Re: Cross logins
On Wed, Aug 03, 2005 at 03:15:00PM -0700, James A. Donald wrote: -- Is it possible for two web sites to arrange for cross logins? The goal is that if someone is logged into website https://A.com as user127, and then browses to https://B.com/A_com_registrants, he will be automatically logged in on b.com as [EMAIL PROTECTED] This requires B to trust A, and trust requires a shared key or equivalently a trusted introducer. Given a shared key, A is able to sign (shared secret HMAC, public/private keys or signed Kerberos message) assertions about the user for B's consumption. The signature can be in a referral URL. http://A.com/federated_login.cgi?d=B.comuser=user127expiration=epochtimesignature=base64dataurl=... Absent a valid cookie for a B session, B redirects the user to A's federated login generator page (passing B's name and the url the user wanted), and A redirects the user back to B's federated login verification page passing back the authentication data and the original url, so the user is taken to the right place after the credentials are verified. -- /\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAILMorgan Stanley confidentiality or privilege, and use is prohibited. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cross logins
Is it possible for two web sites to arrange for cross logins? Check out SAML, esp the browser artifact profile. /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [Clips] Escaping Password Purgatory
On 8/3/05, [EMAIL PROTECTED] (R.A. Hettinga) quoted: http://www.forbes.com/2005/08/03/usps-password-casestudy-cx_de_0803password_print.html Forbes Computer Hardware Software Escaping Password Purgatory David M. Ewalt, 08.03.05, 3:00 PM ET ... I think I have passwords for over 47 different applications both internal and external that I access, and I've acquired those IDs and passwords over several years, says Wayne Grimes, manager of customer care operations for the U.S. Postal Service. Try Site Password, http://www.hpl.hp.com/personal/Alan_Karp/site_password/. It takes a good master password, and a site name, and hashes them together to produce a site-specific password. Cheers - Bill - Bill Frantz| The first thing you need | Periwinkle (408)356-8506 | when using a perimeter | 16345 Englewood Ave www.pwpconsult.com | defense is a perimeter.| Los Gatos, CA 95032 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: draft paper: Deploying a New Hash Algorithm
Steve, At 05:34 PM 7/29/2005 -0400, Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Alex Alten write s: At 08:12 AM 7/25/2005 -0400, Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Alex Alten write s: Steve, This also seems to be in conjunction with the potential switch over from RSA et al. to ECC for PKI, etc. Yes, Eric and I have been talking about that, and we'll add some discussion of that to the next version of the paper. Variable output is really needed too, say 16, 32, 64, 128, 256 and 512 bits. And on the wishful side, the ability to optimize compression across multiple CPUs. That's completely orthogoal to what the paper is about. We're talking about how to convert to *any* new hash algorithm; we're not concerned with which is chosen. (I confess, though, that hash outputs of less than 128 bits don't strike me as cryptographically useful except for HMAC and the like.) Sorry for going off on a tangent. Actually 32 (or even 16) bits is really useful for retrofitting old insecure protocols where you don't want to alter the header size, you only need access control, and the packets only exist for less than 100 msecs. - Alex -- - Alex Alten [Moderator's note: I have to strongly disagree. 16 bits is rarely, if ever, of any use in authentication in a modern system. Even if you think something can't live long enough to be spoofed, it usually can, and as it turns out, attackers are often cleverer than protocol designers. Crypto is too brittle to play such games with it. --Perry] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cross logins
On 8/3/05, James A. Donald [EMAIL PROTECTED] wrote: -- Is it possible for two web sites to arrange for cross logins? snippety-do-dah Does this question have a practical end in mind? If so, can you simplify matters by running both web sites on the same host? (cc-ing JAD because I never see any responses to messages sent from my GMail acct. I don't know if the GMail traffic is making it to the list.) -- There are no bad teachers, only defective children. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
[Clips] At Online Stores, Sniffing Out Crooks Is a Matter of Survival
--- begin forwarded text Delivered-To: [EMAIL PROTECTED] Date: Thu, 4 Aug 2005 09:33:22 -0400 To: Philodox Clips List [EMAIL PROTECTED] From: R.A. Hettinga [EMAIL PROTECTED] Subject: [Clips] At Online Stores, Sniffing Out Crooks Is a Matter of Survival Reply-To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] http://online.wsj.com/article_print/0,,SB112311786883304593,00.html The Wall Street Journal August 4, 2005 PAGE ONE At Online Stores, Sniffing Out Crooks Is a Matter of Survival Mr. Kugelman Gets Scammed By a Web-Site Customer; A $3,077 Platinum Chain By MITCHELL PACELLE Staff Reporter of THE WALL STREET JOURNAL August 4, 2005; Page A1 LYNBROOK, N.Y. -- Six years ago, Neil Kugelman found himself puzzling over the very first customer to arrive at the Web site he had launched to sell jewelry online. The order: a $496 men's diamond ring. The North Carolina address didn't match the address tied to the credit card. The shipping address was different still. Mr. Kugelman tried to telephone the customer, but the number didn't work. His email bounced back. He was no expert on fraud, but neither was he born yesterday. He spiked the order. Our first order -- order No. 1 -- was fraudulent, he marvels. Since then, as family-controlled Goldspeed.com Inc. grew from a basement start-up to a 10-person operation that fills more than 50,000 orders a year, Mr. Kugelman has taught himself to regard each and every customer as a potential online crook -- and with good reason. He says fraudulent orders have risen to a staggering 30% of the total, up from just 5% when he started. Over the years, Mr. Kugelman, 44 years old, got so good at sniffing out the cons that just 0.5% of his sales were lost to fraud. But a run-in he had seven months ago with a cagey crook who ordered $8,384 of flashy jewelry -- and stuck him with his largest fraud loss ever -- has left him worried that the bad guys are now gaining the upper hand. The tale of Mr. Kugelman's unsuccessful effort to discover the fraud, despite his suspicions, shows the increasing perils faced by the burgeoning online retail industry. For Mr. Kugelman and other Internet retailers, ferreting out bogus orders is a matter of survival. When a crook uses a stolen credit card in a traditional store, and the store follows proper procedures, the card-issuing bank usually swallows the loss. For online retailers, the tables are turned. Credit-card association rules dictate that merchants who accept charges from cyberspace, a riskier endeavor, must also shoulder the risk of fraud. When Mr. Kugelman began peddling everything from pearl earrings to thick gold chains over the Internet in 1998, his biggest problem was simple credit-card fraud: the use of stolen account numbers. The bogus orders were often glaringly obvious. Fraudsters ordered big and requested next-day shipping. They left fake phone numbers. They placed odd orders, such as for two engagement rings. Mr. Kugelman designed a computer system to screen incoming orders for such red flags and to bounce suspicious ones into human hands. Over time, the crooks got better. More of them stole whole identities, using purloined personal information to set up entirely new credit-card accounts. They used untraceable cellular phones, and avoided making oversized orders. When Mr. Kugelman phoned them with questions, they didn't get rattled. He fine-tuned his system, incorporating proprietary scoring guidelines based on such information as what kind of jewelry is ordered and from what part of the country the order originates. Late last year, he says, the fraudsters upped the ante. All of a sudden, Goldspeed.com was getting orders that showed no obvious signs of fraud on his computer-screening system, but seemed suspicious nonetheless. On Jan. 9, for example, when a customer placed separate orders on the same day, he thought something looked wrong. A Vincenza Wells of Detroit had ordered a $1,199 Aqua Master men's diamond watch. Four minutes later, the same customer ordered a $1,259 men's diamond and tanzanite ring. The Bank One Visa credit-card number she supplied was good for the full amount, and she had provided the validation code from the back of the card. Visa's address verification system showed a match. But the order's size, and the strange two-step ordering, had Mr. Kugelman's radar up. The next day, he called the card issuer, J.P. Morgan Chase Co., which had acquired Bank One. He says a bank representative confirmed that the name, address and phone number on the order matched the bank's own account information, except for one small detail about the address. Mr. Kugelman called his customer, who explained the disparity to his satisfaction. Mr. Kugelman called back the bank representative with the revised information. She told him that bank security had phoned Ms. Wells separately, and verified her identity. Still wary, Mr.
Re: Cross logins
* James A. Donald: Is it possible for two web sites to arrange for cross logins? SXIP is a relatively open effort in that direction. The rootsite seems to be proprietary, though. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: [Clips] Escaping Password Purgatory
On Thursday 04 August 2005 04:31, Bill Frantz wrote: Try Site Password, http://www.hpl.hp.com/personal/Alan_Karp/site_password/. It takes a good master password, and a site name, and hashes them together to produce a site-specific password. I think PwdHash also does this for browsers (probably Firefox): http://crypto.stanford.edu/PwdHash/ iang -- Advances in Financial Cryptography, Issue 2: https://www.financialcryptography.com/mt/archives/000498.html Mark Stiegler, An Introduction to Petname Systems Nick Szabo, Scarce Objects Ian Grigg, Triple Entry Accounting - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Query about hash function capability
On Thu, Aug 04, 2005 at 12:55:51PM +1000, Arash Partow wrote: Hi all, My question relates to hash functions in general and not specifically cryptographic hashes. I was wondering if there exists a group of hash function(s) that will return an identical result for sequentially similar yet rotate/shift wise dissimilar input: ie: input1 : abcdefg - h(abcdefg) = 123 input2 : gabcdef - h(gabcdef) = 123 input3 : fgabcde - h(fgabcde) = 123 Sure, just pick the lexicographically first cycle and hash that. This is an invariant of all cyclic permutations of the string. epermut - h(epermut) ermutep - h(epermut) muteper - h(epermut) permute - h(epermut) rmutepe - h(epermut) tepermu - h(epermut) uteperm - h(epermut) More generally given any automorphism group on the input strings, hashing the lexicographically smallest member of the orbit of an input string under the group gives a hash that is invariant under the group operation. -- /\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAILMorgan Stanley confidentiality or privilege, and use is prohibited. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Standardization and renewability
Hagai Bar-El wrote: [...] Up till now I could come up with three approaches to solve this problem: 1. Limit renewability to keying. Then you should study A Note About Trust Anchor Key Distribution, see http://www.connotech.com/takrem.pdf. It allows to distribute public keys to be used, if need be, at a later time in a different context. 2. Generalize the scheme (like the SPDC concept, or MPEG IPMP), more or less by making the standard part general, with non-standard profiles. 3. Standardize sets of key management methods at once, so to have spares for immediate switching. [...] -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc Canada H2M 2A1 Tel.: (514)385-5691 Fax: (514)385-5900 web site: http://www.connotech.com e-mail: [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Query about hash function capability
On Thu, 4 Aug 2005, Arash Partow wrote: My question relates to hash functions in general and not specifically cryptographic hashes. I was wondering if there exists a group of hash function(s) that will return an identical result for sequentially similar yet rotate/shift wise dissimilar input: ie: input1 : abcdefg - h(abcdefg) = 123 input2 : gabcdef - h(gabcdef) = 123 input3 : fgabcde - h(fgabcde) = 123 Here a,b,c,d,e,f,g represent symbols (ie: groups of bits with equivalent group sizes etc...) I know that one simple hash method would be to add the symbols together, but the results would also be equivalent if say the symbols were in any order, also collisions would occur with other totally dissimilar sequences that happen to have the same sum as the sequence. Is there anything out there research/papers etc, or is this a meaningless avenue of enquiry? Just sort all the rotations and use some known hash for the smallest. For example, if you start with abcab you sort abcab, babca, ababc, cabab, and bcaba, and calculate SHA1(ababc). BTW: this rotate-and-sort technique is actually used for data compression -- search for `Burrows-Wheeler Transform' if you are interested. -- Regards, ASK - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: draft paper: Deploying a New Hash Algorithm
[Moderator's note: ... attackers are often cleverer than protocol designers. ... Is that true? Or is it a combination of (a) a hundred attackers for every designer, and (b) vastly disparate rewards: continued employment and maybe some kudos for a designer or implementer, access to $1,000,000,000 of bank accounts for an attacker SRF -- There are no bad teachers, only defective children. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Cross logins
Rich Salz wrote: Is it possible for two web sites to arrange for cross logins? Check out SAML, esp the browser artifact profile. Check out Passel, which lacks the complexity of SAML: http://www.passel.org/ Peter smime.p7s Description: S/MIME Cryptographic Signature
Re: Query about hash function capability
On Aug 3, 2005, at 7:55 PM, Arash Partow wrote: My question relates to hash functions in general and not specifically cryptographic hashes. I was wondering if there exists a group of hash function(s) that will return an identical result for sequentially similar yet rotate/shift wise dissimilar input: ie: input1 : abcdefg - h(abcdefg) = 123 input2 : gabcdef - h(gabcdef) = 123 input3 : fgabcde - h(fgabcde) = 123 Here a,b,c,d,e,f,g represent symbols (ie: groups of bits with equivalent group sizes etc...) Why not just include a canonicalization step at the beginning of the hash that is designed to ignore rotation? For example, if you can define an ordering on the set of possible inputs to the hash, then you can rotate any input to the point where it is the smallest (or largest) that it can be, and then hash *that* value. Ian Clelland [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
