Re: OK, shall we savage another security solution?

2007-09-20 Thread Nicholas Bohm
Leichter, Jerry wrote: ... If you think about this in general terms, we're at the point where we can avoid having to trust the CPU, memory, disks, programs, OS, etc., in the borrowed box, except to the degree that they give us access to the screen and keyboard. (The problem of securing

RE: Scare tactic?

2007-09-20 Thread Dave Korn
On 19 September 2007 22:01, Nash Foster wrote: http://labs.musecurity.com/2007/09/18/widespread-dh-implementation-weakness/ Any actual cryptographers care to comment on this? IANAAC. I don't feel qualified to judge. Nor do I, but I'll have a go anyway. Any errors are all my own

Re: Scare tactic?

2007-09-20 Thread Ivan Krstić
On Sep 19, 2007, at 5:01 PM, Nash Foster wrote: Any actual cryptographers care to comment on this? I don't feel qualified to judge. If the affected software is doing DH with a malicious/compromised peer, the peer can make it arrive at a predictable secret -- which would be known to some

Re: Scare tactic?

2007-09-20 Thread Ben Laurie
Nash Foster wrote: http://labs.musecurity.com/2007/09/18/widespread-dh-implementation-weakness/ Any actual cryptographers care to comment on this? I don't feel qualified to judge. It seems to me that the requirement cited: Entity i cannot be coerced into sharing a key with entity j without

Re: Scare tactic?

2007-09-20 Thread Victor Duchovni
On Wed, Sep 19, 2007 at 02:01:13PM -0700, Nash Foster wrote: http://labs.musecurity.com/2007/09/18/widespread-dh-implementation-weakness/ Any actual cryptographers care to comment on this? I don't feel qualified to judge. I am not a cryptographer, but the article appears silly. First the

Re: Scare tactic?

2007-09-20 Thread Taral
On 9/19/07, Nash Foster [EMAIL PROTECTED] wrote: http://labs.musecurity.com/2007/09/18/widespread-dh-implementation-weakness/ Any actual cryptographers care to comment on this? I don't feel qualified to judge. It's a real (old) vulnerability in DH, but I don't think it applies here. If you

Re: Scare tactic?

2007-09-20 Thread Alexander Klimov
On Wed, 19 Sep 2007, Nash Foster wrote: Any actual cryptographers care to comment on this? I don't feel qualified to judge. Not a single IKE implementation [...] were validating the Diffie-Hellman public keys that I sent. There are many ways to use DH key-agreement. The one described on the

Re: Scare tactic?

2007-09-20 Thread Nate Lawson
Peter Gutmann wrote: Nash Foster [EMAIL PROTECTED] writes: http://labs.musecurity.com/2007/09/18/widespread-dh-implementation-weakness/ Any actual cryptographers care to comment on this? I don't feel qualified to judge. It's quite possible that many implementations do this. When the

Re: OK, shall we savage another security solution?

2007-09-20 Thread Leichter, Jerry
| If you think about this in general terms, we're at the point where we | can avoid having to trust the CPU, memory, disks, programs, OS, etc., | in the borrowed box, except to the degree that they give us access to | the screen and keyboard. (The problem of securing connections that | go

Re: OK, shall we savage another security solution?

2007-09-20 Thread Michel Arboi
On 20/09/2007, Nicholas Bohm [EMAIL PROTECTED] wrote: Would it not be possible to solve the keyboard problem by allowing a keyboard (e.g. USB) to be plugged directly into the device? Evidian (former Bull Soft) built such a gizmo. I think this is this:

Re: Scare tactic?

2007-09-20 Thread Sidney Markowitz
Ben Laurie wrote, On 21/9/07 1:34 AM: It seems to me that the requirement cited: Entity i cannot be coerced into sharing a key with entity j without i’s knowledge, ie, when i believes the key is shared with some entity l != j. The without i's knowledge part is critical to the argument, as