Re: Quantum direct communication: secrecy without key distribution

[Nicolas Williams]

[I'm guessing that nobody here wants yet another "quatum crypto is snake
oil, no it's not, yes it is, though it has a bright future, no it's not,
..." thread.]

On Fri, Dec 05, 2008 at 02:16:09PM +0100, Eugen Leitl wrote:
>In the last couple of years, we've seen a number of quantum key
>distribution systems being set up that boast close-to-perfect security
>([4]although they're not as secure as the marketing might imply).
> 
>These systems rely on two-part security. The first is the quantum part
>which reveals whether a message has been intercepted or not. Obviously
>this is no use when it comes to sending secret message because it can
>only uncover eavesdroppers after the fact.

That's not the most serious, obvious flaw in quantum cryptography.

The most obvious flaw is that when we're talking fiber optics the
eavesdropper might as well be a man in the middle, and so...  well, see
the list archive.

Nico
-- 

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: CPRNGs are still an issue.

[Jack Lloyd]

On Fri, Nov 28, 2008 at 12:49:27PM -0500, Perry E. Metzger wrote:
> 
> As it turns out, cryptographic pseudorandom number generators continue
> to be a good place to look for security vulnerabilities -- see the
> enclosed FreeBSD security advisory.
> 
> The more things change, the more they stay the same...

I think the situation is even worse outside of the major projects (the
OS kernels crypto implementations and the main crypto libraries). I
think outside of those, nobody is even really looking. For instance -

This afternoon I took a look at a C++ library called JUCE which offers
(among a pile of other things) RSA and Blowfish. However it turns out
that all of the RSA keys are generated with an LCRNG (lrand48,
basically) seeded with the time in milliseconds.
  http://www.randombit.net/bitbashing/security/juce_rng_vulnerability.html

Also I found GNU Classpath has a PRNG that does something similiar,
though at least it has the decency to use SHA-1 instead of an LCRNG.
Unfortunately this is the same PRNG class that is used to generate
RSA/DSA private keys and DSA's k values, and it is not even possible
(AFAICT) for an application developer to add additional seed data in.
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417

These are trivially obvious mistakes that have been known (at least in
the security community, though clearly not everywhere) for a decade
plus, at least since Goldberg and Wagner broke Netscape, and, like
classic buffer overflows and SQL injection, new code making the same
mistakes keeps getting written.

-Jack

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Lifting Some Restrictions on Encryption Exports

[David G. Koontz]

Ali, Saqib wrote:
> Does anyone have more info on the following:
> http://snurl.com/75m3f
> 
> I couldn't find any other article that talked about it. The pay per
> news is the only item I found.
> 

It was tough to google for, because of all of the new references to Clinton
era articles.

google 'encryption "export restrictions"  2008' (past month)

http://www.governmentcontractslawblog.com/2008/11/articles/export-controls/encryption-export-restrictions-loosened-under-new-rules-that-reduce-prereview-and-reporting-requirements/

>From this article you can see that the restrictions have had the effect of
driving cryptographic software development offshore:
http://www.governmentcontractslawblog.com/2008/11/articles/export-controls/new-export-rules-revise-de-minimis-provisions-allowing-bundled-software-to-be-included-in-commodity-valuation-clarifying-terms-and-reducing-reporting-requirements/

(Mostly European companies, I understand)

The first link has a link to the Federal Register to 'see the word of the law':

http://www.governmentcontractslawblog.com/uploads/file/GovConNov.pdf
Federal Register / Vol. 73, No. 193 / Friday, October 3, 2008 / Rules and
Regulations  Pages 57495 through 57512

The PDF file is 124 KB.

17 pages plus a couple of column inches on the 18th page, too long to copy
here.





-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Lifting Some Restrictions on Encryption Exports

[Florian Weimer]

* Saqib Ali:

> Does anyone have more info on the following:
> http://snurl.com/75m3f
>
> I couldn't find any other article that talked about it. The pay per
> news is the only item I found.

It's probably this:

| Encryption Simplification Rule of October 3, 2008 (73 FR 57495)

(from )

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Lifting Some Restrictions on Encryption Exports

[Tamzen Cannoy]

On Dec 4, 2008, at 3:22 PM, Ali, Saqib wrote:


Does anyone have more info on the following:
http://snurl.com/75m3f

I couldn't find any other article that talked about it. The pay per
news is the only item I found.

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]


I found this:

http://edocket.access.gpo.gov/2008/pdf/E8-23201.pdf

and

http://web20.nixonpeabody.com/np20/np20blog/Lists/Posts/Post.aspx?List=5374facc%2D7ab2%2D482c%2D8bea%2D810457ec74db&ID=212

Looks like it's mostly a paperwork reduction act with cleaning up the  
list of countries who are our "good" friends.


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Quantum direct communication: secrecy without key distribution

[Eugen Leitl]

From: the physics arXiv blog <[EMAIL PROTECTED]>
Subject: the physics arXiv blog
To: [EMAIL PROTECTED]
Date: Fri, 05 Dec 2008 13:10:50 +



[1]the physics arXiv blog

   [2]Quantum direct communication: secrecy without key distribution

   Posted: 04 Dec 2008 09:13 PM PST

   [3]quantum-direct-communication.jpg 

   An interesting development in the world of quantum encryption.

   In the last couple of years, we've seen a number of quantum key
   distribution systems being set up that boast close-to-perfect security
   ([4]although they're not as secure as the marketing might imply).

   These systems rely on two-part security. The first is the quantum part
   which reveals whether a message has been intercepted or not. Obviously
   this is no use when it comes to sending secret message because it can
   only uncover eavesdroppers after the fact.

   So Alice sends a one time pad over this quantum channel that she and
   Bob can later use to encrypt and send a message classically. If this
   key is compromised, Alice sends another.

   What guarantees the security is not quantum mechanics but the second
   part of the system: the one time pad.

   Today, Seth Lloyd and colleagues at the Massachusetts Institute of
   Technology in Cambridge, publish a way of guaranteeing security over a
   quantum channel without having to fall back on a one time pad.

   Their idea is to send a message over a standard quantum channel
   without bothering with a one time pad. The security, they say, can be
   monitored by randomly checking the channel to see whether any of the
   qubits are being lost (potentially to Eve).

   The security of the channel then depends on how much loss of
   information Alice and Bob are willing to accept, but can always be
   improved by checking more often for eavesdroppers.

   Quantum direct communication, as the team call it, looks interesting.
   But it will be demanding to implement, not least because any noise in
   the channel will look like an eavesdropper. So it looks as if this
   idea will have to be limited to short range applications where noise
   can be kept to a minimum.

   Nevertheless, a cool idea.

   Ref: [5]arxiv.org/abs/0802.0656: Quantum Direct Communication with
   Continuous Variables

   [6][ISMAP:i] 
   [7][arXivblog?d=41] [8][arXivblog?d=43] [9][arXivblog?i=FkCcdrzA]
   [10][arXivblog?d=50] [11][arXivblog?i=AA6d3u4X] [12][arXivblog?d=54]
   [13][arXivblog?i=gWxiPcYK] [14][arXivblog?d=52] 
   You are subscribed to email updates from [15]the physics arXiv blog
   To stop receiving these emails, you may [16]unsubscribe now. Email
   delivery powered by Google
   Inbox too full? [17](feed) [18]Subscribe to the feed version of the
   physics arXiv blog in a feed reader.
   If you prefer to unsubscribe via postal mail, write to: the physics
   arXiv blog, c/o Google, 20 W Kinzie, Chicago IL USA 60610

References

   1. http://arxivblog.com/
   2. http://feedproxy.google.com/~r/arXivblog/~3/L2dvPUasU7A/
   3. 
http://arxivblog.com/wp-content/uploads/2008/12/quantum-direct-communication.jpg
   4. http://arxivblog.com/?p=637
   5. http://arxiv.org/abs/0802.0656
   6. https://feedads.googleadservices.com/~a/i7RRFcowUHJnq_spRFzOodIFPIY/a
   7. http://feedproxy.google.com/~f/arXivblog?a=HIgKcQ0O
   8. http://feedproxy.google.com/~f/arXivblog?a=bO8lGfma
   9. http://feedproxy.google.com/~f/arXivblog?a=FkCcdrzA
  10. http://feedproxy.google.com/~f/arXivblog?a=ybFs1PaM
  11. http://feedproxy.google.com/~f/arXivblog?a=AA6d3u4X
  12. http://feedproxy.google.com/~f/arXivblog?a=sdxB9J6P
  13. http://feedproxy.google.com/~f/arXivblog?a=gWxiPcYK
  14. http://feedproxy.google.com/~f/arXivblog?a=rqQMNiZh
  15. http://arxivblog.com/
  16. 
http://feedburner.google.com/fb/a/mailunsubscribe?k=118r9-S4Z0vJg-AkQPASPmDmlGQ
  17. http://feedproxy.google.com/arXivblog
  18. http://feedproxy.google.com/arXivblog

--

-- 
Eugen* Leitl http://leitl.org";>leitl http://leitl.org
__
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Lifting Some Restrictions on Encryption Exports

[Ali, Saqib]

Does anyone have more info on the following:
http://snurl.com/75m3f

I couldn't find any other article that talked about it. The pay per
news is the only item I found.

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]