Re: Can you help develop crypto anti-spoofing/phishing tool ?

[Ian G]

Daniel Carosone wrote:
On Wed, Feb 02, 2005 at 10:11:54PM +0200, Amir Herzberg wrote:
 

We develop TrustBar, a simple extension to FireFox (& Mozilla), that 
displays the name and logo of SSL protected sites, as well as of the CA 
(so users can notice the use of untrusted CA). 
   

Other merits of the idea aside, if the user knows the CA is untrusted,
what's it doing in the browser's trust path?
 

The user doesn't select the trust path, the
browser manufacturer does.  It is a bug to
think that the user trusts the CA.  She
doesn't even know their names, let alone
whether she would trust them, in the current
system.
If we're going to assume users are capable of making this decision, we
should make it easier for them to express that decision properly
within the existing mechanism.
 

The existing method is that the root list is
chosen by methods arcane and obscure,
which may have to do with user benefit,
or may not.  Either way, the user is given
a root list that is long and chosen and hidden.
How do you suggest the user deals with
this list?  Given that the average list has
100+ entries...
What Amir and Ahmad are looking at is
showing the CA as part of the trust equation
when the user hits a site.  Some CAs will
enter the user's consciousness via normal
branding methods, and new ones will
trigger care & caution.  Which is what
we want - if something strange pops up,
the user should take more care.
iang
--
News and views on what matters in finance+crypto:
   http://financialcryptography.com/
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Can you help develop crypto anti-spoofing/phishing tool ?

[Daniel Carosone]

On Wed, Feb 02, 2005 at 10:11:54PM +0200, Amir Herzberg wrote:
> We develop TrustBar, a simple extension to FireFox (& Mozilla), that 
> displays the name and logo of SSL protected sites, as well as of the CA 
> (so users can notice the use of untrusted CA). 

Other merits of the idea aside, if the user knows the CA is untrusted,
what's it doing in the browser's trust path?

If we're going to assume users are capable of making this decision, we
should make it easier for them to express that decision properly
within the existing mechanism.

--
Dan.


pgpKGu99hlUjy.pgp
Description: PGP signature

Re: Dell to Add Security Chip to PCs

[Dan Kaminsky]

Uh, you *really* have no idea how much the black hat community is 
looking forward to TCPA.  For example, Office is going to have core 
components running inside a protected environment totally immune to 
antivirus.  Since these components are going to be managing 
cryptographic operations, the "well defined API" exposed from within the 
sandbox will have arbitrary content going in, and opaque content coming 
out.  Malware goes in (there's not a executable environment created that 
can't be exploited), sets up shop, has no need to be stealthy due to the 
complete blockage of AV monitors and cleaners, and does what it wants to 
the plaintext and ciphertext (alters content, changes keys) before 
emitting it back out the opaque outbound interface.

So, no FUD, you lose :)
--Dan

Erwann ABALEA wrote:
On Wed, 2 Feb 2005, Trei, Peter wrote:
 

Seeing as it comes out of the TCG, this is almost certainly
the enabling hardware for Palladium/NGSCB. Its a part of
your computer which you may not have full control over.
   

Please stop relaying FUD. You have full control over your PC, even if this
one is equiped with a TCPA chip. See the TCPA chip as a hardware security
module integrated into your PC. An API exists to use it, and one if the
functions of this API is 'take ownership', which has the effect of
erasing it and regenerating new internal keys.
 


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

VeriSign and Conflicts of Interest

[Ian G]

((( Financial Cryptography Update: VeriSign and Conflicts of Interest )))
  February 02, 2005
http://www.financialcryptography.com/mt/archives/000332.html

Adam and I have written to ICANN on the VeriSign conflict of interest.
ICANN - the Internet numbers and names authority - are in the throes of
awarding the top level domain (TLD) of .net to an operator.  Currently
VeriSign holds this contract, but we are concerned about their conflict
of interest with their NetDiscovery service which facilitates
intercepts for law enforcement.
http://forum.icann.org/lists/net-rfp-verisign/msg8.html
Effectively, as a certificate authority (CA), they could be asked to
issue false certificates in your name and eavesdrop on your
communications.  All legally of course, as per court order or subpoena,
but the issue arises that they are now serving two masters - the
company on whom the order is served, and you the user.
http://en.wikipedia.org/wiki/Conflict_of_interest
Not only is that a conflict of interest, but it is a complete breach in
the spirit of the SSL's signed certificate security architecture.  As
each CA is meant to be trusted - by you - this means they need to avoid
such conflicts.
Personally, I can't see any way out of this one.  Either VeriSign gives
up the certificate authority and TLD business, or its NetDiscovery
business, or it's the end of any use of the word trust in the trusted
third party concept.
I'd encourage you all to dive over to the ICANN site and file comments.
VeriSign runs the domains, and issues half the net's secure
certificates.  It's also angling to be the net's intercept service. 
Enough is enough, let's spread these critical governance roles around a
bit.

http://icann.org/tlds/net-rfp/net-rfp-public-comments.htm
--
Powered by Movable Type
Version 2.64
http://www.movabletype.org/

--
News and views on what matters in finance+crypto:
   http://financialcryptography.com/
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Dell to Add Security Chip to PCs

[Ian G]

Erwann ABALEA wrote:
On Wed, 2 Feb 2005, Trei, Peter wrote:
 

Seeing as it comes out of the TCG, this is almost certainly
the enabling hardware for Palladium/NGSCB. Its a part of
your computer which you may not have full control over.
   

Please stop relaying FUD. You have full control over your PC, even if this
one is equiped with a TCPA chip. See the TCPA chip as a hardware security
module integrated into your PC. An API exists to use it, and one if the
functions of this API is 'take ownership', which has the effect of
erasing it and regenerating new internal keys.
 

So .. the way this works is that Dell & Microsoft
ship you a computer with lots of nice multimedia
stuff on it.  You take control of your chip by erasing
it and regenerating keys, and then the multimedia
software that you paid for no longer works?
I'm just curious on this point.  I haven't seen much
to indicate that Microsoft and others are ready
for a nymous, tradeable software assets world.
iang
--
News and views on what matters in finance+crypto:
   http://financialcryptography.com/
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Can you help develop crypto anti-spoofing/phishing tool ?

[Amir Herzberg]

We develop TrustBar, a simple extension to FireFox (& Mozilla), that 
displays the name and logo of SSL protected sites, as well as of the CA 
(so users can notice the use of untrusted CA). I think it is fair to say 
that this extension fixes some glitches in the deployment of SSL/TLS, 
i.e. in the most important practical cryptographic solution.

TrustBar works pretty well for several alpha users. The solution 
benefited a lot from discussions on this list, including substantial 
input by Ian. You can download it from http://trustbar.mozdev.org (and 
it is completely script so what you download is also the source code).

I am hoping some of you may be able to help improve, evaluate and deploy 
this solution. In particular, we need implementations for other browsers 
(e.g. IE...); we can also use help in continuing our development as 
several pretty cool ideas are not done yet, due to other commitments of 
us (Ahamd Gbara and me). For example, we designed a simple mechanism to 
allow sites to protect (cryptographically) also pages where SSL is too 
expensive, but it is waiting for implementation for a while...  And of 
course we need evaluations, code reviews, testing... In fact, I wouldn't 
object if some serious open-code developer assumed responsibility...

If people are interested, and want to discuss face to face, I'll be in 
RSA on 15-18/February...

Best, Amir Herzberg
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Is 3DES Broken?

[Steven M. Bellovin]

In message <[EMAIL PROTECTED]>, bear writes:
>
>
>On Mon, 31 Jan 2005, Steven M. Bellovin wrote:
>
>
>>>[Moderator's note: The quick answer is no. The person who claims
>>> otherwise is seriously misinformed. I'm sure others will chime
>>> in. --Perry]
>>
>>I'll be happy to second Perry's comment -- I've seen no evidence
>>whatsoever to suggest that it's been broken.  But there are some
>>applications where it's a bad choice for cryptographic reasons.
>>
>>When using CBC mode, one should not encrypt more than 2^32 64-bit
>>blocks under a given key.
>
>I think you meant ECB mode?
>

No, I meant CBC -- there's a birthday paradox attack to watch out for.

--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Is 3DES Broken?

[bear]

On Mon, 31 Jan 2005, Steven M. Bellovin wrote:


>>[Moderator's note: The quick answer is no. The person who claims
>> otherwise is seriously misinformed. I'm sure others will chime
>> in. --Perry]
>
>I'll be happy to second Perry's comment -- I've seen no evidence
>whatsoever to suggest that it's been broken.  But there are some
>applications where it's a bad choice for cryptographic reasons.
>
>When using CBC mode, one should not encrypt more than 2^32 64-bit
>blocks under a given key.

I think you meant ECB mode?

whichever it is, as you point out there are other and more secure
modes available for using 3DES if you have a fat pipe to encrypt.

Bear

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Researchers Combat Terrorists by Rooting Out Hidden Messages

[AW]

Just herd of this  http://www.spammimic.com/
AW
Alan wrote:
On Tue, 2005-02-01 at 23:21 -0800, Steve Schear wrote:
If you really want to send secret messages, just send it in the chaff in
spam.  Everyone is programmed to ignore it or filter it out.
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Peppercoin Small Payments Processing Suite Available to First Data Channels

[R.A. Hettinga]

Yahoo! Finance


Press Release
Source: Peppercoin

Peppercoin Small Payments Processing Suite Available to First Data Channels
Wednesday February 2, 9:03 am ET

Small Transaction Suite Certified for Sale Through Processor's Merchant
Acquiring Partners

WALTHAM, Mass., Feb. 2 /PRNewswire/ -- Peppercoin, a payments company that
enables profitable, new business models for low-priced digital content and
physical goods, today announced its Small Transaction Suite is authorized
for sale by First Data's merchant acquiring partners, to satisfy the small
payment needs of the 3.5 million merchant clients they serve.

Peppercoin offers merchants a hosted small-payment service, based on credit
and debit card usage, which enables merchants to optimize revenue and
profitability. Peppercoin is the only small-payment vendor that addresses
the digital, mobile and physical point-of-sale (POS) markets.

"Our agreement with First Data Merchant Services validates Peppercoin's
ability to deliver a desired and profitable small payment solution to the
financial services market, as well as the growing need for small payment
credit and debit card payments solutions," said Mark Friedman, president of
Peppercoin. "FDMS will enable a small payment business model that enhances
merchant and acquirer revenue with one complete payment application."

Significant Market Opportunity:

Consumers are demonstrating a clear and growing preference to use their
credit and debit cards for all sizes and types of purchases. In a 2004
study, Ipsos-Insight estimated that roughly 37.5 million US consumers would
choose to use their credit and debit cards for transactions below $5.

Each year, more than 354 billion cash transactions occur in the U.S. for
less than $5 at the physical point-of-sale, representing $1.32 trillion in
aggregate revenue. Leading markets include vending ($18 billion), parking
($10 billion), coin-op ($6 billion) and quick-serve-restaurants ($110
billion).

The online and mobile small payment opportunities are substantial as well;
fueled by music, games, video, publishing and services. TowerGroup
estimates the digital micropayments opportunity reached more than $3
billion in 2004. And a September 2004 Ipsos-Insight study revealed that, in
just one year, the number of US consumers who have made small online
purchases grew 250%, from 4 million to 14 million.

About Peppercoin, Inc.

Peppercoin enables profitable new business models for low-priced digital
content and physical goods. Peppercoin's small payment products help
merchants, banks, and other payments companies build market adoption
quickly through a flexible, consumer-friendly approach. Peppercoin
integrates easily with existing business models and systems to accelerate
revenues and increase profits while dramatically lowering transaction and
customer service costs. For more information visit
http://www.peppercoin.com.
All trademarks are the property of their respective owners.

Contact:   Mark McClennan or Scott Love
   Schwartz Communications
   781-684-0770
   [EMAIL PROTECTED]




 Source: Peppercoin

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

MSN Belgium to use eID cards for online checking

[R.A. Hettinga]

The Register


 Biting the hand that feeds IT

The Register » Internet and Law » Digital Rights/Digital Wrongs »

 Original URL: http://www.theregister.co.uk/2005/02/01/msn_belgium_id_cards/

MSN Belgium to use eID cards for online checking
By Jan Libbenga (libbenga at yahoo.com)
Published Tuesday 1st February 2005 14:34 GMT

Microsoft will integrate the Belgian eID Card with MSN Messenger.
Microsoft's Bill Gates and Belgian State Secretary for e-government Peter
Vanvelthoven announced the alliance today in Brussels. "We're working to
ensure that our technologies support e-ID, to help make online transactions
and communications more secure," Gates said. eID stands for Electronic
Identity Card. The card contains an electronic chip and gradually will
replace the existing ID card system in Belgium. By end-2005, over 3 million
eID cards will be distributed in the country.

Microsoft believes that combined with the eID Card MSN Messenger chatrooms
will be much safer. Users would have a trustworthy way of identifying
themselves online. The Belgian Federal Computer Crime Unit (FCCU) could
even refuse young children access to certain chatrooms based on their
electronic identity.

"We're not sure yet when we will be able to deliver this integration," Bill
Gates said. "But developers here in Belgium and the US have proven the
concept and are working already on the actual solution."

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

RE: Dell to Add Security Chip to PCs

[Erwann ABALEA]

On Wed, 2 Feb 2005, Trei, Peter wrote:

> Seeing as it comes out of the TCG, this is almost certainly
> the enabling hardware for Palladium/NGSCB. Its a part of
> your computer which you may not have full control over.

Please stop relaying FUD. You have full control over your PC, even if this
one is equiped with a TCPA chip. See the TCPA chip as a hardware security
module integrated into your PC. An API exists to use it, and one if the
functions of this API is 'take ownership', which has the effect of
erasing it and regenerating new internal keys.

-- 
Erwann ABALEA <[EMAIL PROTECTED]> - RSA PGP Key ID: 0x2D0EABD5

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

RE: Researchers Combat Terrorists by Rooting Out Hidden Messages

[J.A. Terranson]

On Wed, 2 Feb 2005, Alan wrote:

> If you really want to send secret messages, just send it in the chaff in
> spam.  Everyone is programmed to ignore it or filter it out.

Yeah, but it doesn't make for great story copy or funding proposals ;-)

-- 
Yours,

J.A. Terranson
[EMAIL PROTECTED]
0xBD4A95BF

 Civilization is in a tailspin - everything is backwards, everything is
upside down- doctors destroy health, psychiatrists destroy minds, lawyers
destroy justice, the major media destroy information, governments destroy
freedom and religions destroy spirituality - yet it is claimed to be
healthy, just, informed, free and spiritual. We live in a social system
whose community, wealth, love and life is derived from alienation,
poverty, self-hate and medical murder - yet we tell ourselves that it is
biologically and ecologically sustainable.

The Bush plan to screen whole US population for mental illness clearly
indicates that mental illness starts at the top.

Rev Dr Michael Ellner

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Call For Papers : HITB Security Conference Bahrain 2005

[Adam Shostack]

Posting to Dave Aitel's DailyDave list, HD Moore complained that he
had not been reimbursed for 2003.  The organizers responded that
payment is forthcoming.  Richard Thieme suggested that the correct
response is to ensure you put forth no money to speak at this event.



On Tue, Feb 01, 2005 at 06:58:18PM -0800, alpha wrote:
| Hack In The Box Security Conference 2005 : Bahrain
| --
| 
| Greetings,
| 
| We are inviting individuals or groups who are
| interested in computer and network security, challenges and
| practices to send in their papers for inclusion in HITBSecConf2005 Bahrain.
| This deep knowledge network security event will take place from April 10th - 
13th in the city of Manama, Bahrain.
| 
| Topics of interest include, but are not limited to the following:
| 
| · Analysis of network and security vulnerabilities
| · Firewall technologies
| · Intrusion detection / prevention
| · Data Recovery and Incident Response
| · GPRS and CDMA Security
| · Identification and Entity Authentication
| · Network Protocol and Analysis
| · Smart Card Security
| · Virus and Worms
| · WLAN and Bluetooth Security.
| · Analysis of malicious code
| · Applications of cryptographic techniques
| · Analysis of attacks against networks and machines
| · Denial-of-service attacks and countermeasures
| · File system security
| · Security in heterogeneous and large-scale environments
| · Espionage and Counter Intelligence
| · Techniques for developing secure systems
| · Military Security / Technology
| 
| 
| Summaries not exceeding 250 words should be submitted (in plain text format) 
to cfp -at- hackinthebox.org for review and possible inclusion in the program. 
All flights and hotel accomodation will be provided should your paper be 
accepted.
| 
| ## Note: We do not accept product or vendor related pitches. If your talk 
involves an advertisement for a new product or service your company is 
offering, please do not submit.
| 
| 
| For event sponsorship details please contact Jorge Sebastiao 
(jorge[at]esgulf.com)
| 
| 
| For further details regarding what we have planned, please take a look at our 
official conference website:
|  http://conference.hackinthebox.org/hitbsecconf2005/index.php?cat=1
| 
| 
| Thank you,
| 
| alphademon[at]hackinthebox.org
| -
| HackInTheBox Security Conference 2005
| Bahrain
| "Apr 10 - 13 2005"
| -
| 
| -
| The Cryptography Mailing List
| Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: how to tell if decryption was successfull?

[Jerrold Leichter]

| [newbie here]
| 
| I was wondering how can one tell if some data was successfully decrypted.
| Isn't there an assumption going on about what the cleartext data should be?
| Text? Image? ZIP file? Ziped jpeg? Another cyphertext? rot-13?
Without some additional information, there's no way to tell anything!  Take
the limit case:  I generate a Megabyte of random bits, encrypt them, and
send them to you.  You decrypt what you receive and see - a million random 
bits.  Are they the *right* random bits?  How could you possibly know?  Any 
key at all gives you - a million random bits.

The only way to know you decrypted correctly is to have some way to recognize 
a correct decryption.  Any bunch of *random* bits looks like any other - 
there's no possible way to tell.  What you need is a *non*-random set of bits.
If I sent you English text and what arrived looked like English text, you
can recognize that - exactly because English text is non-random at many
different levels.  The 8-bit bytes, if it's standard ASCII, all have the top
bit set to 0.  For 100 random bytes, the chance that all the top bits are 0 is 
1 in 2^100 - already a pretty good test!  Beyond that, most of the characters
are going to be lower-case letters.  Certain control characters won't appear 
at all.  There will be statistical properties - e much more common than j.
And, of course, the letters will form words, which fit together into 
meaningful sentences, etc.

The way this is usually described is that English text has tons of redundant
information.  If you see a q, you can pretty much guess that u follows.  If
you see th, you can be very certain that a vowel, a space, or a punctuation
mark follows.  Etc.

The same kind of redundancy - predictability - appears in other file formats.
If you expect rot-13, rot-13 it and check for English.  If it's a ZIP'ed
file, check for the ZIP header and directory.  Etc.

In practice, if this is of concern, you *add* redundancy.  For example, you do
a checksum and append it to the message before encrypting.  Decent 
cryptosystems - anything worth consideration today - will, with the wrong key, 
produce something effectively indistiguishable from random bits.  So you can
model what you can expect from, say, a 64-bit checksum as:  What's the chance
that it will match just by pure chance?  Answer:  1 in 2^64.

Note that I'm specifically dealing only with how you know you decrypted with 
the right key.  Looking for inherent redundancy, and even a typical checksum, 
does *not* provide a solid indication of authenticity:  There are deliberate 
attacks that can, for example, change a message "under" the encryption but
leave the checksum intact.  There are more sophisticated techniques that
protect against such things as well.  In practice, "solid" systems use those -
and as a side-effect, end up detecting things like using the wrong key "for 
free".
-- Jerry


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: how to tell if decryption was successfull?

[Matt Crawford]

On Feb 1, 2005, at 13:29, Andreas wrote:
I was wondering how can one tell if some data was successfully 
decrypted. Isn't there an assumption going on about what the cleartext 
data should be? Text? Image? ZIP file? Ziped jpeg? Another cyphertext? 
rot-13?
Embedded checksums or hash codes added before encryption.  The types of 
those checks must not interact badly with the encryption.

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

RE: Dell to Add Security Chip to PCs

[Trei, Peter]

Seeing as it comes out of the TCG, this is almost certainly
the enabling hardware for Palladium/NGSCB. Its a part of
your computer which you may not have full control over.

Peter Trei


Tyler Durden
> ANyone familiar with computer architectures and chips able to 
> answer this 
> question:
> 
> That "chip"...is it likely to be an ASIC or is there already 
> such a thing as 
> a security network processor? (ie, a cheaper network 
> processor that only 
> handles security apps, etc...)

> 
> -TD
> 
> >From: "R.A. Hettinga" <[EMAIL PROTECTED]>
> >HOUSTON -- Dell Inc. today is expected to add its support to 
> an industry
> >effort to beef up desktop and notebook PC security by installing a
> >dedicated chip that adds security and privacy-specific 
> features, according
> >to people familiar with its plans.
> >
> >Dell will disclose plans to add the security features known 
> as the Trusted
> >Computing Module on all its personal computers. Its support 
> comes in the
> >wake of similar endorsements by PC industry giants Advanced 
> Micro Devices
> >Inc., Hewlett-Packard Co., Intel Corp. and International 
> Business Machines
> >Corp. The technology has been promoted by an industry 
> organization called
> >the Trusted Computing Group.
> 
> 

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: how to tell if decryption was successfull?

[Steven M. Bellovin]

In message <[EMAIL PROTECTED]>, Andreas writes:
>[newbie here]
>
>I was wondering how can one tell if some data was successfully 
>decrypted. Isn't there an assumption going on about what the cleartext 
>data should be? Text? Image? ZIP file? Ziped jpeg? Another cyphertext? 
>rot-13?

There are a lot of ways to tell, but you generally have to have some 
idea what you're looking for.  For two examples of how to do it, see
http://www1.cs.columbia.edu/~smb/papers/probtxt.ps (or .pdf) and
http://www1.cs.columbia.edu/~smb/papers/recog.ps (or .pdf)

--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Is 3DES Broken?

[james hughes]

On Jan 31, 2005, at 10:38 PM, Steven M. Bellovin wrote:
When using CBC mode, one should not encrypt more than 2^32 64-bit
blocks under a given key.  That comes to ~275G bits, which means that
on a GigE link running flat out you need to rekey at least every 5
minutes, which is often impractical.  Since I've seen Gigabit Ethernet
cards for 
For reference purposes, with AES you'd be safe for 2^64*128 bits.
That's a Big Number of seconds.
		--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
I would also like to reinforce Prof. Bellovin's comment that the 3DES 
block size is too small.

In bulk storage system encryption, 3DES will require rekey every 
~~65GBytes. Most PC's have more than this.

With AES the number is ~250 Exabytes (which is 250 billion gigabytes).
Thanks!
jim
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

RE: Researchers Combat Terrorists by Rooting Out Hidden Messages

[Alan]

On Tue, 2005-02-01 at 23:21 -0800, Steve Schear wrote:
> At 02:07 PM 2/1/2005, Tyler Durden wrote:
> 
> >Counter-stego detection.
> >
> >Seems to me a main tool will be a 2-D Fourier analysis...Stego will 
> >certainly have a certain "thumbprint", depending on the algorithm. Are 
> >there certain images that can hide stego more effectively? IN other words, 
> >these images should have a lot of spectral energy in the same frequency 
> >bands where Stego would normally show.
> 
> Images that ideal for hiding secret messages using stego are those that by 
> default contain stego with no particular hidden content.  A sort of Crowds 
> approach to stego.

If you really want to send secret messages, just send it in the chaff in
spam.  Everyone is programmed to ignore it or filter it out.

-- 
"When a student reads in a math book that there are no absolutes,
suddenly every value he's been taught is destroyed. And the next thing
you know, the student turns to crime and drugs." - Mel Gabler - Censor


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Call For Papers : HITB Security Conference Bahrain 2005

[alpha]

Hack In The Box Security Conference 2005 : Bahrain
--

Greetings,

We are inviting individuals or groups who are
interested in computer and network security, challenges and
practices to send in their papers for inclusion in HITBSecConf2005 Bahrain.
This deep knowledge network security event will take place from April 10th - 
13th in the city of Manama, Bahrain.

Topics of interest include, but are not limited to the following:

 Analysis of network and security vulnerabilities
 Firewall technologies
 Intrusion detection / prevention
 Data Recovery and Incident Response
 GPRS and CDMA Security
 Identification and Entity Authentication
 Network Protocol and Analysis
 Smart Card Security
 Virus and Worms
 WLAN and Bluetooth Security.
 Analysis of malicious code
 Applications of cryptographic techniques
 Analysis of attacks against networks and machines
 Denial-of-service attacks and countermeasures
 File system security
 Security in heterogeneous and large-scale environments
 Espionage and Counter Intelligence
 Techniques for developing secure systems
 Military Security / Technology


Summaries not exceeding 250 words should be submitted (in plain text format) to 
cfp -at- hackinthebox.org for review and possible inclusion in the program. All 
flights and hotel accomodation will be provided should your paper be accepted.

## Note: We do not accept product or vendor related pitches. If your talk 
involves an advertisement for a new product or service your company is 
offering, please do not submit.


For event sponsorship details please contact Jorge Sebastiao 
(jorge[at]esgulf.com)


For further details regarding what we have planned, please take a look at our 
official conference website:
 http://conference.hackinthebox.org/hitbsecconf2005/index.php?cat=1


Thank you,

alphademon[at]hackinthebox.org
-
HackInTheBox Security Conference 2005
Bahrain
"Apr 10 - 13 2005"
-

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Is 3DES Broken?

[Daniel Carosone]

On Mon, Jan 31, 2005 at 10:38:53PM -0500, Steven M. Bellovin wrote:
> When using CBC mode, one should not encrypt more than 2^32 64-bit 
> blocks under a given key.  That comes to ~275G bits, which means that 
> on a GigE link running flat out you need to rekey at least every 5 
> minutes, which is often impractical. 

Notably for those encrypting data at rest, it's also rather smaller
than current hard disk sizes, which are much harder to re-key.

(Even for those only encrypting data in flight, it has practical
implications regarding the feasibility of capturing that data for later
analysis)

--
Dan.


pgpeucg0rdznT.pgp
Description: PGP signature

Dell to Add Security Chip to PCs

[R.A. Hettinga]

The Wall Street Journal

  February 1, 2005 11:04 a.m. EST

Dell to Add Security Chip to PCs

By GARY MCWILLIAMS
Staff Reporter of THE WALL STREET JOURNAL
February 1, 2005 11:04 a.m.


HOUSTON -- Dell Inc. today is expected to add its support to an industry
effort to beef up desktop and notebook PC security by installing a
dedicated chip that adds security and privacy-specific features, according
to people familiar with its plans.

Dell will disclose plans to add the security features known as the Trusted
Computing Module on all its personal computers. Its support comes in the
wake of similar endorsements by PC industry giants Advanced Micro Devices
Inc., Hewlett-Packard Co., Intel Corp. and International Business Machines
Corp. The technology has been promoted by an industry organization called
the Trusted Computing Group.

The company is also expected to unveil new network PCs.


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Researchers Combat Terrorists by Rooting Out Hidden Messages

[R.A. Hettinga]

Newswise

Source: University of Delaware 
  
Released: Tue 01-Feb-2005, 13:10 ET 

Researchers Combat Terrorists by Rooting Out Hidden Messages

Libraries
Science News
 
Keywords
STEGANOGRAPHY, STEGANALYSIS, HIDDEN MESSAGES, DIGITAL IMAGES, CRYPTOGRAPHY,
TERRORISM

 Contact Information
Available for logged-in reporters only

Description
Researchers at the University of Delaware are working to combat terrorism
by developing techniques to detect the use of steganography, which
encompasses various methods of hiding messages in apparently ordinary
digital images and videos.



 Newswise - A University of Delaware research team has received National
Science Foundation funding to combat terrorism by developing techniques to
detect the use of steganography, which encompasses various methods of
hiding messages in apparently ordinary digital images and videos.

It is feared electronic steganography can be used by terrorist
organizations to pass along orders or other vital information
surreptitiously through images posted on the Internet or sent via e-mail.

The grant for more than $167,000 was awarded to Charles Boncelet, UD
professor of electrical and computer engineering, to conduct research in
the relatively new field of steganalysis. Boncelet will work on the project
with Lisa Marvel, a UD graduate now employed by the U.S. Army Research
Laboratory, and with several graduate students.

 Boncelet said steganography is Greek for covered writing, and is a means
by which a person can hide the very fact that they are communicating. In
that, it differs from the better-known practice of cryptography, Greek for
secret writing, in which a message is purposely garbled and can be
understood only by those who have the key to decipher it.

 The two forms of communication are not mutually exclusive, Boncelet said,
and can be combined. A person can encrypt a message and then hide the fact
that they are sending it.

Boncelet previously worked in steganography for the U.S. Army and through
this project will begin working in steganalysis, or the development of
methods by which to seek out steganography.

"The work we are doing is in multimedia, with a focus on digital images,"
Boncelet said. "You can take an image on your web site and use
steganographic techniques to hide a message in the image. The image looks
completely ordinary but if you know the key, you can extract the secret
message."

"The object of the research," Boncelet said, "is to try to figure out how
to find steganography in the images."

The problem is that steganalysis is very difficult because the messages are
hidden by design. However, Boncelet said, "when you hide a message in a
digital image, you change the image a little bit. If you change the image
too much, it gives it away."

The way to determine any changes to an image, given that the steganalyst
does not have the benefit of the original for purposes of comparison, is to
use algorithms and very fast computers to look for unusual features in the
image.

Boncelet said he believes the research will lead to a novel class of
electronic steganography searchers based on image representations that
depend on a quality factor, with the long-term goal being automated
scanners that can rapidly find likely candidates amongst large numbers of
images and videos.

 "Assuming the technique we develop is successful, we hope to branch out to
video and audio," Boncelet said, "but right now the focus is on digital
images."

In addition to the research, the project will provide training in
steganalysis and intelligence techniques to the students involved.

Boncelet said steganography "is a very big fear for governments," adding
that the security agencies that deal with the technique "worry about
terrorists passing messages, or traitors leaking out information from
secure sites."

After the terrorist attacks of Sept. 11, 2001, there was widespread
speculation in the public press that terrorists had used steganography on
the Internet to communicate plans. Although those reports were never
confirmed, the possibility remains a grave concern.

One of the earliest examples of steganography comes from ancient history,
Boncelet said, explaining that a Greek city was surrounded by enemy
soldiers and the leader wanted to get a message to his allies to send
troops. He selected a slave and shaved his head, tattooing the plea for
help on his scalp, then allowed the slave's hair to grow back over the
message. The slave was sent out of the city walls, was captured and
released by the enemy troops, and arrived safely with the message.

In World War II, Boncelet said, American soldiers used steganography to
provide information on their whereabouts to relatives back home by putting
a pinprick on a map. Army censors were forced to pepper letters with
hundreds of pinpricks to offset the practice. German spies used
steganography in microdots, tiny images of typed pages that could be pasted
over p

FSTC Announces Availability of FSTC Counter-Phishing Project Whitepaper and Supporting Documents

[R.A. Hettinga]

--- begin forwarded text


Date: Tue, 01 Feb 2005 14:38:24 -0500
From: Zachary Tumin <[EMAIL PROTECTED]>
Subject: FSTC Announces Availability of FSTC Counter-Phishing Project
 Whitepaper and Supporting Documents
To: 'Members' 
Reply-To: [EMAIL PROTECTED]
Thread-Index: AcUIlZgU2CHR/ELITdGfx45tInzmrg==

To: All FSTC Members and Friends
From:   Zach Tumin, Executive Director

I am pleased to announce the availability of FSTC's "Understanding and
Countering the Phishing Threat," the summary whitepaper of findings and
recommendations of the FSTC Counter-Phishing Project. The whitepaper
contains valuable data, published here for the first time, including FSTC's
"Phishing Attack Life Cycle" and FSTC's "Taxonomy of Phishing Attacks." This
and all other project deliverables are located at

http://fstc.org/projects/counter-phishing-phase-1/

In addition to the whitepaper, the following deliverables are being made
available on the site, as follows:

TO ALL: "Results Summary: FSTC Counter-Phishing Solutions Survey": An
overview of the 60+ solutions currently offered on the marketplace, broken
down by where they map against the FSTC "Phishing Attack Life Cycle"

TO ALL: "Vocabulary of Phishing Terms": A glossary of terms used throughout
the project. The project team used these to "speak the same language" when
talking about the problem and potential solutions, whether internally, or
with vendors, or with customers

TO FSTC MEMBERS ONLY: "Results Summarized By Solution": identifies solutions
by company and product name as they map against the different phases of the
FSTC "Phishing Attack Life Cycle"

TO FSTC MEMBERS ONLY: "Directory of Survey Respondents": contact information
for each company/solution provider that responded to the survey

FOR PURCHASE: "Cost/Impact Spreadsheet Tool": a tool that provides a means
to estimate the direct and indirect costs/impacts of phishing to a financial
institution

FSTC extends its gratitude to its member organizations for their efforts and
contributions in completing this important industry research, and to the
project's talented management team for helping our members realize their
goals.




To subscribe or unsubscribe from this elist use the subscription
manager: 

--- end forwarded text


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

how to tell if decryption was successfull?

[Andreas]

[newbie here]
I was wondering how can one tell if some data was successfully 
decrypted. Isn't there an assumption going on about what the cleartext 
data should be? Text? Image? ZIP file? Ziped jpeg? Another cyphertext? 
rot-13?

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

World-Renowned Cryptographer Arjen Lenstra Joins Bell Labs

[R.A. Hettinga]

mysan.de/international -


World-Renowned Cryptographer Arjen Lenstra Joins Bell Labs


 Adds Valuable Talent to Lucent Technologies' Network Security Research

 MURRAY HILL, N.J., Feb. 1 /PRNewswire-FirstCall/ -- Lucent Technologies
(NYSE:LU) today announced that Arjen Lenstra, a world-renowned expert in
evaluating, designing and developing the cryptographic algorithms and
protocols that protect sensitive information as it is communicated
electronically, has joined Bell Labs' Computing Sciences Research
Center.
Prior to joining Bell Labs, Lenstra was vice president of Information
Security Services at Citigroup. Lenstra specializes in the security of
systems that are widely used in e-commerce applications, such as key size
selection, an important factor in how electronic transactions are secured,
and the evaluation of cryptosystems such as RSA and ElGamal, encryption
systems used in e-commerce protocols.
"Arjen is a significant addition to an already world-class group of
researchers at Bell Labs who are developing the algorithms, architectures
and systems necessary to ensure the security and reliability of
networks," said Jeff Jaffe, president, Bell Labs Research and Advanced
Technologies. "His expertise will have a profound impact not just on
Lucent's business, but on the business of our customers as well.
We're thrilled to have him on board."
Lenstra focuses on how academic cryptologic research and computational
number theory impact practical security applications and practices. This is
important because the vast majority of the crypto work happening today in
research labs and universities around the world, while important and
useful, is often too costly for practical implementation. Lenstra believes
that bridging the gap between what's theoretically possible and
what's practical is a major research challenge; it is the area he will
concentrate on at Bell Labs.
"I joined Bell Labs because I wanted to go back to designing
algorithms and tackling hard problems in computational number theory in a
way that will make a difference to people outside of academia," said
Lenstra. "What I found compelling about the Labs was that everyone I
spoke with here knew exactly how the research they were doing helped the
company or its customers in some meaningful way."
"Arjen's network security expertise will further enhance Bell
Labs' capability in this critical area and will enable Lucent to
continue improving the security of the solutions we offer to our
customers," said Linda Bramblett, director of Lucent Worldwide
Services' Security Practice. "We are pleased that Arjen
recognized the company's commitment to stay at the forefront of
developing the next generation of security solutions and services, and that
he will be part of the Bell Labs team helping us do just that."
One recent example of Lenstra's expertise came after a recent
cryptography conference where it was shown that some widely used hash
functions -- cryptographic "fingerprints" used in network
protocols in such industries as banking to create secure digital signatures
-- are weaker than expected, leaving online transactions potentially
vulnerable to attack. Lenstra assessed these theories and demonstrated that
their real-life impact was minimal. This kind of analysis helps
Lucent's customers avoid needless spending by evaluating the actual
risk of developments advertised as "cryptographic disasters" to
assess whether they have any significant real- life impact.
Lenstra's formal training is in computational number theory, a field
concerned with finding and implementing efficient computer algorithms for
solving various problems rooted in number theory. Lenstra was a key
contributor to the team that successfully factored RSA-155, a 512-bit
number, which at the time was the default key size used to secure
e-commerce transactions on the Internet. This was a significant
accomplishment because the RSA public-key cryptosystem relies on the
inability to factor such a number, and Lenstra's team was able to do
so in less than seven months, suggesting this approach was not as secure as
had been believed.
Lenstra invented a number of widely used algorithms, cryptographic systems
and software packages including FreeLIP, software used for efficient
development and implementation of cryptographic protocols. In addition,
Lenstra co-authored the influential paper "Selecting Cryptographic Key
Sizes," which offered guidelines for determining key sizes for
cryptosystems based on a set of explicitly formulated hypotheses and data
points about the cryptosystems.
Lenstra has a bachelor's degree in mathematics and physics, a
master's degree in mathematics, and a doctorate in mathematics and
computer science from the University of Amsterdam. He has spent his career
working, teaching or consulting at a number of well-known institutions
including Bell Communications Research, Digital Equipment Corporation, IBM,
Technical Universit

Re: Simson Garfinkel analyses Skype - Open Society Institute

[Ian G]

Ian Brown wrote:
I'd guess that many of the developing-world human rights groups funded 
by OSI would have legitimate reason to worry about wiretapping 
conducted by well-resourced opponents in their governments. They might 
also discuss information on a secure communication facility that they 
would avoid on a PSTN phone. So it's important they know where Skype 
lies on the spectrum between the two.

That's correct.  www.cryptorights.org is a group that
specialises in dealing with that market.  Curiously,
they have found evidence of MITMs from those
attackers, although I only have anecdotal accounts,
so nothing firm to report.
If one is actually going up against governments
("ours" or "theirs") then one needs to take more
care.  Downloading just any crypto tool from the
net and using it without thought is a death warrant
with some of these use cases.  (That's not an
exaggeration, or so I've been told.)
Note however, that these users know to take more
care; in that OSI funded the report (presumably)
for that very use case.  The report may very well
accurately be read as "not suitable if your life
depends on it."
But, that has only limited bearing on those users
without a clearly identified life-threatening enemy.
What Skype aught to do - and clearly don't - is
list the limitations of the product clearly on their
website.  The main concern that people have is
that because they say it is secure, nobody trusts
them.  If they said it was insecure in X,Y,Z ways,
then people would trust them more (after verifying
that X,Y,Z was true).
But getting to a world where people will list the
security weaknesses honestly is a challenge that
we all face, on both sides of the crypto debate.
iang
--
News and views on what matters in finance+crypto:
   http://financialcryptography.com/
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]