Turning the crank on partitions

2005-03-28 Thread Paul Lambert
 
 
The recent breakthrough on the 'crank' is claimed to have implications
on cryptography:

http://www.math.wisc.edu/~ono/mahlburg.html
 
Though the math itself quickly becomes a thorny tangle to the lay
person, 
the broad outlines of Mahlburg's work can be understood and appreciated

as well as a few of its implications, though it is early to discern
many. Such work, 
Ono said, can have important applications in number-related fields such
as cryptology.
 
Can someone on this list help describe the possible implications?
 
Paul
 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Secure Science issues preview of their upcoming block cipher

2005-03-28 Thread Lance James
David Wagner wrote:
Seecure Science Corporation writes:
Secure Science is offering a preview of one of the 3 ciphers they will 
be publishing througout the year. [...] This cipher is [...]
provably just as secure as AES-128.

Adam Shostack writes:
Really?  How does one go about proving the security of a block cipher?

Lance James @ Secure Science Corporation writes:
We will be proposing 2 hashes as well.

Well, that is completely non-responsive to the point Adam made.
You used the term provably.  Where is your proof?
Did you understand the point Adam is making?  In this field, the term
provably means that there you have a mathematical proof.  Do you have
such a proof?  I'm awfully skeptical
Will you retract the claim that SS2 is provably just as secure as AES-128?
David,
There is a miswording here, we were trying to show that both AES and 
CS2-128 are resistant to the same class of attacks. We definitely did 
not try to state that they are equivalent.

I recommend reading http://eprint.iacr.org/2004/085.pdf to see for yourself.
-Lance
As for your future hashes, will you be making similar claims?
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


--
Best Regards,
Lance James
Secure Science Corporation
[Have Phishers stolen your customers' logins? Find out with DIA]
https://slam.securescience.com/signup.cgi - it's free!
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NSA warned Bush it needed to monitor networks

2005-03-28 Thread dan

John Kelsey writes:
 | I think a bigger issue here is a sort of rational (to the bureaucrat) risk a
  | versity: if he declassifies something and it turns out he's leaked somethin
  | g valuable (in the eyes of his boss), he's in trouble.  As long as there's 
  | no cost to stamping secret or FOUO on every document his office produce
  | s, this is safer for him than any other course of action.   Along with this
  | , going through a document to make sure there's nothing secret in there is 
  | a lot more work than just classifying it.  The same logic works in the priv
  | ate world--how much of the stuff you've seen under NDA was genuinely going 
  | to cause a problem to the company that produced it, if someone just posted 
  | it to their website?


Exactly correct.  It is the same reason that
no corporate general counsel will allow data
on successful intrusions to be shared; the 
downside risk is well understood and the upside
benefit is vague, delayed, and does not accrue
to the releasing party.  

Cf. mandatory reporting of communicable diseases
where, presumably, few patients or private docs
would ever voluntarily report that there's a
case of Plague in the house were it not for
compelled disclosure.[1]


--dan


[1]
sample state list, to which you can add gunshot wounds
==
Acquired Immunodeficiency Syndrome (AIDS)
Amebiasis
Anthrax
Botulism
Brucellosis
Campylobacteriosis
Cancer
Chancroid
Chickenpox
Chlamydial Infections
Cholera
Coccidioidomycosis
Colorado Tick Fever
Diphtheria
Echinococcosis
Encephalitis (post-infectious, arthropod-borne, and unspecified)
Food-borne Illness, including food poisoning
Giardiasis
Gonococcal Ophthalmia Neonatorum
Gonorrhea
Granuloma Inguinale
Hemophilus Influenza, Invasive Disease (all serotypes)
Hepatitis A
Hepatitis B, cases and carriers
Hepatitis, other Viral: Type C
Influenza
Legionellosis
Leprosy
Leptospirosis
Lymphogranuloma Venereum
Malaria
Meningitis, Aseptic and Bacterial
Meningococcemia
Mumps
Pelvic Inflammatory Disease
Pertussis
Plague
Poliomyelitis
Q-fever
Rabies (Human and Animal)
Relapsing Fever (tick-borne and louse borne)
Rheumatic Fever
Rocky Mountain Spotted Fever
Rubella
Rubella, Congenital Syndrome
Rubeola
Salmonellosis
Shigellosis
Staphylococcal Diseases
Syphilis
Tetanus
Toxic Shock Syndrome
Trichinosis
Tuberculosis
Tularemia
Typhoid
Typhus
Yellow Fever




-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Secure Science issues preview of their upcoming block cipher

2005-03-28 Thread Dan Kaminsky

Have you looked at their scheme?
  http://www.securescience.net/ciphers/csc2/
The way to come up with a cipher provably as secure as AES-128 is to use
AES-128 as part of your cipher -- but their scheme does not do anything
like that.

I am very skeptical about claims that they have a mathematical proof that
CS2-128 is as secure as AES-128.  I want to see the proof.
  

Backstory:

Secure Science is basically publishing a cipher suite implemented by
Tom St. Denis, author of Libtomcrypt.  Though not the most ...
diplomatic of characters haunting sci.crypt, the guy's quite bright, is
an absurdly prolific author (has quite literally written several hundred
page books documenting use of Libtomcrypt and mechanisms for
multiprecision math), and can be expected to generate cool things in the
years to come.

As for the manner of this cipher's publication...Tom actually did
release the paper some time ago.  See eprint @
http://eprint.iacr.org/2004/085 .  Lance has Tom on staff, and...well,
sort of blew the announce.  He understands rather well the error of his
ways, and is in all sorts of damage control.

So, quick summary -- yes, that's a very cranky way to announce a
cipher, no, it's not a crank cipher.

--Dan


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: and constrained subordinate CA costs?

2005-03-28 Thread Matt Crawford
On Mar 25, 2005, at 11:55, Florian Weimer wrote:
Does anyone have info on the cost of sub-ordinate CA cert with a name
space constraint (limited to issue certs on domains which are
sub-domains of a your choice... ie only valid to issue certs on
sub-domains of foo.com).
Is there a technical option to enforce such a policy on subordinated
CAs?
There's an X.509v3 NameConstraints extension (which the higher CA would 
include in the lower CA's cert) but I have the impression that ends 
system software does not widely support it.  And of course if you don't 
flag it critical, it's not very effective.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: and constrained subordinate CA costs?

2005-03-28 Thread Adam Back
On Fri, Mar 25, 2005 at 04:02:36PM -0600, Matt Crawford wrote:
 There's an X.509v3 NameConstraints extension (which the higher CA would 
 include in the lower CA's cert) but I have the impression that ends 
 system software does not widely support it.  And of course if you don't 
 flag it critical, it's not very effective.

Well I would say downright dangerous -- if its not flagged critical
and not understood, right?

Implication would be an intended constrained subordinate CA would be
able to function as an unconstrained subordinate CA in the eyes of
many clients -- free ability to forge any domain in the global SSL
PKI.

Adam

On Fri, Mar 25, 2005 at 04:02:36PM -0600, Matt Crawford wrote:
 
 On Mar 25, 2005, at 11:55, Florian Weimer wrote:
 
 Does anyone have info on the cost of sub-ordinate CA cert with a name
 space constraint (limited to issue certs on domains which are
 sub-domains of a your choice... ie only valid to issue certs on
 sub-domains of foo.com).
 
 Is there a technical option to enforce such a policy on subordinated
 CAs?
 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: and constrained subordinate CA costs?

2005-03-28 Thread Matt Crawford
On Mar 25, 2005, at 16:06, Adam Back wrote:
There's an X.509v3 NameConstraints extension (which the higher CA 
would
include in the lower CA's cert) but I have the impression that ends
system software does not widely support it.  And of course if you 
don't
flag it critical, it's not very effective.
Well I would say downright dangerous -- if its not flagged critical
and not understood, right?
Implication would be an intended constrained subordinate CA would be
able to function as an unconstrained subordinate CA in the eyes of
many clients -- free ability to forge any domain in the global SSL
PKI.
Exactly.  (Just like the root CAs in the browser's shipped list.  :-)
And if it's marked critical, the certificate is no damn use to almost 
anyone.  Chicken, meet egg.  Egg, chicken.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


TSA Finds Data On Air Passengers Lacked Protection

2005-03-28 Thread R.A. Hettinga
http://online.wsj.com/article_print/0,,SB72077661889592,00.html

The Wall Street Journal


 March 25, 2005

 U.S. BUSINESS NEWS


TSA Finds Data
 On Air Passengers
 Lacked Protection

By AMY SCHATZ
Staff Reporter of THE WALL STREET JOURNAL
March 25, 2005; Page A4


A new government report says officials in the Department of Homeland
Security didn't do enough to keep airline-passenger data secure when using
it to test a traveler-screening program.

In a report to be released today, the Department of Homeland Security's
inspector general says the Transportation Security Administration gathered
12 million passenger records from February 2002 to June 2003 and used most
of them to test the Computer Assisted Passenger Prescreening System, or
CAPPS 2, which was designed to check passenger names against government
watch lists. Passengers weren't told their information was being used for
testing.

Although we have found no evidence of harm to individual privacy, TSA
could have taken more steps to protect privacy, investigators concluded.

TSA officials shelved CAPPS 2 last year amid complaints it was an invasion
of passenger privacy. The agency has replaced it with a similar system,
called Secure Flight, which is being tested and is expected to debut in
August.

The report raises concerns because Secure Flight ultimately will gather
private information, such as names, addresses, travel itineraries and
credit-card information, on anyone who takes a domestic flight. That effort
could be slowed by a Government Accountability Office study due Monday
which is expected to be critical of TSA's efforts to develop
passenger-privacy protections.

The report said TSA did not ensure that privacy protections were in place
for all of the passenger data transfers and noted that early TSA and
[CAPPS 2] efforts were pursued in an environment of controlled chaos and
crisis mode after the Sept. 11 attacks.

Investigators also found TSA provided inaccurate information to the media
about the agency's use of real passenger records for CAPPS 2 testing and
wasn't fully forthcoming to the agency's own internal privacy officer
during an investigation into the matter. Although we found no evidence of
deliberate deception, the evidence of faulty processes is substantial,
investigators said.

TSA agreed with the investigator's recommendations for improving privacy
protections. A TSA spokeswoman said: TSA's core mission is to preserve our
freedom and that means doing the utmost to protect everyone's privacy.


-- 
-
R. A. Hettinga mailto: [EMAIL PROTECTED]
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]