Re: how email encryption should work (and how to get it used...)
I think this is a good summary of how it should work, except, that I don't think messages should be signed by default, only authenticated (MAC). Users should be clearly aware of making a non-repudable statement. Plus, it may be preferable to use something like matasignatures.org to ensure authenticated e-mail does not alarm recipient with non-compliant e-mail clients. A missing element is motivation for getting something like this deployed... I think spam could offer such motivation; and, I strongly believe that a cryptographic protocol to penalize spammers could be one of the most important tools against spam. I've presented such a simple crypto protocol (SICS) in SCN'04 [available off my site], and now work on open-source implementation (with student Jonathan Levi) of an improved version (SICSv2...), to be published soon. [I can send draft to experts willing to provide feedback...] Best, Amir Herzberg James A. Donald wrote: -- In my blog http://blog.jim.com/ I post how email encryption should work I would appreciate some analysis of this proposal, which I think summarizes a great deal of discussion that I have read. * The user should automagically get his certified key when he sets up the email account, without having to do anything extra. We should allow him the option of doing extra stuff, but the default should be do nothing, and the option to do something should be labelled with something intimidating like Advanced custom cryptographic key management so that 99% of users never touch it. * In the default case, the mail client, if there are no keys present, logs in to a keyserver using a protocol analogous to SPEKE, using by default the same password as is used to download mail. That server then sends the key for that password and email address, and emails a certificate asserting that holder of that key can be reached at that email address. Each email address, not each user, has a unique key, which changes only when and if the user changes the password or email address. Unless the user wants to deal with advanced custom options, his from address must be the address that the client downloads mail from as it normally is. * The email client learns correspondent's public keys by receiving signed email. It assigns petnames on a per-key basis. A petname is also shorthand for entering a destination address (Well it is shorthand if the user modified it. The default petname is the actual address optionally followed by a count.) * The email client presents two checkboxes, sign and encrypt, both of which default to whatever was last used for this email address. If several addresses are used, it defaults to the strongest that was used for any one of them. If the destination address has never been used before, then encrypt is checked if the keys are known, greyed out if they are unknown. Sign is checked by default. * The signature is in the mail headers, not the body, and signs the body, the time sent, the sender's address, and the intended recipient's address. If the email is encrypted, the signature can only be checked by someone who possesses the decryption key. * If the user is completely oblivious to encryption and completely ignores those aspects of the program, and those he communicates with do likewise, he sends his public key all over the place in the headers, signs everything he sends, and encrypts any messages that are a reply to someone using similar software, and neither he nor those he corresponds with notice anything different or have to do anything extra other than that when he gets unsigned messages, or messages with an key different from the previously used key, a warning comes up an unobtrusive and easily ignored warning if he has never received a signed message from that source, a considerably stronger warning if he has previously received signed mail from that source. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG gOiN3HXQALAQHbKEOYdu/aZClRbPTEfjzyLpGAMx 4dJddm3vIwGuBnfc933djUV6zT4DWvM26KobmzFyC - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] . - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Secure Science issues preview of their upcoming block cipher
On Tue, 29 Mar 2005 16:06:05 +0100, Ian G [EMAIL PROTECTED] wrote: I'd be interested to hear why he wants to improve on AES. The issue with doing that is that any marginal improvements he makes will have trouble overcoming the costs involved with others analysing his work. Several things 1. Highlighted [we're talking Feb'04 here] the work I was doing on FPHTs. They're much more efficient than an MDS and because of my work they have known branches. 2. I also looked into the CS-cipher way of doing things. I was able to prove what Vaudenay could only count [he never proved the trail-weight of CS-Cipher] and from that I was able to also prove the 16-point case [e.g. CS^2]. 3. CS^2 is totally meant for a pipeline. It reuses the round transform for the key schedule. So what is CS^2? It's basically 8 rounds of a 4 layer FPHT with sboxes mixed in the 2-point transforms. 8*4 == 32 step pipeline. The keyschedule essentially is just computed as processing the key one layer ahead of the plaintext. Load the key in one cycle and the block in the next. Add some FSM to determine where the key material comes from for a given stage [e.g. the fixed sigma function or the key round that is one round ahead]. Why is this cool? First off, you can get a 2 cycle encrypt. But that's meaningless because cycle could mean several hundred nanoseconds... But what is a layer? a 2-point FPHT [e.g. xors of depth three] and two parallel sbox applications. The sboxes are efficiently computable as well with a xor depth of four [or so]. So effectively a layer has a XOR gate depth of about 8-9 at most. Second, you can process SIXTEEN different keys at once. So key agility is essentially a moot point. Third, there is no dedicated key scheduler like in AES. You do need some FSM to select where the round key comes from but that's about it. Fourth, It resists integration attacks a whole heap better than AES. Fifth, it's trivial to prove that classic LC and DC are inapplicable. Sixth, the sbox was not designed to be too algebraic. The 4x4 is just a random 4x4 with max LC/DC resistance for a bijection. The resulting 8x8 has a decently low LC/DC profile, no fixed points and no points of involution. Seventh, I wrote it. Therefore it's cool. Tom - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: how email encryption should work (and how to get it used...)
-- On 30 Mar 2005 at 13:00, Amir Herzberg wrote: A missing element is motivation for getting something like this deployed... I think spam could offer such motivation; Phishing is costing billions, and is a major obstacle to electronic commerce. In my judgment, fixing phishing and facilitating electronic commerce is a good fit to the capabilities provided by cryptography. (Of course a large part of spam is phishing and viruses) a cryptographic protocol to penalize spammers could be one of the most important tools against spam. I've presented such a simple crypto protocol (SICS) in SCN'04 [available off my site], And your site is? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG To5/mH1p3iCBlpaC6McgYo2aehoFMV42OcrSW6Ze 4AmE3tC68Tiyw+VQHexWjeQmXnrDHI+41ty416j11 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
USATODAY.com - EU needs more time for biometric passports
So much for the US government's big rush to get them done this year, to the extent that they haven't thought out the implications of the RFID chip (although they realize they should call it anything but RFID, because the acronym RFID is a magnet for animosity). http://www.usatoday.com/travel/news/2005-03-30-eu-passports_x.htm?POE=TRVISVA http://usatoday.printthis.clickability.com/pt/cpt?action=cpttitle=USATODAY.com+-+EU+needs+more+time+for+biometric+passportsexpire=urlID=13726909fb=Yurl=http%3A%2F%2Fwww.usatoday.com%2Ftravel%2Fnews%2F2005-03-30-eu-passports_x.htm%3FPOE%3DTRVISVApartnerID=1664showBibliography=Y EU needs more time for biometric passports BRUSSELS, Belgium (AP) The European Union on Wednesday told the U.S. Congress the bloc needed another year to implement new U.S. rules on secure biometric passports, which include a computer chip with data such as a digital photo of the passport holder. EU justice and interior ministers had said last year they would meet this year's Oct. 26 deadline. But only six of the 25 EU countries Belgium, Finland, Luxembourg, Germany, Austria, and Sweden will be ready to issue biometric passports by that date. After Oct. 26, citizens from 27 visa-exempt countries will have to apply for a visa or have a biometric passport. The EU's Justice and Home Affairs Commissioner Franco Frattini wrote on Wednesday to James Sensenbrenner, head of the U.S. House of Representative's Judiciary Committee that although the bloc had made substantial progress, it would require more time, until Aug. 28, 2006, to introduce the new passports. Despite all the progress ... we would urge the Congress to consider a second extension of the deadline, Frattini said in the letter. The United States had already extended the original Oct. 26, 2004, deadline by a year. Frattini said the issuing of similar U.S. passports was also experiencing a certain slippage due to problems in adapting the new technology to passports. Japan also will be unable to meet the U.S. deadline, officials said. So-called biometric features can reduce patterns of fingerprints, irises, voices and faces to mathematical algorithms that can be stored on a chip or machine-readable strip. EU countries also want to include a fingerprint on the chip. Despite all the progress made ... in reinforcing the security of passports you are surely aware that critical aspects of the biometric technology, such as data security and interoperability of reading devices, are still being finalized, wrote Frattini. Frattini said the EU shares the view of the United States that more secure travel documents are an important tool in the fight against international crime and terrorism. The United States is urging European countries to have new biometric travel documents in place as part of its tighter border security checks following the Sept. 11, 2001, terrorist attacks. All new U.S. passports issued by the end of 2005 are expected to have a chip containing the holders' name, birth date and issuing office, as well as a a photo of the holders' face. The photo is the international standard for biometrics, but countries are free to add other biometrics, such as fingerprints, for greater accuracy. Also Wednesday, the EU head office released a report on the impact of using biometrics, which said more large-scale field trials were needed to ensure the new technology worked properly. It also urged governments to ensure safeguards for privacy and data protection in the use of biometric data. Copyright 2005 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. Links referenced within this article Find this article at: http://www.usatoday.com/travel/news/2005-03-30-eu-passports_x.htm?POE=TRVISVA -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- *** FAIR USE NOTICE. This message contains copyrighted material the use of which has not been specifically authorized by the copyright owner. This Internet discussion group is making it available without profit to group members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of literary, educational, political, and economic issues, for non-profit research and educational purposes only. I believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml - - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: aid worker stego
Peter Fairbrother wrote: I don't think there is much danger of severe torture, but I don't think innocent-until-proven-guilty applies either, and suspicion should be minimised or avoided. Depends on what you want to avoid. Best solution for software is dual-use - 7-zip for file encryption, standard s/mime capable email software (such as thunderbird or even outlook express) for pki. However, encrypted emails are *always* going to stick out like a sore thumb if intercepted, and even the output of most stego packages will look suspect (unless your aid worker is in the habit of sending large numbers of digital photos by email. This could be arranged - get him to take new, original photos of what he sees while doing his work, use them exactly once for stego, then keep the stegoed versions around on the hd so that any comparison later will show the original version identical to the intercepted email version. Probably the best overall solution to this would be a bootable mini-cd; a mini-linux distro would give a gui, and still leave room for conventional encryption packages, stego packages and the user's secret/public keyring, leave no trace on the HD at all (no matter how good the forensic package), can be hidden in a wallet amongst credit cards, and can be distroyed trivially by simply scratching off the printed surface with the back of a key or against a rough surface such as a wall or stone paving slab (ie, drop it face down, then stand on it and move foot back and forth until you have an oblong of worthless plastic and a slightly messy walkway) assuming stego, you could load digicam photos (either via a driver on the minicd or via windows, whichever you happen to be using at the time) not long after they were taken, for later stego purposes, and the space they use on the digicam reused for more photos before the first set were used for stego (or again, if in a hurry, just remove and discard the sd card from the cam) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Microsoft info-cards to use blind signatures?
http://www.idcorner.org/index.php?p=88 The Identity Corner Stephan Brands A corner on IDs Postings on anything related to digital identity management. 3/30/2005 Microsoft info-cards to use blind signatures? Posted by Stefan at 10:37 am Microsoft yesterday confirmed that it will provide info-card software into Windows that will put control of digital IDs into the hands of an end-user so that the end-user will be in full control. Thus far, the company has revealed no technical details about how info-cards will ensure the privacy of certified identity assertions as they are being passed around by their users. Now, I just learned that Microsoft last week has been granted US patent no. 6,871,276 titled Controlled-content recoverable blinded certificates. Since I found out about this patent only half an hour ago, I cannot yet comment on the novelty of the proposed solution, other than that it seems to be a minor twist on Chaum's blind signature patent that was filed in 1983. (The twist seems to be to use the decryption exponent d to encode meaningful attribute information, a technique that certainly has already been described by Chaum in various of his post-1983 papers as well as patents; I need to review the entire patent text first, however, before I can tell with certainty if there is a significant and technically non-obvious difference in the proposed encoding techniques.) Issues regarding patentability and technical shortcomings notwithstanding, I am genuinely excited about this development, if it can be taken as an indication that Microsoft is getting serious about privacy by design for identity management. That is a big if, however: indeed, the same Microsoft researcher who came up with the patent (hello Dan!) was also responsible for Microsoft e-cash patent no. 5,768,385 that was granted in 1998 but was never pursued. (See here for a brief evaluation of the technical merits of that patent.) I am looking forward to Microsoft coming forth with some technical details on info-cards. Kim, can you share with us a few insights on the info-card privacy design on your personal blog? -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
DRM comes to digital cameras: Lexar LockTight
Lexar Media has come up with a Compact Flash card that won't actually work until you do a nonstandard, proprietary handshake with it. They worked with a couple of camera makers (and built their own CF reader and Windows software) to implement it. Amazingly, it doesn't actually store the photos encrypted on the flash; it just disables access to the memory until you do something secret (probably answer a challenge/response with something that shows you have the same secret key that those cameras do). I don't know of anyone competent who's taken one apart and figured out what the actual security properties are. http://www.lexar.com/dp/workflow/pro_cf_lt.html http://www.robgalbraith.com/bins/content_page.asp?cid=7-6465-7655 They also have Active Memory which appears to be another idea for what can be done by making a separate memory on the CF card that can't be accessed by the standard protocols. Idle hands are the devil's work. They haven't figured out anything useful for it to do: at the moment their custom software copies copyright notices off the secret memory onto the photos, after you transfer them to a PC. Of course, the software could've done that WITHOUT the secret memory, just keeping the copyright info in a file in the standard flash file system. What Lexar gets out of it is to charge twice as much for these CF cards, raising them out of the commodity market. (Assuming anybody buys.) They're pitching it to cops, who are spending somebody else's money. John - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
DIMACS Workshop on Security of Web Services and E-Commerce
*Pre-registration deadline: April 28, 2005* *** DIMACS Workshop on Security of Web Services and E-Commerce May 5 - 6, 2005 DIMACS Center, Rutgers University, Piscataway, NJ Organizer: Brian LaMacchia, Microsoft, [EMAIL PROTECTED] Presented under the auspices of the Special Focus on Communication Security and Information Privacy. The growth of Web Services, and in particular electronic commerce activities based on them, is quickly being followed by work on Web Services security protocols. While core XML security standards like XMLDSIG, XMLENC and WS-Security have been completed, they only provide the basic building blocks of authentication, integrity protection and confidentiality for Web Services. Additional Web Services standards and protocols are required to provide higher-order operations such as trust management, delegation, and federation. At the same time, the sharp rise in phishing attacks and other forms of on-line fraud simply confirms that all our work on security protocols is for naught if we cannot make it both possible and easy for the average user to discover when a security property has failed during a transaction. This workshop aims to explore these areas as well as other current and future security and privacy challenges for Web Services applications and e-commerce. ** Workshop Program: This is a preliminary program subject to change. Thursday, May 5, 2005 8:00 - 9:00 Breakfast and Registration 9:00 - 9:15 Welcome Opening Remarks 9:15 - 9:45 On the relation between Web Services Security and traditional protocols Eldar Kleiner and A.W. Roscoe, Oxford University Computing Laboratory, UK 9:45 - 10:15 Verification Tools for Web Services Security Cédric Fournet, Microsoft Research -- Cambridge, UK 10:15 - 10:30 Break 10:30 - 11:00 Flexible Regulation of Virtual Enterprises Naftaly Minsky, Rutgers University 11:00 - 11:30 Negotiated Security and Privacy Policies for Web Services George Yee, National Research Council 11:30 - 12:00 Regulating Synchronous Communication, and its Applications to Web-Services Constantin Serban, Rutgers University 12:00 - 1:30 Lunch 1:30 - 2:00 Scalable Configuration Management For Secure Web Services Infrastructure Sanjai Narain, Telcordia Technologies, Inc., USA 2:00 - 2:30 Automating Deployment Configuration of Web Services Security J. Micallef, B. Falchuk and C. Chung, Telcordia Technologies, Inc., USA 2:30 - 3:00 Software Based Acceleration Methods for XML Signature Youjin Song and Yuliang Zheng, UNC-Charlotte, USA 3:00 - 3:30 Analysis of aspects of XML WS-* that make hardware optimizations harder or easier Eugene Kuznetsov, DataPower Technology, Inc., USA 3:30 - 3:45 Break 3:45 - 4:15 XACML and role-based access control Jason Crampton, Royal Holloway, University of London, UK 4:15 - 4:45 Use of REL Tokens for Higher-order Operations Thomas DeMartini, ContentGuard, USA 4:45 - 5:15 Electronic Document Authorization: A Case for Practical, Secure Delegation and Authorization Young H. Etheridge Friday, May 6, 2005 8:00 - 9:00 Breakfast Registration 9:00 - 9:30 Towards Decentralized and Secure Electronic Marketplace Yingying Chen, Constantin Serban, Wenxuan Zhang and Naftaly Minsky, Rutgers University 9:30 - 10:00 A Negotiation-based Access Control Model for Web Services Elisa Bertino, Purdue University , A. C. Squicciarini and L. Martino, University of Milano, Italy 10:00 - 10:30 Using Certified Policies to Regulate E-Commerce Victoria Ungureanu, Rutgers University 10:30 - 10:45 Break 10:45 - 11:15 Active Intermediaries in Web Service and E-Commerce Environments John Linn, RSA Laboratories 11:15 - 11:45 Web services and Federated Identity Management Birgit Pfitzmann, IBM Zurich Research Lab, Switzerland 11:45 - 12:15 Web Services Architecture and the Old World Philip Hallam-Baker 12:15 - 1:45 Lunch 1:45 - 2:15 On-line Certificate Validation via LDAP Component Matching Jong Hyuk Choi, Sang Seok Lim, IBM T. J. Watson Research Center, and Kurt D. Zeilenga, IBM Linux Technology Center 2:15 - 2:45 A Convenient Method for Securely Managing Passwords Brent Waters, Stanford University, Alex Halderman, and Ed Felten, Princeton University 2:45 - 3:00 Break 3:00 - 3:30 Identifying Malicious Web Requests through Changes
philosophical cum practical point
Please critique, if you will, this line of reasoning: === All other things being equal, integrating cryptographic communication protocols into client-server or peer-to-peer products with existing end-point vulnerabilities tends to increase total enterprise vulnerability. === By all other things being equal I am trying to diplomatically reflect my experience to date that not only is, say, key management hard but ensuring that overburdened systems administrations staffs continuously do the right thing with it has near zero probability. The SSL experience sort of sets a lower bound for automaticity and low/no end-user skill requirement corroborated by Alma Whitten's classic paper[1] and other similar findings. In perhaps the most awkward and commonplace sense, I find myself dealing with development teams that (rightly) believe applications of cryptography are well understood but then make the naive leap that they themselves either already well understand those applications of cryptography or that such understanding is an assignable task to randomly selected team members irrespective of background. Perhaps I am only elaborating Spaf's remark[2] about armored cars by restating it as an operational rule for when development teams are permitted to add crypto in their comm protocols -- when they have damped out their end-user vulnerabilities. Put one additional way, the guy who adds crypto to his data stream risks becoming the most critical server in the data center. --dan [1] Whitten A Tygar JD, Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0, Proceedings of the 8th USENIX Security Symposium, August 23-36, 1999, Washington, D.C., pp 169-184. http://www.usenix.org/publications/library/proceedings/sec99/full_papers/whitten/whitten_html/ [2] Using encryption on the Internet is the equivalent of arranging an armoured car to deliver credit card information from someone living in a cardboard box to someone living on a park bench. -- Gene Spafford, Purdue University. http://www.collegetermpapers.com/TermPapers/Technology/m.shtml - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Identity Thieves Organize
http://online.wsj.com/article_print/0,,SB111282706284700137,00.html The Wall Street Journal April 7, 2005 Identity Thieves Organize Investigators See New Pattern: Criminals Team Up to Sell Stolen Data Over the Internet By CASSELL BRYAN-LOW Staff Reporter of THE WALL STREET JOURNAL April 7, 2005; Page B1 Recent investigations of online identity-theft rings show a disturbing pattern emerging, law-enforcement officials say. Large groups of criminals are banding together to steal financial data from individuals, and then trade or sell that data on underground Internet sites. One such case involves Shadowcrew, an online marketplace for stolen credit-card and debit-card information that U.S. agents shut down. The Web site, with some 4,000 members, served as the backbone of an extensive criminal organization that traded at least 1.5 million stolen credit-card numbers and caused total losses in excess of $4 million, according to an indictment returned by a federal grand jury in Newark, N.J., in October. The indictment names 19 individuals for their roles in running what the Department of Justice calls one of the largest online centers for trafficking stolen identity information, documents and banking details. INTERNET INSECURITY See how members of Shadowcrew allegedly operated0 a secret Web site that traded stolen credit and debit card information. As public concern mounts about identity theft, police busts in the U.S., Europe and Latin America are shedding light on the increasing sophistication of the criminals behind such schemes. They are finding well-run, hierarchical organizations where members coordinate efforts via the Internet, often using aliases. Once stolen, the information is advertised and sold on Web sites and Internet chat rooms specializing in the trafficking of such valuable data. They are run like businesses, says Larry Johnson, special agent in charge of the Secret Service's criminal investigative division, who helped coordinate the Shadowcrew investigation. Identity theft long predates the Web, but Mr. Johnson says the Internet helps large groups communicate much more efficiently and extend their geographical reach. The rings often are international, including Shadowcrew, which had key members in several countries. Identity theft cost consumers and their banks and credit-card companies about $11.7 billion in losses for the 12 months through April 2004, estimates Gartner Inc., a Stamford, Conn., technology research firm. Gartner says it is difficult to know how much of that is attributable to crimes committed online rather than offline -- such as from stolen purses or wallets. But banks and law enforcement say that online identity theft is growing rapidly. One widespread scam is known as phishing, which uses e-mails designed to look as if they are from a legitimate bank or retailer to trick consumers into entering credit card, banking or other sensitive information at fake Web sites. In a new twist, dubbed pharming, hackers manipulate the settings on a computer so the user will be redirected to a counterfeit Web site when attempting to visit a legitimate Web site for service. Major banks have been frequent targets of such attacks. A recent legitimate-looking e-mail to customers of HSBC Holdings PLC warned recipients that there had been several failed attempts to log onto their online accounts. The e-mail, bearing the HSBC logo, asked recipients to re-confirm their account information. It pointed customers to a Web site link beginning with the bank's real address, www.hsbc.com, and warned that those who ignored the request would have their account suspended. HSBC confirms the e-mail was fake but says it doesn't know how much money the scam may have swindled from customers. Customers who report that their accounts are missing money often don't know how their account numbers and passwords were stolen. A large Brazilian gang allegedly swindled roughly $66 million from online-banking customers using a computer virus attached to an e-mail that appeared to be from legitimate banks, says Paulo Quintiliano, head of the Brazilian federal police's cyber-crime division. People who clicked on the link in the e-mail downloaded the virus onto their computers, which then stored the customer's bank details when they accessed their accounts online at legitimate banking sites. The computer code then sent the swiped account information and passwords to the hackers. The gang then used the banking information to transfer money out of accounts, create fake bank cards and even set up shell companies through which they channeled the money, says Mr. Quintiliano. Brazilian federal police have arrested and charged more than 100 members of the gang over the past 18 months, and a trial is under way. The market for trading stolen information has grown more sophisticated in the past year, too, security experts say. Originally, large volumes of credit-card or bank-account information were sold
How secure is the ATA encrypted disk?
-- Every ATA disk contains encryption firmware, though not all bioses allow you to use it. There is a master and a user password, 32 bytes each. If you set them both to the same value, and that value is a strong 32 byte password, then the disk can only be booted or accessed by entering that password. This disk firmware is what password protected laptops use. It exists on most PCs, though most of them have no bios firmware to use it. How strong is this standard - could someone bypass it by taking a soldering iron to the disk? Is the disk encrypted, or just the datapath to the disk? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG MWz38lml3/o9dkGLtWtJQZ1tp0gyiyL5eFG9bY/j 4tFQd7DIdLt5X6V438CPm2mQIV4/O2PZST9PN9sAM - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Lamar Alexander: Much as I Hate It, We Need a National ID
http://www.washingtonpost.com/ac2/wp-dyn/A11307-2005Mar29?language=printer The Washington Post washingtonpost.com Much as I Hate It, We Need a National ID By Lamar Alexander Wednesday, March 30, 2005; Page A15 The House recently passed legislation requiring states to turn 190 million driver's licenses into national ID cards, with state taxpayers paying most of the cost. The first thing wrong here is that the House stuck the ID card proposal on the appropriations bill that supports troops in Iraq and sent it over to the Senate. We should not slow down money for our troops while we debate ID cards. The second problem is that states not only get to create these ID cards, they'll likely end up paying the bill. This is one more of the unfunded federal mandates that we Republicans promised to stop. Supporters argue that this is no mandate because states have a choice. True, states may refuse to conform to the proposed federal standards and issue licenses to whomever they choose, including illegal immigrants -- but if they do, that state's licenses will not be accepted for federal purposes, such as boarding an airplane. Some choice. What governor will deny his or her citizens the identification they need to travel by air and cash Social Security checks, or for other federal purposes? Of course, the ID card may still backfire on Congress. Some feisty governor may say, Who are these people in Washington telling us what to do with our drivers' licenses and making us pay for them, too? California will use its licenses for certifying drivers, and Congress can create its own ID card for people who want to fly and do other federally regulated things -- and if they do not, I will put on the Internet the home telephone numbers of all the congressmen. If just one state refused to do the federal government's ID work, Congress would be forced to create what it claims to oppose -- a federal ID card for citizens of that state. Finally, if we must have a better ID card for some federal purposes, then there are better ideas than turning state driver's license examiners into CIA agents. Congress might create an airline traveler's card. Or there could be an expanded use of U.S. passports. Since a motive here is to discourage illegal immigration, probably the most logical idea is to upgrade the Social Security card, which directly relates to the reason most immigrants come to the United States: to work. I have fought government ID cards as long and as hard as anyone. In 1983, when I was governor of Tennessee, our legislature voted to put photographs on driver's licenses. Merchants and policemen wanted a state ID card to discourage check fraud and teenage drinking. I vetoed this photo driver's license bill twice because I believed driver's licenses should be about driving and that state ID cards infringed on civil liberties. That same year, on a visit to the White House, when a guard asked for my photo ID, I said, We don't have them in Tennessee. I vetoed them. The guard said, You can't get in without one. The governor of Georgia, who had his photo ID driver's license, vouched for me. I was admitted to the White House, the legislature at home overrode my veto and I gave up my fight against a state ID card. For years state driver's licenses have served as de facto national ID cards. They have been unreliable. All but one of the Sept. 11 terrorists had a valid driver's license. Even today, when I board an airplane, security officials look at the front of my driver's license, which expired in 2000, and rarely turn it over to verify that it has been extended until 2005. I still detest the idea of a government ID card. South Africa's experience is a grim reminder of how such documents can be abused. But I'm afraid this is one of the ways Sept. 11 has changed our lives. Instead of pretending we are not creating national ID cards when we obviously are, Congress should carefully create an effective federal document that helps prevent terrorism -- with as much respect for privacy as possible. The writer is a Republican senator from Tennessee. He was chairman of the National Governors Association in 1985-86. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Taking the terror out of terror: Sandia team re-thinks physical security for homeland defense
Suppose every PDA had a sensor on it, suggests ACG researcher Laura McNamara. We would achieve decentralized surveillance. The goal here is to abolish anonymity, the terrorist's friend, says Sandia researcher Peter Chew. We need to help win over the as-yet-undecided populace to the view it is their government that is legitimate and not the insurgents, says the ACG's David Kitterman. http://www.sandia.gov/news-center/news-releases/2005/gen-science/counterterror.html NEWS RELEASES FOR IMMEDIATE RELEASE March 17, 2005 Taking the terror out of terror: Sandia team re-thinks physical security for homeland defense Analysis may lead to less anxiety, more safety ALBUQUERQUE, N.M. - Anticipating attacks from terrorists, and hardening potential targets against them, is a wearying and expensive business that could be made simpler through a broader view of the opponents' origins, fears, and ultimate objectives, according to studies by the Advanced Concepts Group (ACG) of Sandia National Laboratories. Right now, there are way too many targets considered and way too many ways to attack them, says ACG's Curtis Johnson. Any thinking person can spin up enemies, threats, and locations it takes billions [of dollars] to fix. That U.S. response is actually part of the war plan of our opponents, points out ACG vice president and Sandia Principal Scientist Gerry Yonas. Yonas reports that an al Quaeda strategy document signed by Shiekh Naji, dated September 2004, reads: Force the enemy to guard every building, train station, and street in order to plant fear in their hearts and convince Muslims to join and die as martyrs instead of dying as infidels. Osama bin Laden put it in this way, according to Yonas: We are continuing . . . to make America bleed profusely to the point of bankruptcy . . . The ACG - a technical think tank that influences the direction of long-term research at Sandia, a National Nuclear Security Administration laboratory - is in the early stages of developing a conceptual program to improve America's defenses against terrorism. Something to keep in mind, says Johnson, is that an attack isn't a goal in itself but a means to a further end. The terrorist might succeed at some tactical objective - create terrible destruction and loss of life - yet still be foiled in achieving his strategic goal of bringing our society to its knees. There can never be perfect protection, says Yonas. We can never stop every conceivable attack. But we live with danger every day in many forms. Because their goal is to terrorize us, one point is to take the terror out of terror, says John Whitley, another ACG group member. Consider fire: At one time, fire was a major threat to cities and even burned a number of them down. Now we have fire engines, water hydrants, fire insurance. We live with the danger almost without thinking about it. We need to set up the same kind of standby mechanisms against terrorism, and do so in an affordable manner. People in airports voluntarily might carry smart cards if the cards could be sweetened to perform additional tasks like helping the bearer get through security, or to the right gate at the right time. Mall shoppers might be handed a sensing card that also would help locate a particular store, a special sale, or find the closest parking space through cheap distributed-sensor networks. Suppose every PDA had a sensor on it, suggests ACG researcher Laura McNamara. We would achieve decentralized surveillance. These sensors could report by radio frequency to a central computer any signal from contraband biological, chemical, or nuclear material Danger signals would call forth already-in-place defensive procedures. The goal here is to abolish anonymity, the terrorist's friend, says Sandia researcher Peter Chew. We're not talking about abolishing privacy - that's another issue. We're only considering the effect of setting up an electronic situation where all the people in a mall, subway, or airport 'know' each other - via, say, Bluetooth - as they would have, personally, in a small town. This would help malls and communities become bad targets. Other ways to fight terrorism start earlier. The game really starts when the bad guys are getting together to plan something, not when they show up at your door, says Johnson. Can you ping them to get them to reveal their hand, or get them to turn against themselves? Better yet is to bring the battle to the countries from which terrorists spring, and beat insurgencies before they have a foothold. We need to help win over the as-yet-undecided populace to the view it is their government that is legitimate and not the insurgents, says the ACG's David Kitterman. Data from Middle East polls suggest, perhaps surprisingly, that most respondents are favorable to Western values. Turbulent times, however, put that liking under stress. A nation's people and media can be won over, says Yonas, through global initiatives that deal with local
Microsoft Working on New ID System for Windows
http://www.reuters.com/printerFriendlyPopup.jhtml?type=internetNewsstoryID=8026568 Reuters Microsoft Working on New ID System for Windows Tue Mar 29, 2005 01:23 PM ET By Reed Stevenson SEATTLE (Reuters) - Microsoft Corp. (MSFT.O: Quote, Profile, Research) will build software for managing identities into Windows in order to beef up security by giving users more control over their personal information, the world's largest software maker said on Tuesday. The ID technology called info-cards will give users more control over their own personal information in order to shop and access services online, said Michael Stephenson, director in Microsoft's Windows Server division. Microsoft is currently working on a new Internet Explorer Web browser and version of Windows, code-named Longhorn, but Stephenson declined to say whether info-cards would be built into the current Windows XP version or Longhorn. We're trying to make the end-user experience as simple as possible, Stephenson said, adding that Microsoft's goal is to make sure that this is as broadly accessible as possible. The initiative is the latest effort by the software giant to improve the reliability and security of its software. Identity theft has become a growing concern in the United States as personal data is increasingly used to make purchases, and log into Web sites for vital information and services. The U.S. government is considering greater regulation of data brokers following a rash of break-ins and other data losses that have heightened concern about identity theft -- a crime that costs consumers and businesses an estimated $50 billion annually. The technology proposed by Microsoft is reminiscent of two software tools detailed by the Redmond, Washington-based company in 2001 called Passport and Hailstorm. Hailstorm was quietly shelved after privacy advocates said it put too much sensitive information into the hands of a single company and partners expressed similar reservations. Passport, used to provide a single log-in for multiple Web sites and store basic personal information, did not gain the wide audience that Microsoft hoped for. Online marketplace eBay Inc. (EBAY.O: Quote, Profile, Research) , an early Passport adopter, stopped using the service for its users in January. While Microsoft's earlier plans involved the use of centrally stored information beyond computer desktop, the info-card system will keep data stored on a personal computer, Microsoft said. It's going to put control of digital IDs into the hands of an end-user, the end-user will be in full control, Stephenson said. ChoicePoint Inc. (CPS.N: Quote, Profile, Research) , which maintains personal profiles of nearly every U.S. consumer for companies that need to conduct credit and security checks, said earlier this year that it inadvertently gave criminals tens of thousands of consumer records, sparking fears of widespread identity theft and government probes. On Monday, the University of California, Berkeley, said that a laptop computer containing the names and Social Security numbers of nearly 100,000 graduates, graduate students and applicants, was stolen earlier in March and that police were investigating the theft. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
TSA Slated for Dismantling
http://www.washingtonpost.com/ac2/wp-dyn/A35333-2005Apr7?language=printer The Washington Post washingtonpost.com TSA Slated for Dismantling By Sara Kehaulani Goo Washington Post Staff Writer Friday, April 8, 2005; Page A01 The Transportation Security Administration, once the flagship agency in the nation's $20 billion effort to protect air travelers, is now slated for dismantling. The latest sign came yesterday when the Bush administration asked David M. Stone, the TSA's director, to step down in June, according to aviation and government sources. Stone is the third top administrator to leave the three-year-old agency, which was swiftly created in the chaos and patriotism following the Sept. 11, 2001 terrorist attacks. The TSA absorbed divisions of other agencies such as Federal Aviation Administration only to find itself now the victim of a massive reorganization of the Department of Homeland Security. The TSA has been plagued by operational missteps, public relations blunders and criticism of its performance from both the public and legislators. Its No Fly list has mistakenly snared senators. Its security screeners have been arrested for stealing from luggage, and its passenger pat-downs have set off an outcry from women. Under provisions of President Bush's 2006 budget proposal favored by Congress, the TSA will lose its signature programs in the reorganization of Homeland Security. The agency will likely become just manager of airport security screeners -- a responsibility that itself could diminish as private screening companies increasingly seek a comeback at U.S. airports. The agency's very existence, in fact, remains an open question, given that the legislation creating the Department of Homeland Security contains a clause permitting the elimination of TSA as distinct entity after November 2004.TSA, at the end of the day, is going to look more like the Postal Service, said Paul C. Light, a public service professor at New York University and a Brookings Institution scholar who has tracked the agency since its birth in February 2002. Light calls the TSA one of the federal government's greatest successes of the past half century, and likens it to the creation of the National Aeronautics and Space Administration in the late 1950s, which was also born amid great public excitement to serve an urgent national need. But TSA's time in the spotlight is over and it should now step back to serve a more narrow role, Light said. It's a labor-intensive delivery organization that is not going to be making many public policy decisions. Its basic job is to train and deploy screeners, he said. Bush administration officials say they don't expect the demise of TSA, adding they will know little about the future of the agency until new Homeland Security Sec. Michael Chertoff completes his review of the department, which will likely prompt a major overhaul. TSA has taken significant steps to enhance the nation's transportation and aviation security over the course of the past two years and TSA continues to have the confidence, not only of nation's air travelers, but of departmental leadership, to continue in this important mission, said Homeland Security spokesman Brian Roehrkasse. Secretary Chertoff is open to adjustments in the way that DHS does business but will not advocate for or against any change until a thorough review of the changes are complete. The review is expected to be completed in May or June.The government has pumped more money into airline security than any other Homeland Security effort. Much of it goes toward salaries for more than 45,000 security screeners at over 400 airports.Travelers know TSA mostly by its operations at the airport security checkpoint, a highly public role that magnifies agency's smallest blunders and often forces it to have to defend itself. Republicans didn't want to create this [bureaucracy] in the first place. Democrats see security as an easy target. So you don't have anyone to defend it, said C. Stewart Verdery, Jr., former assistant secretary for policy and planning at Homeland Security's Border and Transportation Security directorate, which includes TSA. If someone sneaks a knife through an airport, it makes the news. If the Coast Guard misses a drug boat, no one hears about it.The TSA won early plaudits for swiftly building the first new federal agency in decades and restoring confidence in the nation's aviation system. It achieved 51 goals demanded by Congress under tight deadlines and took over many responsibilities from the Federal Aviation Administration, including the expansion and operation of undercover air marshals. At its peak, it had 66,000 federal employees and met deadlines that were unthinkable by the federal government, installing luggage scanning technology and hiring a new workforce of airport security screeners within a year. Bit by bit, however, the agency's responsibilities have steadily dwindled amid a succession of directors. Many
[Openswan dev] The IESG: WG Action: Better-Than-Nothing Security (btns)
--- begin forwarded text To: [EMAIL PROTECTED] Date: Fri, 08 Apr 2005 11:20:04 -0400 From: Michael Richardson [EMAIL PROTECTED] Subject: [Openswan dev] The IESG: WG Action: Better-Than-Nothing Security (btns) Sender: [EMAIL PROTECTED] From [EMAIL PROTECTED] Fri Apr 8 11:11:34 2005 Return-Path: [EMAIL PROTECTED] Received: from megatron.ietf.org (megatron.ietf.org [132.151.6.71]) by lox.sandelman.ottawa.on.ca (8.11.6p3/8.11.6) with ESMTP id j38F9HU03163 for [EMAIL PROTECTED]; Fri, 8 Apr 2005 11:09:18 -0400 (EDT) Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DJujb-0004aq-Be; Fri, 08 Apr 2005 10:45:23 -0400 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DJujZ-0004al-FE for [EMAIL PROTECTED]; Fri, 08 Apr 2005 10:45:21 -0400 Received: from CNRI.Reston.VA.US (localhost [127.0.0.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA27353; Fri, 8 Apr 2005 10:45:18 -0400 (EDT) Message-Id: [EMAIL PROTECTED] From: The IESG [EMAIL PROTECTED] To: IETF-Announce@ietf.org Date: Fri, 08 Apr 2005 10:45:18 -0400 Cc: Pekka Nikander [EMAIL PROTECTED], [EMAIL PROTECTED], Love Hornquist Astrand [EMAIL PROTECTED] Subject: WG Action: Better-Than-Nothing Security (btns) X-BeenThere: ietf-announce@ietf.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: ietf-announce.ietf.org List-Unsubscribe: https://www1.ietf.org/mailman/listinfo/ietf-announce, mailto:[EMAIL PROTECTED] List-Post: mailto:ietf-announce@ietf.org List-Help: mailto:[EMAIL PROTECTED] List-Subscribe: https://www1.ietf.org/mailman/listinfo/ietf-announce, mailto:[EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Errors-To: [EMAIL PROTECTED] X-Spam-Status: No, hits=-6.6 required=4.0 tests=BAYES_01 version=2.52 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.52 (1.174.2.8-2003-03-24-exp) A new IETF working group has been formed in the Security Area. For additional information, please contact the Area Directors or the WG Chairs. +++ Better-Than-Nothing Security (btns) == Current Status: Active Working Group Chair(s): Pekka Nikander [EMAIL PROTECTED] Love Hornquist Astrand [EMAIL PROTECTED] Security Area Director(s): Russell Housley [EMAIL PROTECTED] Sam Hartman [EMAIL PROTECTED] Security Area Advisor: Sam Hartman [EMAIL PROTECTED] Mailing Lists: General Discussion: [EMAIL PROTECTED] To Subscribe: http://www.postel.org/anonsec Archive: http://www.postel.org/anonsec Description of Working Group: Current Internet Protocol security protocol (IPsec) and Internet Key Exchange protocol (IKE) present somewhat of an all-or-nothing alternative; these protocols provide protection from a wide array of possible threats, but are sometimes not deployed because of the need for pre-existing credentials. There is significant interest in providing anonymous (unauthenticated) keying for IPsec to create security associations (SAs) with peers who do not possess authentication credentials that can be validated. Examples of such credentials include self-signed certificates or bare public keys. This mode would protect against passive attacks but would be vulnerable to active attacks. The primary purpose of this working group is to specify extensions to the IPsec architecture, and possibly extensions or profiles of IKE, so that IPsec will support creation of unauthenticated SAs. The goal of the resulting RFCs is to enable and encourage simpler and more rapid deployment of IPsec in contexts where use of unauthenticated SAs is deemed appropriate, to enable and encourage the use of network security where it has been difficult to deploy--notably, to enable simpler, more rapid deployment. Any IKE and IPsec extensions/profiles developed in this WG MUST NOT undermine the security facilities already defined for IPsec. Specifically, the access control facilities that are central to IPsec must not be degraded when unauthenticated SAs are employed concurrently with authenticated SAs in the same IPsec implementation. Two related problems emerged during the discussion of this problem. First, there is a desire in the KITTEN, RDDP, NFSv4 and potentially other working groups to make use of unauthenticated IPsec SAs, and later cryptographically bind these SAs to applications, which perform their own authentication. The specification of how this binding is performed for IPsec and the specification of how the binding interacts with application authentication protocols are out of scope for this working group. However, interactions between this cryptographic channel binding and IPsec (e.g., the PAD, SPD, SAD, etc.) are expected to be similar to those for the unauthenticated mode with no binding. To avoid duplication of effort, This working group needs to consider how to support channel bindings when developing extensions to
[Openswan dev] [Announce] ANNOUNCE: Openswan 2.3.1 Released
--- begin forwarded text Date: Sat, 9 Apr 2005 21:47:55 +0200 (MET DST) From: Paul Wouters [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Openswan dev] [Announce] ANNOUNCE: Openswan 2.3.1 Released Sender: [EMAIL PROTECTED] 2005-04-09 Xelerance has released Openswan 2.3.1 Changes: v2.3.1 * NAT-T RFC support (mlafon/mcr) * NAT-T Server Side rewrite - handles rekeying alot better * NAT-T Client Side rekey bug fixed * Removed HowTo (obselete) * IPKG packaging updates * Log message updates * dpdaction=restart support * KLIPS fixes for 2.6 * AES fixes * Support for 'ip xfrm', so ipsec-tools is no longer required (herbert) Many fixes have gone into this release, most of them related to NAT-T and rekeying issues. KLIPS has now been tested to work with Linux 2.6 kernels for x86_64 as well as ix86 machines, though there are still problems with module unloading for 2.6. As always, please report bugs either on http://bugs.openswan.org/ or discuss matters on our mailinglists at http://lists.openswan.org/ or find some of the developers on #openswan at irc.freenode.net It is available at the usual locations: http://www.openswan.org/code/ ftp://ftp.openswan.org/openswan/ And ofcourse it has been added to the yum repository: [openswan] name=openswan - Fedora Openswan IPsec packages baseurl=ftp://ftp.openswan.org/openswan/binaries/fedora/$releasever/$basearch/ http://www.openswan.org/download/binaries/fedora/$releasever/$basearch/ gpgcheck=0 enabled=1 Paul ___ Announce mailing list [EMAIL PROTECTED] http://lists.openswan.org/mailman/listinfo/announce ___ Dev mailing list [EMAIL PROTECTED] http://lists.openswan.org/mailman/listinfo/dev --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Garfinkel analysis on Skype withdrawn?
Has anyone got a copy of the Skype analysis done by Simson Garfinkel? It seems to have disappeared. Original Message Subject: Simson Garfinkel analyses Skype - Open Society Institute Date: Sun, 10 Apr 2005 10:32:44 +0200 From: Vito Catozzo Hi I am Italian, so forgive any possible error or whatever regards the English language. I read your article on mail-archive.com (http://www.mail-archive.com/cryptography@metzdowd.com/msg03305.html) and I am so interested in reading what Simson Garfinkel has written about skype. Unfortunately the link you posted in the message is now broken (http://www.soros.org/initiatives/information/articles_publications/articles/security_20050107/OSI_Skype5.pdf). If you have this article saved on your hard disk could you please send it to me? Best regards Vito Catozzo -- News and views on what matters in finance+crypto: http://financialcryptography.com/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
U.S. Seeks Access to Bank Records to Deter Terror
http://www.nytimes.com/2005/04/10/national/10terror.html?th=emc=thpagewanted=printposition= The New York Times April 10, 2005 U.S. Seeks Access to Bank Records to Deter Terror By ERIC LICHTBLAU ASHINGTON, April 9 - The Bush administration is developing a plan to give the government access to possibly hundreds of millions of international banking records in an effort to trace and deter terrorist financing, even as many bankers say they already feel besieged by government antiterrorism rules that they consider overly burdensome. The initiative, as conceived by a working group within the Treasury Department, would vastly expand the government's database of financial transactions by gaining access to logs of international wire transfers into and out of American banks. Such overseas transactions were used by the Sept. 11 hijackers to wire more than $130,000, officials said, and are still believed to be vulnerable to terrorist financiers. Government officials said in interviews that the effort, which grew out of a brief, little-noticed provision in the intelligence reform bill passed by Congress in December, would give them the tools to track leads on specific suspects and, more broadly, to analyze patterns in terrorist financing and other financial crimes. They said they were mindful of privacy concerns that such a system is likely to provoke and wanted to include safeguards to prevent misuse of what would amount to an enormous cache of financial records. The provision authorized the Treasury Department to pursue regulations requiring financial institutions to turn over certain cross-border electronic transmittals of funds that may be needed in combating money laundering and terrorist financing. The plan for tracking overseas wire transfers is likely to intensify pressure on banks and other financial institutions to comply with the expanding base of provisions to fight money laundering, industry and government officials agreed. The government's aggressive tactics since the attacks of Sept. 11, 2001, have already caused something of a backlash among banking compliance officers - and even some federal officials, who say the effort has gone too far in penalizing the financial sector for lapses and has effectively criminalized what were once seen as technical violations. The initiative, still in its preliminary stages, reflects heightened concerns by administration and Congressional officials about the government's ability to track and disrupt financing for terrorist operations by Al Qaeda and other groups - an effort identified by President Bush as a top priority in the campaign against terrorism. Terrorist money has been difficult to identify, much less seize, in part because terror operations are conducted on relative shoestring budgets. Planning and operations for the attacks on Sept. 11, 2001, were believed to have cost Al Qaeda $400,000 to $500,000, with no unusual transactions found, according to the 9/11 commission, and the 1998 embassy bombings in East Africa cost only $10,000. While counterterrorism officials have made some inroads in tracking terrorist money, clear successes have been few and sporadic, experts say, and a number of recent reports have pointed up concerns about the government's ability to deter and disrupt such financing. I don't think we really have a full grasp of how to deal with the problem yet, said Dennis M. Lormel, the former head of the Federal Bureau of Investigation's terrorism-financing unit, who is now in the private sector. The framework is certainly getting better, but in general, we don't have the full capability yet to get at the money. The federal government has taken a number of aggressive steps since the Sept. 11 attacks to disrupt terrorist financing. It has expanded its list of terrorist-related groups banned from financial dealings with the United States, it has set up new investigative offices to track terrorist financing, and it has required more financial data and tighter compliance from financial industries as part of the antiterrorism law known as the USA Patriot Act and other measures. Senior officials throughout the administration have emphasized repeatedly that they want the financial sector to be a full partner in the stepped-up efforts to deter terrorist financing. But in a letter in January to Treasury Department officials, 52 banking associations around the country said that a lack of clarity by the government in explaining what is expected of them in complying with regulations to deter terrorist financing and money laundering has complicated, and in some cases undermined those efforts. The result, banking officials say, is that many banks, now in a defensive mode, are sending the government far more reports than ever before on suspicious activities by their customers - and potentially clogging the system with irrelevant data - for fear of being penalized if they fail to file the reports as required. Some smaller community banks
Revising the Patriot Act
http://www.nytimes.com/2005/04/10/opinion/10sun1.html?th=emc=thpagewanted=printposition= The New York Times April 10, 2005 EDITORIAL Revising the Patriot Act When Attorney General Alberto Gonzales, who is not exactly a renowned civil libertarian, says the Patriot Act may need some adjustments, it clearly has serious problems. The act, which was rushed through Congress after the Sept. 11 attacks, gives government too much power to invade the privacy of ordinary Americans and otherwise trample on their rights. Congress, which is now reviewing the act, should rewrite the parts that violate civil liberties. But it is important to realize that most of the worst post-Sept. 11 abuses did not stem from the Patriot Act. If Congress wants to restore the civil liberties Americans have lost in the last three and a half years, it must also look more broadly at the problems that have emerged from the war on terror. After Sept. 11, Congress was in such a rush to pass the Patriot Act that, disturbingly, many members did not even read it before they voted for it. Fortunately, Congress made some of the most controversial provisions expire by the end of 2005. Last week, it began a series of hearings on the act, focusing on the parts that need to be reauthorized. The debate over the Patriot Act is too often conducted in bumper stickers, in part because the details are so arcane. Parts of the law are reasonable law enforcement measures that have generated little controversy. But other parts unquestionably go too far, and invite the F.B.I., the C.I.A. and the White House to spy on Americans, and suppress political dissent, in unacceptable ways. Libraries and Medical Records Section 215, often called the library provision, is one of the most criticized parts of the act, with good reason. It allows the government to demand library, medical, and other records, and makes it a crime for the record holders to reveal that the request was made. Section 215 is written far too broadly. It lets the government seize an entire database - all the medical records of a hospital, all of the files of an immigration group - when it is investigating a single person. It also is far too invasive; it is hard to believe the F.B.I. needs to monitor library book circulation. If the searches are allowed, Section 215 should be tightened to give the government access only to records of a specific person it has legitimate reason to believe is involved in terrorism, not an entire database. The gag rule that makes it illegal for the record holder to talk publicly about the search also is disturbing, because it prevents the public from knowing if the government is abusing these sweeping powers. If the gag rule remains, it should be limited, so record holders can speak about the search after a suitable period of time, or talk about it right away without revealing who the target was. Secret Searches Section 213, the sneak and peek provision, lets the government search a person's home and delay telling him about it. These delayed-notification searches fly in the face of the strong American tradition that the government must announce when it is entering a home. Delayed-notification searches were of questionable legality before the Patriot Act, and Section 213 - which does not expire this year, but is still generating considerable debate - clearly goes too far. At the very least, it should apply only to terrorism cases, and not, as it now does, to all investigations. It should also have clear guidelines for how long notice can be delayed. Secret searches are an area where focusing only on the Patriot Act misses the larger picture of civil liberties violations. There is another law, the Foreign Intelligence Surveillance Act, that allows a worse kind of secret search - one in which, unlike the delayed notification of Section 213, the subject may never be told about the search at all. One way for Congress to deal with searches under the Foreign Intelligence Surveillance Act - as well as those under Sections 213 and 215 of the Patriot Act - is to monitor them closely, which is not being done now. Congressional staff members with appropriate security clearance should review all requests for warrants or subpoenas, and should follow up on the results of the searches. If the F.B.I., C.I.A. or other units of government are using these tools to spy on Americans without sufficient justification, Congress needs this information to rein them in. Information Sharing Giving different units of government more power to share information about suspected terrorists is a laudable goal, but the Patriot Act's approach is flawed. It authorizes the F.B.I., the C.I.A., and even the White House sweeping access to confidential information gathered about Americans, including telephone and e-mail intercepts. The access is not limited to officials working on terrorism. And it sweeps in information, like confidential material acquired by grand juries, that has always been closely
Re: how email encryption should work
At 07:00 PM 3/28/2005, James A. Donald wrote: In my blog http://blog.jim.com/ I post how email encryption should work I see a couple of problems with your proposal. I'm not sure I like your external trusted mail-server assumptions, but they're probably good enough for many people, and other people will have better comments about them. Your plan is really designed for a small number of addresses per sender, as opposed to a quasi-infinite set of tagged addresses. It's becoming pretty common for anti-spam reasons to give different recipients different mail addresses like [EMAIL PROTECTED] (or [EMAIL PROTECTED]) or [EMAIL PROTECTED] so you can track and whitelist/blacklist people you communicate with, and some ISPs automagically translate between the two formats. Building a user interface that does that unobtrusively is probably a hard problem, or at least not a well-solved one, and building a cryptosystem that assumes a small number of addresses per user could make that style of mailer harder. A good user interface probably has some version of petname support, though, so there's some commonality with key handling. On the other hand, if you assume that most people will get domains, whether 2LD or 3LD or other subdomain, you could do a model that says that a user gets one key per domain, so you could think about hanging the keys off DNS. That may not be the right choice (do you want your email addresses to be easily correlated, and cracking/stealing one address's key to reveal the keys you use for everybody else? Or does the domain pretty much imply that to the skilled recipient anyway so who cares?) And of course it gets into the whole squabble about DNSSEC, and why its deployment failed, and whether it was trying to do a perfect job and therefore less scalable than a mostly-good-enough job, or at least into the politics of those questions if not the technology. The related problem is what to do if you *do* want different keys for different recipients; you could do that with different subdomains, or you could do a non-DNS approach. - Is (sender+recipient+timestamp+message) the right thing to sign? The Subject: line is in the mail headers, but it's probably something that should be part of the message. I'm not sure about some various X-headers. And of course the From: line includes both the email address and the sender's name, and the sender's name may be different for different recipients (in some sense, it may be the recipient's petname for the sender.) - Also, if you're attaching a key strictly to the email address, what happens to old signatures if you move email addresses? I suppose that's part of the point of getting your own domain name, so you can avoid having to change contact addresses when you change ISPs, but if you're using a new email address, how do you forward the signature? One option is to do what you can do in Crypto Kong, where you send a message from old-address signed by old-address, saying that you'll be using new address and new key, but that seems a bit awkward, since you need a convenient way to include the new keys for people who whitelist you or who you only want to send encrypted mail to. Thanks; Bill Stewart - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
DTV Content Protection (fwd from cripto@ecn.org)
From: Anonymous [EMAIL PROTECTED] Subject: DTV Content Protection To: [EMAIL PROTECTED] Date: Mon, 11 Apr 2005 01:25:17 +0200 (CEST) DTV Content Protection Two content protection systems are in use to protect digital television (DTV) signals on the wires of American home video systems: HDCP and DTCP. HDCP is used for the most common digital cable connection to HD monitors, HDMI, which is a variant of DVI. DTCP is used for digital connections to video equipment, especially digital VCRs. It was originally designed for Firewire (aka iLink, aka IEEE-1394) but has been extended to USB-2 and Bluetooth, with IP in the works. Apparently monitors with both HDMI and Firewire connections would have to implement both. HDCP is described at http://www.digital-cp.com/ and DTCP at http://www.dtcp.com/. The full DTCP spec is still secret unless you are a licensee and the site has only limited information. The two systems are very different cryptographically. HDCP uses a 56-bit keyed stream cipher based on LFSRs. DTCP uses block ciphers, either a 56-bit key proprietary block cipher from Hitachi called M6, or AES with 128-bit keys. M6 is the default that all devices must implement. M6 uses an odd chaining mode called converted CBC which seems to chain the ciphertext into the next block's key material rather than the plaintext, possibly with an abbreviated key schedule. SKDH Here I want to focus on the key agreement protocol. Both systems use a similar approach which has never been formally presented or documented. For convenience I will call it SKDH, for Symmetric Key Diffie Hellman. SKDH has some properties of Diffie Hellman key exchange, but it uses simple addition operations rather than public key functions. It also has some properties of identity-based encryption, in that there is a master key center that issues the private keys to each device. However it is not secure against collusion by users who know their private keys, so would not be suitable for a true IBE system. DTCP has two key agreement protocols. There is a full protocol which is EC-DH (elliptic curve Diffie Hellman) and is mandatory for copy never content, ie. pay per view content. It also specifies a restricted protocol which is acceptable for copy once and copy no more content, that uses the SKDH technique described below. This will be much cheaper to implement for manufacturers and is probably used by typical recording devices. DHCP has just one key agreement protocol and it is of this new type as well. SKDH key agreement has not been published but it is presumed that it works as follows. There is a secret matrix which is known only to the agency that issues keys. Let us call this the Master Matrix, MM. The system is based on matrix algebra as follows: Pub1 * MM * Pub2 = shared key. Pub1 and Pub2 are vectors of 1's and 0's which are the public keys of the two devices, called key selection vectors or KSVs. Each device is issued such a vector, along with its private keys, which are defined as follows: Priv1 = Pub1 * MM Priv2 = MM * Pub2 Priv1 and Priv2 are vectors of numbers whose size depends on the values in MM. Details for the two known implementations are described below. By associativity, we have: Pub1 * MM * Pub2 = Priv1 * Pub2 = Pub1 * Priv1 = shared key. The two parties do a key exchange by giving each other their KSVs, the public Pub1 and Pub2 values. Each one then multiples the vector of 1's and 0's they received from the other side times their vector of Priv values. This amounts to simply adding the Priv values selected by the 1's received from the other side. Because of the relationship between the public and private values, this insures that both sides receive the same shared key. The analogy to Diffie Hellman which motivated the name SKDH should now be clear. Each side receives a public value from the other, combines it with its own private data, and creates a shared secret. In HDCP, the MM matrix is 40 by 40, and entries are 56 bits long. In DTCP, the MM matrix is 12 by 12, and entries are 64 bits long. The weakness of this system is that if the the private key vectors are published, they leak information about the MM matrix. In principle as few as 40 private/public key pairs could fully reveal MM in the case of HDCP, and as few as 12 in the case of DTCP. This makes the cryptographic scheme unsuitable for any widespread identity based encryption scheme; it will only work in a closed system like these, where manufacturers must take great pains to keep their private keys secret. Attacks on HDCP Several attacks have been published and unpublished on HDCP. The most famous is from Niels Ferguson, who has announced an attack but will not publish it for the reasons described at http://www.macfergus.com/niels/dmca/cia.html. According to Ferguson: HDCP is fatally flawed. My results show that an experienced IT person can recover the HDCP master key in about 2 weeks using four computers and 50 HDCP
Moore says his law won't last
http://www.vnunet.com/news/1162433 Something like this cannot continue forever, he said. The dimensions are small enough now that we're approaching the size of atoms and that's a fundamental block. I think the law has another 10-20 years before fundamental limits are reached. This has obvious implications for brute force attacks -- projections based on Moore's Law are thus much too conservative. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: CFP: What the Hack '05 and Blind Signature Expiration Party
On 4/8/05, Lucky Green [EMAIL PROTECTED] wrote: U.S. Patent 4,759,063 Blind Signature Systems will expire on July 19, 2005. A Tuesday. Since no patent litigator will consider litigating on a Monday morning over patent infringement for a patent that expires the next day, it appears safe to say that come the preceding Saturday, technologies that make use of this patent can be displayed to the public. That Saturday is July 16, 2005. It took us 20 long years to get to this date. For those of us that tried to use this technology, it was 20 very, very long years. Fortunately, the 20 years are over. Which is as much reason for celebration as I can imagine. The expiration of the Blind Signature patent surely calls for a party. And as I promised so many years go, I will take it upon myself to throw that party. Anybody that knows what blind signatures are is welcome, no, make that implored, to come to the expiration party at my house (or other venue if there are too many people for my place) to celebrate the expiration of the patent on Saturday, July 16. As for me, I am counting the days. Ping me for details. That's very exciting. Perhaps we could aim for the release of some new software packages that use the blind signature patent technology. Are there any applications which have been waiting for this patent to expire? CP - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[p2p-hackers] Zooko's Triangle in action
--- begin forwarded text Date: Wed, 20 Apr 2005 16:26:11 -0700 From: Tyler Close [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [p2p-hackers] Zooko's Triangle in action Reply-To: Tyler Close [EMAIL PROTECTED], Peer-to-peer development. [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Hi all, A number of list members have built, or are building, p2p environments where files or public keys are referred to by their hash. The common wisdom seems to be that a petname system, as popularized by Zooko's Triangle, can be used to make the human interface to this world of computer/cryptography friendly identifiers. Given that, I thought list members might be interested in the petname tool Firefox extension. The petname tool is a fully functional petname system for SSL secured web sites. It is compatible with existing HTTPS sites, so you can create a petname for your bank. It really is Zooko's Triangle in action. You can get it at: http://petname.mozdev.org/ Tyler -- The web-calculus is the union of REST and capability-based security: http://www.waterken.com/dev/Web/ ___ p2p-hackers mailing list [EMAIL PROTECTED] http://zgp.org/mailman/listinfo/p2p-hackers ___ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Three NIST Special Pubs for Review (Forwarded)
--- Forwarded Message Date: Thu, 21 Apr 2005 13:29:28 -0400 To: [EMAIL PROTECTED] From: Elaine Barker [EMAIL PROTECTED] Subject: Three NIST Special Pubs for Review There are three NIST Special Publications available for public review and comment: SP 800-38B: As part of NIST's ongoing effort to update and develop modes of operation for use with the AES algorithm, NIST intends to recommend either the Galois Counter Mode (GCM) or the Carter-Wegman + Counter (CWC) mode. GCM and CWC are modes for authenticated encryption with associated data, combining Counter mode confidentiality with authentication that is based on a universal hash algorithm. Both GCM and CWC are parallelizable. The submission documents specifying GCM and CWC are available through the modes home page, http://nist.gov/modeshttp://nist.gov/modes. NIST invites comments on these two modes, including comments on intellectual property matters, by June 1, 2005, at mailto:[EMAIL PROTECTED][EMAIL PROTECTED] SP 800-57, Parts 1 and 2: Drafts of NIST Special Publication 800-57 Recommendation for Key Management, Parts 1 and 2 are available for public comment at http://csrc.nist.gov/publications/drafts.htmlhttp://csrc.nist.gov/publications/drafts.html. This Recommendation provides cryptographic key management guidance. Part 1 provides guidance and best practices for the management of cryptographic keying material. Comments will be accepted on Part 1 until June 3, 2005. Please send comments to mailto:[EMAIL PROTECTED][EMAIL PROTECTED], with Comments on SP 800-57, Part 1 in the subject line. Part 2 provides guidance on policy and security planning requirements for U.S. government agencies. Reviewers of Part 2 should note that a number of the security planning documents referenced in this part of SP 800-57 are undergoing review and revision. It is anticipated that Part 2 will be updated to reflect these revisions. Comments will be accepted on Part 2 until May 18, 2005. Please send comments to mailto:[EMAIL PROTECTED][EMAIL PROTECTED], with Comments on SP 800-57, Part 2 in the subject line. Elaine Barker 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Phone: 301-975-2911 --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Spying: Giving Out U.S. Names
http://www.msnbc.msn.com/id/7614681/site/newsweek/print/1/displaymode/1098/ MSNBC.com Spying: Giving Out U.S. Names Newsweek May 2 issue - The National Security Agency is not supposed to target Americans; when a U.S. citizen's name comes up in an NSA intercept, the agency routinely minimizes dissemination of the info by masking the name before it distributes the report to other U.S. agencies. But it's now clear the agency disseminates thousands of U.S. names. U.N. ambassador nominee John Bolton told a Senate confirmation hearing he had requested that U.S. names be unmasked from NSA intercepts on a handful of occasions; the State Department said he had made 10 such requests since 2001, and that the department as a whole had made 400 similar requests over the same period. But evidence is emerging that NSA regularly supplies uncensored intercepts, including named Americans, to other agencies far more often than even many top intel officials knew. According to information obtained by NEWSWEEK, since January 2004 NSA received-and fulfilled-between 3,000 and 3, 500 requests from other agencies to supply the names of U.S. citizens and officials (and citizens of other countries that help NSA eavesdrop around the world, including Britain, Canada and Australia) that initially were deleted from raw intercept reports. Sources say the number of names disclosed by NSA to other agencies during this period is more than 10,000. About one third of such disclosures were made to officials at the policymaking level; most of the rest were disclosed to other intel agencies and, perhaps surprisingly, only a small proportion to law-enforcement agencies. Civil libertarians expressed dismay at the numbers. An official familiar with NSA procedures insisted the agency maintains careful logs of all requests for U.S. names and doles out such info only after agency officials are satisfied that the requester needs the information [and that it's] necessary to understand the foreign intelligence or assess its importance. -Mark Hosenball -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
From [IP] i secure cell phone via software
Interesting encrypted VoIP application for Symbian GSM phones. Peter Trei -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David Farber Sent: Monday, April 25, 2005 9:58 AM To: Ip Subject: [IP] i secure cell phone via software http://www.silentel.sk/default.php?lang=2 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Export controls kill Virgin SpaceShipTwo
http://www.spacedaily.com/news/spacetravel-05y.html First crypto, now space travel. The lunatics in Washington are working hard to drive another industry that's critical to US interests overseas. Did they think that after collecting $20M in prepayments from passengers, Sir Richard Branson would give up, on orders from DC? No, he'll clone Rutan's work somewhere else, as best he can, and build a space industry where it's welcome. Either that, or Rutan will take his head and export it to where he can run a business without interference. John Red Tape For SpaceShipTwo by Irene Mona Klotz Cape Canaveral (UPI) Apr 26, 2005 ... The problem is U.S. export controls issues ... At this point, due to uncertainty about possible licensing requirements, we are not able to even view Scaled Composites' designs for the commercial space vehicle, Whitehorn said. After U.S. government technology-transfer issues are clarified and addressed if deemed necessary, we hope to place a firm order for the spacecraft. ... Despite a price tag of $200,000, about 100 people have signed contracts for rides on Virgin Galactic's spaceliner and agreed to pay the money upfront, while another 29,000 or so aspiring astronauts have agreed to put down deposits of $20,000 each. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
calling all French-reading cryptologers - Kerckhoff's 6 principles needs a translation
It's been a year or so since this was raised, perhaps there are some French reading cryptologers around now? -- Forwarded Message -- Financial Cryptography Update: HCI/security - start with Kerckhoff's 6 principles May 01, 2005 http://www.financialcryptography.com/mt/archives/000454.html It seems that interest in the nexus at HCI (human computer interface) and security continues to grow. For my money I'd say we should start at Kerckhoff's 6 principles. http://www.financialcryptography.com/mt/archives/000195.html Now, unfortunately we have only the original paper in French, so we can only guess at how he derived his 6 principles: http://www.petitcolas.net/fabien/kerckhoffs/index.html Are there any French crypto readers out there who could have a go at translating this? Kerckhoff was a Dutchman, and perhaps this means we need to find Dutch cryptographers who can understand all his nuances... Nudge, nudge... (Ideally the way to start this, I suspect, is to open up a translation in a Wiki. Then, people can debate the various interpretations over an evolving document. Just a guess - but are there any infosec wikis out there?) -- Powered by Movable Type Version 2.64 http://www.movabletype.org/ --- -- http://iang.org/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Conference: APPLIED CRYPTOGRAPHY and NETWORK SECURITY (ACNS 2005)
The following message is being forwarded to you at the request of Rebecca Wright. *** C A L L F O RP A R T I C I P A T I O N -- Conference: APPLIED CRYPTOGRAPHY and NETWORK SECURITY (ACNS 2005) - Location: COLUMBIA UNIVERSITY, NEW YORK CITY, NEW YORK, USA Dates: JUNE 7-10, 2005 - We invite you to participate in the Third Annual Conference on Applied Cryptography and Network Security (ACNS 2005). This international conference features original research papers on scientific and technical aspects of cryptology and network security and is the third in its series. There are two tracks at ACNS: a research-oriented papers track (that will appear as a Springer's LNCS proceedings available at the conference) and an industrial/ short papers track (that will appear as a pre-proceedings and will be available at the conference as well). The latter has an emphasis on practical applications. In addition, invited talks by leading experts in the field, covering various recent developments, will be presented. It has been quite a while since there was a major full conference dedicated to cryptography and security in the New York City Metropolitan Area (a kind of NewYorCrypt), and ACNS 2005 is just it! It will enable an advanced forum on cryptography and security in the setting of New York City in one of the best time of the year to be in the the city. This setting should allow the local researchers, students and industry community easy access to very current issues and topics, and should attract international participants as well. The details about the program, the committee, registration details and additional information is available at: http://acns2005.cs.columbia.edu We believe that members of the scientific and technical industry community who will participate will enjoy a high level scientific event in the promising setting of NYC in June. John Ioannidis, Angelos Keromytis and Moti Yung General and Program Chairs, ACNS2005 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Network World: 10-node Quantum Crypto net under Boston streets
NETWORK WORLD NEWSLETTER: OPTICAL NETWORKING 05/04/05 Today's focus: Hooked on photonics By Amy Schurr CAMBRIDGE, MASS. - Chip Elliott is every hacker's worst nightmare. Elliott, principal scientist at BBN Technologies, leads a team building the world's first continuously operating quantum cryptography network, a 12-mile snoop-proof glass loop under the streets of Boston and Cambridge. Quantum cryptography uses single photons of light to distribute keys to encrypt and decrypt messages. Because quantum particles are changed by any observation or measurement, even the simplest attempt at snooping on the network interrupts the flow of data and alerts administrators. While the technology is still in the pilot stage, Elliott envisions a day when quantum cryptography will safeguard all types of sensitive traffic. It's not going to overnight replace everything we have, he says. But it will be used to augment current technologies. Defense funding BBN's research is funded by the Pentagon's Defense Advanced Research Projects Agency , so it's likely the government would be first in line to roll out the super-secure technology. Elliott predicts financial firms will deploy quantum cryptography within a few years and estimates that businesses in general will deploy within five years. The technology also could move to the consumer market - for example, in a fiber-to-the-home scenario to protect the network between a home and service provider. People think of quantum cryptography as a distant possibility, but [the network] is up and running today underneath Cambridge, Elliott says. The team of nine researchers from BBN, four from Boston University and two from Harvard University, have put together a set of high-speed, full-featured quantum cryptography systems and has woven them together into an extremely secure network, he says. The system is essentially two networks - one for quantum key distribution and one that carries the encrypted traffic. And although it's probably the world's most secure network, it's not protecting any real secrets, at least not yet. For this pilot phase, BBN encrypts normal Internet traffic such as Web pages, Webcam feeds and e-mail. The network has 10 nodes. Eight are at BBN's offices in Cambridge, one is at Harvard in Cambridge, and another is across the Charles River at BU's Photonics Center. In keeping with the traditional naming convention that IT security professionals use, the nodes are named Alice, Bob, Ali, Baba, Amanda, Brian, Anna, Boris, Alex and Barb. For the complete story, please go to: http://www.networkworld.com/news/2005/050205widernet.html?nlo ___ To contact: Amy Schurr Amy Schurr is an editor for Network World's Management Strategies and Features sections. If you have any career topics you'd like her to cover or want to comment on this newsletter, you can reach her at mailto:[EMAIL PROTECTED]. Copyright Network World, Inc., 2005 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [Lucrative-L] double spends, identity agnosticism, and Lucrative
From: Patrick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Lucrative-L] double spends, identity agnosticism, and Lucrative Date: Tue, 29 Apr 2003 14:46:48 -0600 Importance: Normal Sender: [EMAIL PROTECTED] A quick experiment has confirmed the obvious: when a client reissues a coin at the mint, both the blinded and its unblinded cousin are valid instruments to the Lucrative mint. Example: Alice uses the Mint's API to reissue a one-dollar note, blinding the coin before getting a signature, and unblinding the signature afterwards. She's left with both a blinded and a non-blinded version of the coin. The mint believes they are both valid. Instant, unlimited inflation. I believe the solution to this is to have the mint track both spent coins and issued coins (that is, it automatically cancels coins it issues, before the client receives them). The client is left with no choice but to go through a blinding and unblinding process in order to have a usable coin. This seems to make identity-agnostic cash difficult or impossible, at least with Lucrative: http://www.io.com/~cman/agnostic.html, http://cypherpunks.venona.com/date/1995/09/msg00197.html . Since the patent expires shortly, the legal reason for identity agnostic cash has expired. Today, if you don't want the overheads of tracking your customers, the solution is that you can refrain from tracking your customers. Whatever happened to Lucky Green's patent party - I keep sending him emails, get no response. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[p2p-hackers] ePOST: Secure, Severless Email
--- begin forwarded text Date: Thu, 5 May 2005 15:09:15 -0500 (CDT) From: Alan Mislove [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [p2p-hackers] ePOST: Secure, Severless Email Reply-To: Peer-to-peer development. [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] As some of you may know, the FreePastry group at Rice University is developing ePOST, a secure, decentralized, p2p email system. The service is provided cooperatively by the user's desktop computers, and ePOST provides better security and fault tolerance than existing email systems. Email exchanged between ePOST users is cryptographically sealed and authenticated and the service remains available even when traditional mail servers have failed. ePOST gives users plenty of email storage (users can use as much as they contribute of their own disk space). Moreover, users don't have to entrust their email to a commercial provider, who may mine thier data, target them with advertisement or start charging them once they're hooked. ePOST has been running as the primary email system for members of our group for over a year. ePOST works by joining a peer-to-peer network running a personal IMAP and SMTP server on your desktop, which is only for your email. ePOST is backward compatible with existing email systems, and your ePOST email address works just like a normal email address - you can send and receive messages from non-ePOST users. Additionally, you can use your existing email clients with ePOST, since ePOST provides standard IMAP and POP3 servers. A few of other features of ePOST are: - support for SSL connections - a data durability layer called Glacier, providing durability with up to 60% member node failures - support for laptops and machines behind NATs - support for networks with routing anomalies More information about ePOST is available at http://www.epostmail.org/. We now welcome additional ePOST users. If you are interested in seting up an ePOST account, please follow the installation instructions posted at http://www.epostmail.org/install.html. Most ePOST users have set up mail forwarding so that a copy of incoming mails are kept on their normal mail server, in addition to being forwarded to their ePOST account. We recommend this setup until ePOST is no longer in beta status, although we have not found an instance yet where using this backup was necessary to recover a lost email. Also, please let us know if you are interested in running a local ePOST ring at your institution. Running such a ring allows organizations to ensure all overlay traffic remains internal to the organization, while maintaining global connectivity. More information on running an organizational ring is available at http://www.epostmail.org/deploy.html. We are currently collecting high-level statistics from all of the ePOST nodes in our deployment for research purposes. These statistics concern the number of overlay messages sent and the amount of data stored on disk. We are not recording the plain text of emails, nor are we examining which users are exchanging emails. If the collection of statistics would prevent you from using ePOST, please don't hesitate to contact us, and we can turn these features off for you. Thanks again for your help, and don't hesitate to ask us any questions, comments, or suggestions, Alan Mislove, Ansley Post, Andreas Haeberlen, and Peter Druschel ([EMAIL PROTECTED]) ___ p2p-hackers mailing list [EMAIL PROTECTED] http://zgp.org/mailman/listinfo/p2p-hackers ___ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Export controls: US wants to export-license fundamental research again
The export control snakes are trying to crawl out of their snakepit again. By tiny wording changes, they're trying to overturn the exemptions that protect First Amendment activity from being restricted by the export controls. We have until May 27 to file written comments. Remember that the government voluntarily changed the export controls after losing the Bernstein case on First Amendment grounds. Now the hawks want to change them back. They've been quietly writing up Inspector General reports for years. Here's the latest: http://www.oig.doc.gov/oig/reports/2004/BIS-IPE-16176-03-2004.pdf Here's the proposed regs: http://www.regulations.gov/freddocs/05-06057.htm Send comments to: To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] (please) Subject: RIN 0694-AD29 By replacing an and with an or, they want to require every university, research lab, and company to be required to segregate foreign students, researchers, scientists, and staff from the Honest Amurricans. This is to keep these evil furriners away from fast computers, oscilloscopes, and even GPS systems -- even if the foreigner is doing fundamental research protected by the First Amendment. This includes censorship of the *manuals* for anything export-controlled. It's the same old definition game they played with crypto exports: technology means anything, and export means let a foreigner see, therefore the ban on exporting technology translates to: foreigners can't see anything. Even in this country. The Commerce Dept. needs to hear, loud and clear, that if the regulations restrict fundamental research, the REGULATIONS should be changed, not the fundamental research. The Inspector General who recommended that the export controls be tightened needs to be reminded that he supposedly works for a free country. I suggest citing the fact that a US appeals court decided that the export controls were a prior restraint on free expression and violated the First Amendment when applied to scientists and educators doing fundamental research (Bernstein v. USDoJ): http://www.eff.org/Privacy/Crypto_export/Bernstein_case/Legal/19990506_circuit_decision.html (later withdrawn by the court due to Justice Dept. trickery). A later appeals court held that the First Amendment protected the publication of software from the export controls, though it did not decide what level of scrutiny was appropriate: Junger v. Daley, 209 F.3rd 481 (6th Cir. 2000): http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=6thnavby=caseno=00a0117p In the recent shenanigans, Commerce Dept. inspectors visited NIST and NOAA, and found that even though both agencies are doing fundamental research, the inspectors think these agencies should have to segregate foreign researchers and get deemed export licenses for their research. They were shocked to discover one German machine tool at NIST's Manufacturing Engineering Lab, and two fermenters at universities, that foreigners aren't allowed to have. They were also shocked to find that the operating manual for the machine tool was right there next to the machine! They suggested that if a foreign resercher MERELY READ the manual, that an illegal deemed export would have occurred. Reading NIST's response on PDF pages 55-59 is very enlightening; the inspectors' report deliberately twists the situation to make it look far worse than it was. It reminds me of the Wen Ho Lee case. (By the way, the inspectors censored half a sentence from their own report on PDF page 42, numbered page 32 at the bottom of the page. The text behind the censorship reads In addition, the 5-axis machine tool is located immediately to the right of the entrance to the machine shop and is not segregated from other equipment. The report also included two uncensored color photos of the machine, in case you were a foreigner wondering how to identify it. It's so comforting to know that highly competent security professionals like this are in charge of censoring all scientific research in the country.) The inspectors also claim that because the Bush White House forced a pre-review policy on publication of government scientific research that might help terrorists, the First Amendment fundamental research definition no longer applies to NIST -- even though the pre-review has never turned down a paper yet. The Inspector General's report never once mentions the First Amendment. E.g. on page 23, it says: The rationale for eliminating foreign nationals with permanent resident status from deemed export controls appears to have been that persons who hold such status have made a committment to the United States and most likely will not return home. Actually, the issue is that permanent residents have the same First Amendment rights that citizens do. This includes freedom of inquiry (the right to do research) and the right to publish the results. These inspectors instead seem to follow the Lt. Calley burn the village in order to save it model.
THE SIXTH ACM CONFERENCE ON ELECTRONIC COMMERCE (EC-05)
This message is being forwarded to you on behalf of Joan Feigenbaum, Yale University, DIMACS Member *** THE SIXTH ACM CONFERENCE ON ELECTRONIC COMMERCE (EC-05) Registration now Open! See Accepted Papers, Workshops, Tutorials, below. June 5-8, 2005, Vancouver, Canada http://www.acm.org/ec05 Registration is now open for ACM EC-05! Early registration ends May 16th, so sign up now at: http://www.acm.org/sigs/sigecom/ec05/registrations.shtml Since 1999 the ACM Special Interest Group on Electronic Commerce (SIGECOM) has sponsored the leading scientific conference on advances in theory, systems, and applications for electronic commerce. Below is the schedule for the 4 tutorials, 1 workshop, and 32 papers accepted for ACM EC-05. For additional information, please visit: http://www.acm.org/ec05. This year, ACM EC-05 will be held from Sunday, June 5 through Wednesday, June 8, 2005 at the Vancouver Marriott Pinnacle resort, a first-class hotel located downtown in the stunning city of Vancouver, Canada. For more information about the conference surroundings, visit Vancouver's tourism Web site: http://www.tourismvancouver.com *** Tutorials http://www.acm.org/sigs/sigecom/ec05/tutorials.shtml Sun, Jun 5, 2005 - Morning 1) Optimal Mechanism Design without Priors - Jason Hartline 2) Trading Agent Design and Analysis - Michael P. Wellman Sun, Jun 5, 2005 - Afternoon (two one-hour talks) 1) Polynomial Time Algorithms for Market Equilibria - Kamal Jain and Vijay Vazirani 2) Algorithms for Combinatorial Auctions and Exchanges - Tuomas Sandholm *** Workshop http://research.yahoo.com/~pennockd/ext/ssa/ Sun, Jun 5 2005 - All Day Workshop on Sponsored Search Auctions - David Pennock and Kursad Asdemir *** Final program MONDAY 08:30 - 10:10 Ranking Systems: The PageRank Axioms Alon Altman, Moshe Tennenholtz Weak monotonicity suffices for truthfulness on convex domains Michael Saks, Lan Yu Marginal Contribution Nets: A Compact Representation Scheme for Coalitional Games Samuel Ieong, Yoav Shoham Cost Sharing in a Job Scheduling Problem Using the Shapley Value Debasis Mishra, Bharath Rangarajan 10:10 - 10:40 BREAK 10:40 - 12:20 Interconnected Communication Networks Provisioned Selfishly Pedro Ferreira, Marvin Sirbu Hidden-Action in Multi-Hop Routing Michal Feldman, John Chuang, Ion Stoica, Scott Shenker Content Availability, Pollution and Poisoning in Peer-to-Peer File Sharing Networks Nicolas Christin, Andreas Weigend, John Chuang A Price-Anticipating Resource Allocation Mechanism for Distributed Shared Clusters Michal Feldman, Kevin Lai, Li Zhang 12:20 - 02:00 LUNCH 02:00 - 03:00 Invited Speaker: Ehud Kalai, Northwestern University 03:00 - 03:30 BREAK 03:30 - 05:10 Nearly Optimal Multi Attribute Auctions Amir Ronen, Daniel Lehmann Optimal Design of English Auctions with Discrete bid Levels Esther David, Alex Rogers, Nicholas Jennings, Jeremy Schiff, Sarit Kraus Robust Solutions for Combinatorial Auctions Alan Holland, Barry O'Sullivan Online Auctions with Re-usable Goods Mohammad Taghi Hajiaghayi, Robert D. Kleinberg, Mohammad Mahdian, David Parkes TUESDAY 08:30 - 10:10 First-Price Path Auctions Nicole Immorlica, David Karger, Evdokia Nikolova, Rahul Sami From Optimal Limited to Unlimited Supply Auctions Robert McGrew, Jason Hartline True Costs of Cheap Labor Are Hard To Measure: Edge Deletion and VCG Payments in Graphs Edith Elkind Multi-unit auctions with budget-constrained bidders Christian Borgs, Jennifer Chayes, Nicole Immorlica, Mohammad Mahdian, Amin Saberi 10:10 - 10:40 BREAK 10:40 - 12:20 Graceful Service Degradation (or, How to Know your Payment is Late) Alexandr Andoni, Jessica Staddon Privacy-Preserving Credit Checking Keith Frikken, Mikhail Atallah, Chen Zhang Dynamic and Secure B2B E-contract Update Management Samuil Angelov, Sven Till, Paul Grefen Secure Distributed Human Computation Craig Gentry, Zulfikar Ramzan, Stuart Stubblebine 12:20 - 02:00 LUNCH 02:00 - 03:00 Invited Talk: Jennifer Rexford, Princeton University 03:00 - 03:30 BREAK 03:30 - 05:10 Communication Complexity of Common Voting Protocols
[Fwd] Advances in Financial Cryptography - First Issue
Advances in Financial Cryptography - First Issue May 11, 2005 https://www.financialcryptography.com/mt/archives/000458.html I'm proud to announce our first issue of Advances in Financial Cryptography! These three draft papers are presented, representing a wide range of potential additions to the literature: Daniel Nagy, On Secure Knowledge-Based Authentication Adam Shostack, Avoiding Liability: An Alternative Route to More Secure Products Ian Grigg, Pareto-Secure [snip]... Click on: https://www.financialcryptography.com/mt/archives/000458.html to see the full story. (You'll have to battle the cert or drop the https == http as I am trying to get SSL going for the blog). iang -- http://iang.org/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Devices detect caches of cash
http://www.cnn.com/2005/TECH/05/11/money.sniffers.ap/index.html CNN Inventions developed for Immigration and Customs Enforcement Wednesday, May 11, 2005 Posted: 12:43 PM EDT (1643 GMT) Engineer Dennis Kunerth uses a device to detect metal components that distinguish U.S. currency from counterfeit bills, at the Idaho National Laboratory. IDAHO FALLS, Idaho (AP) -- Ah, the smell of money -- there's nothing quite like it. Some people, in fact, may soon be looking for ways to mask the special odor. Drug traffickers who ship profits abroad in suitcases are not apt to be thrilled with some inventions developed by federal scientists at the Idaho National Laboratory. One sniffs the air -- it can pick up a stack of bills from about 10 feet away -- for currency's chemical signature. Another beams electrons through packages or luggage to detect trace metals in the green ink. And a third project, not yet started, would scan serial numbers of individual bills into a database. It's unclear whether the legal system would view seized bills found through the devices as admissible, and privacy advocates fear such inventions would infringe on civil liberties if adopted. The cash sniffer is actually a gas chromatograph about the size of a cordless hand vacuum. Here's how it works: Take a crisp $20 bill out of your wallet and put it up to your nose. That sweet, slightly acidic aroma is actually microscopic molecules of ink and paper landing on the nerve receptors inside your nose. The device works in nearly the same way, but with much higher sensitivity. Airborne molecules land on a sensor. If enough molecules are detected, the device emits an alert. The lab's lead scientist, Keith Daum, said a trained dog can do the same thing -- even better -- but not consistently and not over a long period. The other, about the size of a small airport X-ray scanner, looks for elemental metals used in the green ink. Radioactive rays strike the metals and turn into gamma rays, which are then measured by the machine. The more gamma rays detected, the higher the volume of cash bills. The machines were developed with funding from Immigration and Customs Enforcement agency. Its parent, the Department of Homeland Security, is analyzing them and submitting them to additional testing. Of course, carrying cash -- even large amounts of it -- is not illegal; though there is a limit of $10,000 in cash anyone may carry in or out of the United States. Still, intercepting large sums of money would at least put a dent in the drug trade, argued lab spokesman Ethan Huffman. Money is always the incentive to bring drugs across the borders, Huffman said. If we can devise solutions to aid customs and border patrols in stopping that, then that limits it. The third device looks like a typical bill counter used by banks. On the back of the machine, though, an add-on box about the size of a file folder reads and stores the serial numbers of every bill it counts. The machine is of little strategic value by itself. But if it was distributed worldwide, and if there was a database of serial numbers, it would become possible to trace money across the globe. That worries people such as Melissa Ngo of the Washington-based Electronic Privacy Information Center. This is just another step toward a complete lack of anonymity, Ngo said. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
1st TIPPI Workshop
Trustworthy Interfaces for Passwords and Personal Information The following message is being forwarded at the request of Burt Kaliski, RSA Security and Dan Boneh, Stanford University. * 1st TIPPI Workshop Trustworthy Interfaces for Passwords and Personal Information Sponsored by the PORTIA project Date: June 13th, 2005 Location: Stanford University, Gates Computer Science Building, Room B12 Organizers: Burt Kaliski, RSA Security Dan Boneh, Stanford University Workshop Purpose Despite tremendous advances in computer technology in general and information security in particular, users still typically provide personal information and credentials such as passwords the same way they did 30 years ago: through a text interface that they assume they can trust. Today, that trust assumption clearly can no longer be relied on. Many security protocols have been proposed to protect credentials and personal information, but few are used in practice. A major reason is that the protocols have not been implemented in a way that ensures that they are actually used. For instance, a rogue Web site can still just ask the user for her password, regardless of how sophisticated a protocol the correct site employs. The purpose of the workshop is to facilitate an effective solution to these problems by bringing together the designers of the cryptographic protocols with the implementers of the user interfaces. Ideally, a user should have confidence that when she provides a password or other personal information, she can trust the interface she interacts with to protect her data from misuse - even if an attacker happens to be the one that asked her to provide it. In short, our hope is that the workshop will motivate a trend where trustworthy interfaces for passwords and personal information - TIPPI - are the typical ones in our industry. Speakers Current confirmed speakers include: Todd Inskeep, Bank of America. Roots of Trusted Interfaces and the User Experience. Dave Jevans, Anti-Phishing Working Group Ramesh Kesanupalli, Phoenix Technologies. Solutions for Secure and Trustworthy Authentication. Steve Myers, Indiana University Delayed Password Disclosure. Submissions: We welcome additional presentations, both long (30 minutes) and short (10 minutes). If you would like to give a presentation, please send us a proposed title and abstract by May 15. There will be no proceedings, but presentations and research papers (if available) will be posted on the Web. More Information: For more information, please contact Burt Kaliski http://www.rsasecurity.com/rsalabs/node.asp?id=2017 or Dan Boneh http://crypto.stanford.edu/~dabo/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Invalid banking cert spooks only one user in 300
Invalid banking cert spooks only one user in 300 Stephen Bell, Computerworld 16/05/2005 09:19:10 Up to 300 New Zealand BankDirect customers were presented with a security alert when they visited the bank's website earlier this month - and all but one dismissed the warning and carried on with their banking. The rest of the story is at http://www.pcworld.idg.com.au/index.php/id;1998944536;fp;2;fpid;1 or http://www.computerworld.co.nz/news.nsf/0/FCC8B6B48B24CDF2CC2570020018FF73?OpenDocumentpub=Computerworld (PC World Australia or ComputerWorld NZ). To provide a little more background information, BankDirect is an online-only offshoot of another bank (ASB) that's targeted at computer-savvy users who don't need (or want) the expense of a standard bricks-and-mortar account. There are no branches, and payment is done electronically at the point of sale (EFTPOS) and managed via the Internet or a cellphone, thus the (apparently) low number of accesses - you'd generally rarely need to access it over the net. So in other words the number of computer-savvy users who were stopped by an invalid server cert at a banking site was essentially zero. To quote the article again: Peter Benson, chief executive of Auckland-based Security-Assessment.com, says he is not at all surprised at the statistics. In my experience, the single weakest point in the chain of [computer] security is the space between the keyboard and the floor. A lot more education of users in responding appropriately to security alerts is needed, he says. Looks like we have a long way to go in making effective security usable. Note that if the same site had used TLS-PSK (http://www.ietf.org/internet-drafts/draft-ietf-tls-psk-08.txt) instead of straight passwords over TLS, and had this been malicious spoofing instead of just an accident, none of this would have been possible (TLS-PSK provides mutual authentication of both parties before any sensitive information is exchanged, so even if the user ignores the warning, they won't be able to communicate with a spoofed site). Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
What happened with the session fixation bug?
-- PKI was designed to defeat man in the middle attacks based on network sniffing, or DNS hijacking, which turned out to be less of a threat than expected. However, the session fixation bugs http://www.acros.si/papers/session_fixation.pdf make https and PKI worthless against such man in the middle attacks. Have these bugs been addressed? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG vPV62zjEtpTJHTV5lKXu2Sw+/5fke2gh9AwPeqQj 4oqqXlvYYKn9rR63ZsSEEjgV5fVyWT9+e6YttP3G/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
New cipher used by iTunes
I took a look at the new cipher used in iTunes 4.7, and spent some time reducing it. The algorithm appears to have a similar structure to a 10-round Twofish variant with fixed S-boxes, optimized via precomputed tables. I have not fully analyzed what the permutation matrix and polynomial are, though. There are a couple of strange changes. E.g., they had put the IV mixing between the pre-whitening and post-whitening, but this turned out to effectively cancel out and be equivalent to an altered version with a more traditional CBC structure. I'm including the current working implementation, along with some test vectors, if anyone else wants to take a look at it. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Malaysia car thieves steal finger
R.A. Hettinga wrote: Police in Malaysia are hunting for members of a violent gang who chopped off a car owner's finger to get round the vehicle's hi-tech security system. Good to know that my amputationware meme was not just paranoia. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[ADMIN] multi-moderator software?
Your humble moderator asks... Does anyone know of a mailing list system that handles having multiple, rotating moderators cleanly? I'd like to avoid many-week delays like the one I've just caused. Perry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Garfinkel analysis on Skype withdrawn?
Hi, I found Garfinkel's paper here: http://www.tacticaltech.org/files/Skype_Security.pdf Cheers, Gary Smith -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ian G Sent: Sunday, April 10, 2005 9:02 AM To: cryptography@metzdowd.com Subject: Garfinkel analysis on Skype withdrawn? Has anyone got a copy of the Skype analysis done by Simson Garfinkel? It seems to have disappeared. Original Message Subject: Simson Garfinkel analyses Skype - Open Society Institute Date: Sun, 10 Apr 2005 10:32:44 +0200 From: Vito Catozzo Hi I am Italian, so forgive any possible error or whatever regards the English language. I read your article on mail-archive.com (http://www.mail-archive.com/cryptography@metzdowd.com/msg03305.html) and I am so interested in reading what Simson Garfinkel has written about skype. Unfortunately the link you posted in the message is now broken (http://www.soros.org/initiatives/information/articles_publications/articles /security_20050107/OSI_Skype5.pdf). If you have this article saved on your hard disk could you please send it to me? Best regards Vito Catozzo -- News and views on what matters in finance+crypto: http://financialcryptography.com/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [Lucrative-L] double spends, identity agnosticism, and Lucrative
James A. Donald wrote: From: Patrick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Lucrative-L] double spends, identity agnosticism, and Lucrative Date: Tue, 29 Apr 2003 14:46:48 -0600 Importance: Normal Sender: [EMAIL PROTECTED] A quick experiment has confirmed the obvious: when a client reissues a coin at the mint, both the blinded and its unblinded cousin are valid instruments to the Lucrative mint. Example: Alice uses the Mint's API to reissue a one-dollar note, blinding the coin before getting a signature, and unblinding the signature afterwards. She's left with both a blinded and a non-blinded version of the coin. The mint believes they are both valid. Instant, unlimited inflation. I believe the solution to this is to have the mint track both spent coins and issued coins (that is, it automatically cancels coins it issues, before the client receives them). The client is left with no choice but to go through a blinding and unblinding process in order to have a usable coin. This seems to make identity-agnostic cash difficult or impossible, at least with Lucrative: http://www.io.com/~cman/agnostic.html, http://cypherpunks.venona.com/date/1995/09/msg00197.html . Would do if it were true - this is exactly why unblinded lucre coins have structure - that is, you can check that they are well-formed by doing hash operations on them. Blinded coins will fail these checks. I forget the exact form of lucre coins (read the paper), but consider the construction x || H(x) - clearly only the unblinded version of this will have the right form. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: What happened with the session fixation bug?
James A. Donald wrote: -- PKI was designed to defeat man in the middle attacks based on network sniffing, or DNS hijacking, which turned out to be less of a threat than expected. However, the session fixation bugs http://www.acros.si/papers/session_fixation.pdf make https and PKI worthless against such man in the middle attacks. Have these bugs been addressed? Do they exist? Certainly any session ID I've ever had a hand in has two properties that strongly resist session fixation: a) If a session ID arrives, it should already exist in the database. b) Session IDs include HMACs. Session fixation is defeated by either of these. Modulo insider attacks, of course. :-) -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Malaysia car thieves steal finger
On Friday 20 May 2005 19:22, Ben Laurie wrote: R.A. Hettinga wrote: Police in Malaysia are hunting for members of a violent gang who chopped off a car owner's finger to get round the vehicle's hi-tech security system. Good to know that my amputationware meme was not just paranoia. https://www.financialcryptography.com/mt/archives/000440.html Photo of an advert that ran in Germany. You need German for the words but that's not necessary. iang -- Advances in Financial Cryptography: https://www.financialcryptography.com/mt/archives/000458.html - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
DES FIPS is finally withdrawn.
At long last, the DES FIPSes are withdrawn: http://cryptome.org/nist051905.txt Perry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]