Re: automatic toll collection, was Japan Puts Its Money on E-Cash

2005-12-16 Thread Eugen Leitl
On Thu, Dec 15, 2005 at 04:31:36AM -, John Levine wrote:

 An article in Wikipedia says that congestion tolls in London (UK) are
 also collected automatically by taking pictures of license plates.

The German TollCollect system (used on the national highway system)
reads license plates of every vehicle (currently, only trucks
are charged) by OCR. The police is purportely very interested to obtain
realtime access to the logs. 

Don't we all feel much safer, already?

-- 
Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org
__
ICBM: 48.07100, 11.36820http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE


signature.asc
Description: Digital signature


Re: crypto for the average programmer

2005-12-16 Thread Ben Laurie
[EMAIL PROTECTED] wrote:
 On Mon, 12 Dec 2005, Steve Furlong wrote:
 |  My question is, what is the layperson supposed to do, if they must use
 |  crypto and can't use an off-the-shelf product?
 | 
 | When would that be the case?
 | 
 | The only defensible situations I can think of in which a
 | non-crypto-specialist programmer would need to write crypto routines
 | would be an uncommon OS or hardware, or a new or rare programming
 | language which doesn't have libraries available from SourceForge etc.
 | Or maybe implementing an algorithm that's new enough it doesn't have a
 | decent free implementation, but I'm not sure such an algorithm should
 | be used in production code.
 I can tell you a situation that applied in one system I worked on:  You
 could 
 go with SSL, which gets you into GPL'ed code, not to mention the known

Eh? OpenSSL is BSD, not GPL.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: automatic toll collection, was Japan Puts Its Money on E-Cash

2005-12-16 Thread Peter Clay
On Thu, Dec 15, 2005 at 04:31:36AM -, John Levine wrote:
 An article in Wikipedia says that congestion tolls in London (UK) are
 also collected automatically by taking pictures of license plates.

Yes, the London congestion charge. There were some horror stories about
trouble with the ANPR* technology in the first weeks, but now it's just
ticking over in the background and appears to be working. There is
almost certainly a feed to MI5 (internal security) of the whole thing.

The UK government has various plans for rolling out tracking technology
more widely, such as ANPR cameras on motorways for detecting speeding,
or GPS devices for national road pricing. It's also planning on building
a vast database of everyone's name, address, biometrics, and
fingerprints.

Pete
* automatic number plate recognition
-- 
Peter Clay   | Campaign for   _  _| .__
 | Digital   /  / | |
 | Rights!   \_ \_| |
 | http://www.ukcdr.org

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-16 Thread James A. Donald
--
From:   Werner Koch [EMAIL PROTECTED]
 You need to clarify the trust model.  The OpenPGP
 standard does not define any trust model at all.  The
 standard merely defines fatures useful to implement a
 trust model.

Clarifying the trust model sounds suspiciously like
designers telling customers to conform to designer
procedures.  This has not had much success in the past.

People using PGP in practice verify keys out of band,
not through web of trust.

People using https tend to click through. 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 9zzvV5qgyWeB4uTJn5vTjFtKeouMk46hiM0EN7Q+
 4CKg4nhwvcBjl855xVUXY5XMP46ZdvXoOl8Wu0Hyb



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Looking for fast KASUMI implementation

2005-12-16 Thread Jack Lloyd

Define fast - KASUMI is based heavily on MISTY1. In fact, during a fast scan of
the KASUMI spec, I couldn't see anywhere obvious where it different from MISTY1
at all. As far as I know, I'm the only person who has even tried writing fast
code for MISTY1, and the result is quite dog-slow compared to most other common
ciphers (to pull some numbers out of the air: around 4.3 MB/sec on an 800 MHz
Athlon, compared with 9.4 MB/sec from AES-128 and 15 MB/sec from 16-round
RC5). Obviously you can do better on a faster processor (and I'm sure there are
some cycles yet to be squeezed out of my MISTY1 code - there are many who can
hand-optimize better than I), but I don't think MISTY1 (or KASUMI) will ever be
very fast in software.

Would a FPGA work instead? That seems like your best bet to me.

-Jack

On Thu, Dec 15, 2005 at 08:24:23AM -0500, james hughes wrote:
 Hello list:
 
 I have research project that is looking for a fast -software-  
 implementation of the KASUMI block cipher.  I have found many papers  
 on doing this in hardware, but nothing in software. While free is  
 better (as is beer), I will consider a purchase.
 
 FYI, KASUMI is the cryptographic engine of the 3GPP.
   http://en.wikipedia.org/wiki/3gpp
 
 Thanks.
 jim
 
 
 -
 The Cryptography Mailing List
 Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: How security could benefit from high volume spam

2005-12-16 Thread Joe Cooley

 Maybe in near future the advantages of that noise produced by millions
 of bots will outweigh the disadvantages?


 Comments are welcome.


The noise must be made by us, the people, and directed towards leaders and
industry.  Technology solutions will not fix the fundamental problems.

Joe

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Crypto and UI issues

2005-12-16 Thread Ben Laurie
David Mercer wrote:
 And my appologies to Ben Laurie and friends, but why after all these
 years is the UI interaction in ssh almost exactly the same when
 accepting a key for the first time as overriding using a different one
 when it changed on the other end, whether from mitm or just a
 key/IP/hostname change?

Thanks for the apology, but ... ssh is not my fault.

However, I don't really understand the problem here - if the key changes
in OpenSSH you can't connect until you take positive action by deleting
the old key from the known_hosts file. This is totally different to
accepting a new key.

I will agree that something better than just showing you the key would
be cool. Like maybe it could be signed by something so you can verify it
that way. Oh, wait. That's PKI, and we all know PKI is broken.

 Horrible, horrible UI, and I'm not sure what's worse, that or trying
 to USE pgp (gpg, whatever) from a command line, or getting it
 integrated into a gui mail client.

Two words: Thunderbird, enigmail.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Crypto and UI issues

2005-12-16 Thread David Mercer
On 12/15/05, Ben Laurie [EMAIL PROTECTED] wrote:
 David Mercer wrote:
 Thanks for the apology, but ... ssh is not my fault.

Sorry, crosswired openssl and openssh in my brain!

 I will agree that something better than just showing you the key would
 be cool. Like maybe it could be signed by something so you can verify it
 that way. Oh, wait. That's PKI, and we all know PKI is broken.

Yeah, 'broken' is about the strongest language we'd want to use on a
public list, huh?

  Horrible, horrible UI, and I'm not sure what's worse, that or trying
  to USE pgp (gpg, whatever) from a command line, or getting it
  integrated into a gui mail client.

 Two words: Thunderbird, enigmail.

Sorry, I've become totally addicted to gmail and just can't imagine
being tied down to a single desktop machine.  Not that gmail is the
end all be all of webmail or anything, and I'm not completely sure how
far I trust them, but they are top dog right now for email in my book.

-David Mercer
Tucson, AZ

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: crypto for the average programmer

2005-12-16 Thread Ben Laurie
[EMAIL PROTECTED] wrote:
 |  |  My question is, what is the layperson supposed to do, if they must
 use
 |  |  crypto and can't use an off-the-shelf product?
 |  | 
 |  | When would that be the case?
 |  | 
 |  | The only defensible situations I can think of in which a
 |  | non-crypto-specialist programmer would need to write crypto routines
 |  | would be an uncommon OS or hardware, or a new or rare programming
 |  | language which doesn't have libraries available from SourceForge etc.
 |  | Or maybe implementing an algorithm that's new enough it doesn't have a
 |  | decent free implementation, but I'm not sure such an algorithm should
 |  | be used in production code.
 |  I can tell you a situation that applied in one system I worked on:  You
 |  could 
 |  go with SSL, which gets you into GPL'ed code, not to mention the known
 | 
 | Eh? OpenSSL is BSD, not GPL.
 When I last looked at this, OpenSSL was BSD, but it required some libraries 
 (GMP?) that were GPL.

No, OpenSSL is self-contained. There is, IIRC, an engine that uses GMP
if you want, but its entirely optional; OpenSSL has its own bignum
implementation that's just as good.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: X.509 / PKI, PGP, and IBE Secure Email Technologies

2005-12-16 Thread Ed Gerck

James A. Donald wrote:

--
From:   Werner Koch [EMAIL PROTECTED]

You need to clarify the trust model.  The OpenPGP
standard does not define any trust model at all.  The
standard merely defines fatures useful to implement a
trust model.


Clarifying the trust model sounds suspiciously like
designers telling customers to conform to designer
procedures.  This has not had much success in the past.

People using PGP in practice verify keys out of band,
not through web of trust.


James,

Yes. Your observation on out-of-band PGP key verification
is very important and actually exemplifies what Werner
wrote. Exactly because there's no trust model defined
a priori, uses can choose the model they want including
one-on-one trust.

This is important because it eliminates the need for a
common root of trust -- with a significant usability
improvement.

If the web of trust is used, the sender and recipient must
a priori trust each other's key signers, requiring a
common root of trust -- that may not even exist to begin
with.

So, instead of worrying about what trust model PGP uses,
the answer is that you can use any trust model you want --
including a hierarchical trust model as used with X.509.

Jon Callas and I had several conversations on trust in
May '97, when Jon visited me for two weeks while I was
in Brazil at the time, I think before the OpenPGP WG was
even working on these issues. This is one of the comments
Jon wrote in a listserv then, with a great insight that
might be useful today:

  As I understand it, then, I've been thinking about some
  of the wrong issues. For example, I have been wondering
  about how exactly the trust model works, and what trust
  model can possibly do all the things Dr Gerck is claiming.
  I think my confusion comes from my asking the wrong
  question. The real answer seems to be, 'what trust model
  would you like?' There is a built in notion (the
  'archetypical model' in the abstract class) of the meta-
  rules that a trust model has to follow, but I might buy a
  trust model from someone and add that, design my own, or
  even augment one I bought. Thus, I can ask for a
  fingerprint and check it against the FBI, Scotland Yard,
  and Surite databases, check their PGP key to make sure
  that it was signed my Mother Theresa, ask for a letter of
  recommendation from either the Pope or the Dalai Lama
  (except during Ramadan, when only approval by the Taliban
  will do), and then reject them out of hand if I haven't had
  my second cup of coffee.

Cheers,
Ed Gerck



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Crypto and UI issues

2005-12-16 Thread James A. Donald
--
From:   Ben Laurie [EMAIL PROTECTED]
 if the key changes in OpenSSH you can't connect until 
 you take positive action by deleting the old key from 
 the known_hosts file. This is totally different to 
 accepting a new key.

 I will agree that something better than just showing 
 you the key would be cool. Like maybe it could be 
 signed by something so you can verify it that way. Oh, 
 wait. That's PKI, and we all know PKI is broken.

But in what it is it broken?

Let us imagine that SSH had certified keys.  Well, 
certifying a key is bound to be complicated, and things 
are bound to go wrong, and the name that you bind it to 
is bound to be somewhat shifty.  You might bind the key 
to ben.com, but then your host is ssh.ben.com.  So 
pretty soon users are frequently seeing error dialogs - 
and so, pretty soon, are always clicking through them.

What is a true name is a deep and difficult question, 
and one that people have little patience for when trying 
to log in.  We are overloaded with names, with the 
result that true names are of limited value in 
ascertaining true relationships. 

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 Ot8xxQDU9pyVndHTn5kzTOr2CRK60LeWklc4NDLR
 4M3vcDbhvr3PhPb10v1p7VO47zgc7ubuUbnhrhoXa



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]