitting in | someone's wallet or purse. Aside from very sinister covert reading | applications I cannot think of any reason why a RFID equipped identity | card would need to be readable without the active cooperation and | awareness of the person carrying the card, thus such a safeing mechanism | would not be a real burden except to those with sinister covert agendas. And who is going to pay for this press to read addition? Maybe, rather than designing with RFID, they could use a smart-card chip which requires contact? seems easier, no? Adam - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Financial identity is *dangerous*? (was re: Fake companies, real money)
http://www.financialcryptography.com/mt/archives/000219.html [EMAIL PROTECTED] wrote: ... to break the conundrum Ballmer finds himself in where the road forks towards (1) fix the security problem but lose backward compatibility, or (2) keep the backward compatibility but never fix the problem. I think the recent decision by Microsoft to not upgrade browsers indicates that they are plumbing for your choice (1). Backwards compatibility takes a back seat. I wrote more about it here: http://www.financialcryptography.com/mt/archives/000219.html His Board would prefer (2), the annuity of locked-in users, but it forces a bet that software liability never happens. Fixing the problem, for which the calls grow more strident daily, puts the desktop platform into play even more than it is now as it asks the users (who, having lost compatibility, thus have nothing to lose) to marry Redmond a second time. A VM-cures-all strategy is then an attempt to avoid having to choose between (1) and (2) by breaking backward compatibility for new things but bridging the old things with a magic box that both preserves the annuity revenue stream from locked-in users while it keeps the liability bar at bay. I have two questions: Does he have a board? I never heard of anyone but Bill Gates telling Ballmer what to do. Just curious! Secondly, is a VM strategy likely to work? Assuming that Microsoft can make it work nicely, it also opens the door for other OSs to be added into the mix, something that Microsoft wouldn't be that keen to promote. (I don't disagree with your comments, though!) iang - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Are new passports [an] identity-theft risk?
On Sat, Oct 23, 2004 at 03:23:21PM -0400, Adam Shostack wrote: 5 years? I don't think we have that long. The technology will mature *very* rapidly if Virginia makes their driver's licenses RFID-enabled, or if the US goes ahead with the passports. Why? Because there will be a stunning amount of money to be stolen by not identity thieves, but real thieves. Imagine sitting with a laptop, a good antenna, and some software outside a metro station in Virginia. Or an upscale restaurant in Adams-Morgan, reading off the addresses of those who will be away from home for the next 3 hours. Is the problem discriminating the RFID response, or supplying power so it can respond at all? How much power does the reader need to emit to activate the RFID? What sort of equipment is needed to deliver the power directionally? -- /\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAILMorgan Stanley confidentiality or privilege, and use is prohibited. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
OpenSSL 0.9.7e released (fwd from [EMAIL PROTECTED])
From: Mark J Cox [EMAIL PROTECTED] Subject: OpenSSL 0.9.7e released To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Date: Mon, 25 Oct 2004 14:49:49 +0100 (BST) Reply-To: [EMAIL PROTECTED] From: Mark J Cox [EMAIL PROTECTED] Date: Mon, 25 Oct 2004 14:49:49 +0100 (BST) To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: OpenSSL 0.9.7e released Reply-To: [EMAIL PROTECTED] OpenSSL version 0.9.7e released == OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.7e of our open source toolkit for SSL/TLS. This new OpenSSL version is a bugfix release and incorporates changes and bugfixes to the toolkit (for a complete list see http://www.openssl.org/source/exp/CHANGES ). The most significant changes are: o Fix race condition in CRL checking code. o Fixes to PKCS#7 (S/MIME) code. We consider OpenSSL 0.9.7e to be the best version of OpenSSL available and we strongly recommend that users of older versions upgrade as soon as possible. OpenSSL 0.9.7e is available for download via HTTP and FTP from the following master locations (you can find the various FTP mirrors under http://www.openssl.org/source/mirror.html): o http://www.openssl.org/source/ o ftp://ftp.openssl.org/source/ The distribution file name is: o openssl-0.9.7e.tar.gz MD5 checksum: a8777164bca38d84e5eb2b1535223474 The checksums were calculated using the following command: openssl md5 openssl-0.9.7e.tar.gz Yours, The OpenSSL Project Team... Mark J. Cox Ben Laurie Andy Polyakov Ralf S. Engelschall Richard Levitte Geoff Thorpe Dr. Stephen Henson Bodo Möller Lutz JänickeUlf Möller __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgpYa6NOSCgEG.pgp Description: PGP signature
Re: Printers betray document secrets
Marshall Clow wrote: At 10:44 PM -0700 10/20/04, Bill Stewart wrote: At 05:23 PM 10/18/2004, R.A. Hettinga wrote: http://news.bbc.co.uk/2/low/technology/3753886.stm It's not clear that they work at all with inkjet printers, and changing ink cartridges is even more common than changing laser printer cartridges. If you're sloppy, you've probably got a bunch of partly-used cartridges around, so even if you want to print out a bunch of ransom notes or whatever, you don't even have to go to Kinko's to get them to be different. If you're really concerned about this, buy a cheap inkjet, use it for your purposes, then destroy it. This only works if the marks are not such that the identity of the printer is linked to the marks (as opposed to being able to test whether a particular document was produced by a particular printer). To be really safe, I'd suggest going somewhere without surveillance cameras, buying a printer for cash, using it and then destroying it. Don't forget not to use your car and leave your mobile phone behind. Oh, and take the RFID tags out of your clothes. Cheers, Ben. -- ApacheCon! 13-17 November! http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Financial identity is *dangerous*? (was re: Fake companies, real money)
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Aaron Whitehouse Sent: Saturday, October 23, 2004 1:58 AM To: Ian Grigg Cc: [EMAIL PROTECTED] Subject: Re: Financial identity is *dangerous*? (was re: Fake companies, real money) Ian Grigg wrote: James A. Donald wrote: we already have the answer, and have had it for a decade: store it on a trusted machine. Just say no to Windows XP. It's easy, especially when he's storing a bearer bond worth a car. What machine, attached to a network, using a web browser, and sending and receiving mail, would you trust? None. But a machine that had one purpose in life: to manage the bearer bond, that could be trusted to a reasonable degree. The trick is to stop thinking of the machine as a general purpose computer and think of it as a platform for one single application. Then secure that machine/OS/ stack/application combination. Oh, and make it small enough to fit in the pocket, put a display *and* a keypad on it, and tell the user not to lose it. iang How much difference is there, practically, between this and using a smartcard credit card in an external reader with a keypad? Aside from the weight of the 'computer' in your pocket... That would seem to me a more realistic expectation on consumers who are going to have, before too long, credit cards that fit that description and quite possibly the readers to go with them. Aaron If we're going to insist on dedicated, trusted, physical devices for these bearer bonds, then how is this different than what Chaum proposed over 15 years ago? If you just add a requirment for face to face transactions, then I already have one of these - its called a wallet containing cash. Peter - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]