Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-05 Thread Kerry Thompson
[EMAIL PROTECTED] said:

 You know, I'd wonder how many people on this
 list use or have used online banking.

 To start the ball rolling, I have not and won't.

I do. Although, only from PCs that I trust such as my linux box at home.
And I keep a close watch on my bank statements.

All things considered, its safer than posting cheques or distributing your
credit card number around.


-- 
Kerry Thompson
http://www.crypt.gen.nz



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Fermat's primality test vs. Miller-Rabin

2005-12-05 Thread Sidney Markowitz
Joseph Ashwood wrote:
 Granted this is only a test of the 
 generation of 128 numbers, but I got 128 primes (based on 128 MR rounds). 

That doesn't make sense, unless I'm misinterpreting what you are saying. Primes
aren't that common, are they?

I don't have time right now to look for a bug in your code, but you could add a
sanity check that would catch a bug immediately by adding in the appropriate
spot a test like

 if (!curnum.isProbablePrime(128))
   System.out.println(Something wrong, number is not really a prime!);


to check that your primality test gets the same result as the M-R primality
test that comes with BigInteger.

 -- sidney

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-05 Thread Ian G

[EMAIL PROTECTED] wrote:

dan, maybe you should just keep less money in the bank.

i use online banking and financial services of almost every kind
(except bill presentment, because i like paper bills).  i ccannot do
without it.

it seems to me the question is how much liability do i expose myself to by
doing this, in return for what savings and convenience.  


That part I agree with, but this part:


i don't keep a lot of money in banks (why would anyone?)  -- most of
the assets are in (e.g.)  brokerage accounts.  at most  i'm exposing
a month of payroll check to an attacker briefly until it pays some
bill or is transferred to another asset account.  


George's story - watching my Ameritrade account get phished out in 3 minutes
https://www.financialcryptography.com/mt/archives/000515.html

Seems like a hopeful categorisation!

iang

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Fermat's primality test vs. Miller-Rabin

2005-12-05 Thread Joseph Ashwood
- Original Message - 
From: Sidney Markowitz [EMAIL PROTECTED]

Subject: Re: Fermat's primality test vs. Miller-Rabin



Joseph Ashwood wrote:

Granted this is only a test of the
generation of 128 numbers, but I got 128 primes (based on 128 MR rounds).


That doesn't make sense, unless I'm misinterpreting what you are saying. 
Primes

aren't that common, are they?


Apparently, they are, I'm ran a sample, but even with the added second 
sanity check, every one of them that passes a single round comes up prime.


I then proceeded to move it to 2048-bit numbers. It takes longer and the 
gaps between primes is averaging around 700 right now, but once again if it 
passes a single test it passes all 128+128. This sample is currently 
statistically completely insignificant, but even after the currently 8 tries 
I'd expect something different.
   Joe 




-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: Fermat's primality test vs. Miller-Rabin

2005-12-05 Thread Anton Stiglic

Ok after making that change, and a few others. Selecting only odd numbers 
(which acts as a small seive) I'm not getting much useful information. It 
appears to be such that at 512 bits if it passes once it passes 128 times, 
and it appears to fail on average about 120-130 times, so the sieve 
amplifies the values more than expected. Granted this is only a test of the

generation of 128 numbers, but I got 128 primes (based on 128 MR rounds). 


O.k., so if I read this right, your new results concord with the analysis of
Pomerance et al.   That would make much more sense.

When you say on average about 120-130 times the test fails, out of how
many is that?


--Anton





-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Proving the randomness of a random number generator?

2005-12-05 Thread Victor Duchovni
On Mon, Dec 05, 2005 at 02:21:02AM -0600, Travis H. wrote:

 On 12/4/05, Victor Duchovni [EMAIL PROTECTED] wrote:
  Wrong threat model. The OP asked whether the system generating random
  numbers can prove them to have been randomly generating to a passive
  observer.
 
 I didn't read it that way, but the question wasn't particularly
 well-formed. I'm not sure what you mean by prove them to have been
 randomly generat[ed].

I read the question as something akin to what an on-line gambling site
might seek to assure its customers that its dice are not loaded.

 Given your discussion of an attacker being
 able to predict the sequence due to having seen it before, it sounds a
 lot like you're talking about unpredictability.

The outcome is equally surprising to all observers, having it be
completely predictable by all observers is an uninteresting degenerate
case.

 That's the main thing
 people are looking for in cryptographic RNGs.  What kind of randomness
 or security properties are you talking about?

There is no way to prove that dice you are watching on TV are not loaded
(even if the value distribution is fair). If one gets to participate in
a verifiable protocol that rolls the dice, the picture is different.

 If the goal is truly to prove that the numbers are nondeterministic,
 then an investigation of the physical proceses involved and careful
 measurement (of the generation device, not the digital output!) is the
 only proper way to get some assurance.

Actually, even a perfect hardware RNG is of no use in convincing the
skeptical remote observer. How do you prove that the output came from said
RNG?  How do you prove that it is delayed, and that other participants
are not viewing the output a few steps ahead of the skeptical observer?

If I understood the OP's question correctly (indeed it was not precise),
the answer is that no proof is possible for a non-interactive RNG.

-- 

 /\ ASCII RIBBON  NOTICE: If received in error,
 \ / CAMPAIGN Victor Duchovni  please destroy and notify
  X AGAINST   IT Security, sender. Sender does not waive
 / \ HTML MAILMorgan Stanley   confidentiality or privilege,
   and use is prohibited.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-05 Thread Nicholas Bohm
Kerry Thompson wrote:
 [EMAIL PROTECTED] said:
 
You know, I'd wonder how many people on this
list use or have used online banking.

To start the ball rolling, I have not and won't.
 
 
 I do. Although, only from PCs that I trust such as my linux box at home.
 And I keep a close watch on my bank statements.
 
 All things considered, its safer than posting cheques or distributing your
 credit card number around.

That depends on how the risk of loss is allocated.  This can vary
between different legal systems, and may depend on the terms in force
between bank and customer.

For an exploration of this in the context of English law, see
http://elj.warwick.ac.uk/jilt/00-3/bohm.html

Nicholas Bohm
-- 
Salkyns, Great Canfield, Takeley,
Bishop's Stortford CM22 6SX, UK

Phone   01279 871272(+44 1279 871272)
Fax  020 7788 2198   (+44 20 7788 2198)
Mobile  07715 419728(+44 7715 419728)

PGP public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-05 Thread mis
On Mon, Dec 05, 2005 at 09:24:04AM +, Ian G wrote:
 [EMAIL PROTECTED] wrote:

 it seems to me the question is how much liability do i expose myself to by
 doing this, in return for what savings and convenience.  
 
 That part I agree with, but this part:
 
 i don't keep a lot of money in banks (why would anyone?)  -- most of
 the assets are in (e.g.)  brokerage accounts.  at most  i'm exposing
 a month of payroll check to an attacker briefly until it pays some
 bill or is transferred to another asset account.  
 
 George's story - watching my Ameritrade account get phished out in 3 minutes
 https://www.financialcryptography.com/mt/archives/000515.html
 
 Seems like a hopeful categorisation!
 
 iang

okay, i read this story from 7/2005 reporting an incident in 5/2005.  the short 
form of it is:

the bad guys changed the associated bank account,
then they placed orders to sell everything at market prices.
at some point they changed the email address to a hotmail account  (if they'd 
done this first he would
have gotten less notice)
for some unexplained reason he received confirmations of the trades at the old 
email address.
actual cash didn't get transfered at least because of the 3 day settlement time 
for the trades.

the rest was dealing with law enforcement and customer service punes who 
wouldn't tell him
anything for privacy reasons.  

well, i have lots of nit-picking questions, about the actual incident
and about the general point.

about the actual incident:
maybe his password was phished, maybe it was malware, 
maybe it was password reuse and some other account was phished.  
how was the bofa account set up?  (the fraudster's destination account) 
in these days of 
patriot act know your customer? (or was it someone's phished account 
also used just for transit?)

why didn't they just do the wire transfer early, and leave him with a 
giant margin balance
to be paid from the proceeds at settlement?  


about the general point:

the main thing online access changes (compared with phone access, or written
instructions) is the velocity.  
most sensible institutions provide change of account status 
notifications
by both email and postal mail (to both the old and the new addresses).
some sensible institutions put brakes on removing money from the system,
certainly for new accounts and (as i recommend to my clients) after an 
account 
change reflecting identity or control.

aside from the time and energy drain of identity theft, what is the
financial liability for consumers if your us-based brokerage account
is phished resulting in a fraudulent funds transfer?  does anyone know 
if there is any uniform protection (such as reg e would cover for interbank
funds transfers?)

i insert the weasel-words consumers and us-based because
of bofa's behavior in the joe lopez malware case, where they
are trying to claim he is a business not a consumer, and that
they are without fault in wire transfering his funds to latvia.

slightly off-topic:
remember abraham abdallah, the brooklyn busboy who assumed the
identity of a large number of the fortune 200 richest?  made goldman
sachs signature guaranteed stamps and opened accounts in their number?
had 800 fraudulent credit cards and 2 blank cards when he was 
arrested?  (hey kids!  collect 'em all!).  my point is only that this 
is
possible without my participating.  as jerry leichter reminded me, 
the fact there there are these facilities available means a bad guy can
use them even if i do not, unless i can not only opt out but forbid 
anyone
else from subsequently opting in, the moral equivalent of cutting your 
debit
card in half and returning it to the bank (rather than just destroying 
the PIN).


even more off-topic:
i'm surprised that the people on this list don't feel as if they have 
enough
personal connections that at least they could figure out what happened 
to them
as *some* financial institution.  doesn't anyone else ask, as a basis 
for imputing
trust  exactly who did that {protocol, architecture, code} review as a 
basis for 
imputing trust?  maybe i'm delusional, but i give fidelity some 
residual credit 
for having adam shostack there, even some years ago, and there are some 
firms
i'd use because i've been there enough to see their level of care.






-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Proving the randomness of a random number generator?

2005-12-05 Thread leichter_jerrold
| There's another definition of randomness I'm aware of, namely that the
| bits are derived from independent samples taken from some sample space
| based on some fixed probability distribution, but that doesn't seem
| relevant unless you're talking about a HWRNG.  As another poster
| pointed out, this definition is about a process, not an outcome, as
| all outcomes are equally likely.
That's not a definition of randomness except in terms of itself.  What does
independent samples mean?  For that matter, what's a sample?  It's an
element chosen at random from a sample space, no?

All outcomes equally likely is again simply a synonym:  Equally likely
comes down to any of them could come out, and the one that does is chosen
at random.

Probability theory isn't going to help you here.  It takes the notion of
randomness as a starting point, not something to define - because you really
can't!  Randomness is defined by its properties within the theory; it
doesn't 
need anything else.

One can, in fact, argue plausibly that randomness doesn't really exist:  
It's simply a reflection of lack of knowledge.  Even if you get down to the 
level of quantum mechanics, it's not so much that when an atom decays is 
random, it's that we don't - and, in fact, perhaps *can't* - have the 
knowledge of when that decay will happen ahead of time.  Once the decay has 
occurred, all the apparent randomness disappears.  If it was real, where
did 
it go?  (It's easy to see where our *ignorance* went)

-- Jerry

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-05 Thread Jonathan Thornburg

I would never use online banking, and I advise all my friends and
colleagues (particularly those who _aren't_ computer-security-geeks)
to avoid it.



On Sun, Dec 04, 2005 at 05:51:11PM -0500, [EMAIL PROTECTED] wrote:
I've been using online banking for many years, both US and Germany.
The German PIN/TAN system is reasonably secure,
being an effective one-time pad distributed through out of band channel


Ahh, but how do you know that the transaction actually sent to the
bank is the same as the one you thought you authorized with that OTP?
If your computer (or web browser) has been cracked, you can't trust
_anything_ it displays.  There are already viruses in the wild
attacking German online banking this way:
  http://www.bsi.bund.de/av/vb/pwsteal_e.htm


I also don't trust RSAsafe or other such 2-factor authentication
gadgets, for the same reason.

[I don't particularly trust buying things online with a credit card,
either, but there my liability is limited to 50 Euros or so, and the
credit card companies actually put a modicum of effort into watching
for suspicious transactions, so I'm willing to buy (a few) things online.]

ciao,

--
-- Jonathan Thornburg [EMAIL PROTECTED]
   Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut),
   Golm, Germany, Old Europe http://www.aei.mpg.de/~jthorn/home.html
   Washing one's hands of the conflict between the powerful and the
powerless means to side with the powerful, not to be neutral.
  -- quote by Freire / poster by Oxfam


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]