Re: TPM & disk crypto
Am Sonntag, den 01.10.2006, 23:42 -0500 schrieb Travis H.: > Anyone have any information on how to develop TPM software? Yes, thats easy. We created a java library for the tpm chip. You can get it at http://tpm4java.datenzone.de/ Using this lib, you need less than 10 lines of java-code for doing some simple tpm operations. signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Re: Circle Bank plays with two-factor authentication
The question is what the threat model is. We all know that email can be intercepted over the wire. We also know that that's not very common or very easy, except for wireless hotspots. I assert that *most* email does not flow over such links, and that the probability of a successful interception by someone who's staked out a hotspot is quite low. Residential wireless? Sure, there's a lot of it, mostly unencrypted. If you're a bad guy, is there any reason you should be watching for that particular piece of email? You don't even know who the customers of that bank are. (Sure, there can be targeted attacks aimed at a given individual. Unless you're a member of the HP board of directors or a prominent technology journalist, that risk is low, too) Again -- the scheme isn't foolproof, but it's probably *good enough*. What is their threat? There are two obvious answers: phishing and keystroke loggers. The threat model that does not get enough attention (especially by purported anti-phishing security mechanisms) is that if a phisher can obtain your password, and most people use the same password all over the place, then the adversary can simply log into your email and read any sensitive information directly. They don't need to eavesdrop. They don't need to put spyware on your box to busy-poll your email inbox. Traditional phishing attacks _still work_, just with a level of indirection. Ultimately, these kinds of anti-phishing schemes that require sending secret information to your email inbox are no more secure than your email password. Presumably, the reason that these schemes are required is to combat password theft (phishing) and password guessing so at the end of the day, how much do they really buy you? One level of indirection? One minor change in tactics? -Jason - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Circle Bank plays with two-factor authentication
Here in the Netherlands, we have a bank (Rabobank) which sends the required code by SMS to your (registered) cellular phone as soon as you want to log in. So the codes are always fresh and random and only available to whoever knows the password ánd has the phone. At my own bank, the bank-card is also a smartcard. When trying to log in, the bank issues a random six-digit challenge. With the use of a seperate cardreader, the bank-/smartcard can compute an (8-digit) response to the challenge. This response is computed with a private key stored in the card. The card can only be used after entering the correct PIN. Three wrong PINs block the smartcard. These two systems also obviously have their pro's and cons, but they both seem much more secure than the other schemes i have seen here. Peter 2006/9/28, pat hache <[EMAIL PROTECTED]>: Here,(Mexico) BBVA / Bancomer uses 24 special three digits numbers on a card you need to have at hand to access your account after login and username... the system asks you one of those 24 numbers to allow each session - entry. supposed to be effective. donno if there is a similar system elsewhere. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
The Geheimschreiber Secret - Swedish WWII SIGINT
http://frode.home.cern.ch/frode/ulfving/ulfving.html This discusses Swedish decryption of a German crypto machine. Although the break was done without any hints, it was a fairly straightforward system of long-period XOR and fixed transposition, and eventual success was predicated on the laziness of the operators (what else is new?). Perhaps someone can make this into some form of game-theoretic research paper. An interesting economic commentary, if somewhat off-topic, is: ``Many analysts consider that war preparations serve only as instruments of pressure during negotiations. However, that ignore the dynamics of future military developments which are created by a deployment as large as that which occurred here. Economic factors and military logistics make it almost impossible to keep large, inactive troop concentrations in place as a trump card during long negotiations, just as it is damaging for the units' fighting spirit. It is too expensive not to use the troops, therefore they must either be used in combat or be demobilized and returned to civilian life. Only victory justifies the price -- even if it is high. For example, consider the collapse of the economic, political and ecological systems now affecting the states of the former Soviet Union as a consequence, during a long period, of a highly forced ``war economy'' that did not result in any gains.'' Perhaps the "mission creep" seen in most large bureaucracies need not always be attributed to power-grabs and personal aspirations of department leaders, but to relatively benign economic arguments that "we already pay for it, we might as well use it". Along with the idea that capabilities must periodically be exercised in order to prevent atrophy, that probably explains a lot of otherwise puzzling decisions and apparent over-reactions on the part of decision-makers. -- Enhance your calm, fellow citizen; it's just ones and zeroes. Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/ GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
TPM & disk crypto
Quoting: Disk drives gear up for a lockdown Rick Merritt, EE Times (09/25/2006 9:00 AM EDT) Built-in security is the next big thing for hard-disk drives. By 2008, drive makers should be shipping in volume a broad array of drives based on a maturing standard. ... The first version of the Trusted Computing Group's standard for disk drive security could be completed by year's end. Seagate Technology Inc. already ships one drive with an integrated security chip, although some see that approach as an interim step. "For mass production, security has to be integrated into the controller. It's not that many gates, even if the function is not used," said A. Currie Munce, vice president of research for Hitachi Global Storage Technologies. Seagate CTO Mark Kryder agreed, saying his company will integrate security functions in the drive controller very soon. A security standard will open the door to selling drives preloaded with content that users can unlock after paying online for a digital key...' === Anyone know if this is going to be compatible with the IEEE SISWG standard? Anyone have any information on how to develop TPM software? Anyone else recognize how features migrate from the CPU to an add-on card and back to the CPU? Same thing happened with RAID and on-board video and so on... it seems to me that people need an open-source add-in card for crypto, perhaps based around an FPGA, that is updatable if the algorithms need strengthening. It seems that Peter Gutmann has already done something similar: http://www.cypherpunks.to/~peter/usenix00.pdf -- Enhance your calm, fellow citizen; it's just ones and zeroes. Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/ GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: signing all outbound email
James A. Donald wrote: > In order for this to actually be any use, the recipient > needs to verify the signature and do something on the > basis of that signature - presumably whitelist email > that genuinely comes from well known domains. > > Unfortunately, the MTA cannot reliably do something - if > it drops unsigned mail that is fairly disastrous, and > the MUA cannot reliably check signatures, since the MTA > is apt to mess the signatures up. so what if an isp only signs email where the origin address is the same as the claimed email "from" address. then email that claims to be from such an isp, that isn't signed, might assumed to be impersonation. and any "abuse" reports to the isp ...where the email has been signed ... should at least trace back to the correct originating account. ISPs could do ingress filtering where they only process incoming email from their customers ... where the origin address matches the email "from" address ... which would eliminate their customers from impersonating other addresses ... but doesn't preclude customers at non-participating ISPs from impersonating their customers. ISPs could also start to quarentine unsigned email that claims to have originated from ISPs that are known to sign email. it might be considered to be small step up from ssl domain name digital certificates ... where the browser checks that the domain name in the URL is the same as the URL in the certificate. the issue in the ssl domain name scenario is some common use where the user has little or no awareness of the domain name in the URL so the fact that the actual domain name matches the domain name in the certificate may bring little additional benefit. lots of past collected posts mentioning ssl domain name certificates ... some of the posts mentioning merchant comfort digital certificates http://www.garlic.com/~lynn/subpubkey.html#sslcert - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: signing all outbound email
Lynn Wheeler wrote: > recently published IETF RFC > > ... from my IETF RFC index > http://www.garlic.com/~lynn/rfcietff.htm > > 4686 I > Analysis of Threats Motivating DomainKeys Identified > Mail (DKIM), > Fenton J., 2006/09/26 (29pp) (.txt=70382) (Refs > 1939, 2821, 2822, 3501, 4033) (was > draft-ietf-dkim-threats-03.txt) > > from the introduction: > > The DomainKeys Identified Mail (DKIM) protocol is > being specified by the IETF DKIM Working Group. The > DKIM protocol defines a mechanism by which email > messages can be cryptographically signed, permitting a > signing domain to claim responsibility for the use of > a given email address. Message recipients can verify > the signature by querying the signer's domain directly > to retrieve the appropriate public key, and thereby > confirm that the message was attested to by a party in > possession of the private key for the signing domain. > This document addresses threats relative to two works > in progress by the DKIM Working Group, the DKIM > signature specification [DKIM-BASE] and DKIM Sender > Signing Practices [DKIM-SSP]. In order for this to actually be any use, the recipient needs to verify the signature and do something on the basis of that signature - presumably whitelist email that genuinely comes from well known domains. Unfortunately, the MTA cannot reliably do something - if it drops unsigned mail that is fairly disastrous, and the MUA cannot reliably check signatures, since the MTA is apt to mess the signatures up. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]