[Cryptography] Homomorphic encryption prototype by microsoft

[Ali, Saqib]

Two years after Dr. Craig Gentry of IBM published the proof for fully
homomorphic encryption, Microsoft has come up with a prototype that
utilizes the technique:
http://www.technologyreview.com/computing/38239/page1/


saqib
http://redscarfvestpink.appspot.com/
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

ACM Workshop: Searching an Encrypted Cloud

[Ali, Saqib]

Followup from the workshop:
http://www.technologyreview.com/computing/23951/


saqib
http://enterprise20.squarespace.com



On Thu, Nov 12, 2009 at 1:23 PM, Ali, Saqib  wrote:

> ACM Workshop on November 13th (yes it is Friday the 13th) will cover the the 
> topic of Searching for encrypted data in the Cloud:
> http://crypto.cs.stonybrook.edu/ccsw09/
> http://www.technologyreview.com/computing/23929/?a=f

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

First Test for Election Cryptography

[Ali, Saqib]

http://www.technologyreview.com/web/23836/





saqib
http://replaycall.com

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

BusinessWeek article on IBM Research's Fully Homomorphic Encryption

[Ali, Saqib]

Good read:
http://www.businessweek.com/technology/content/sep2009/tc20090930_463595.htm

For more info:
http://www-03.ibm.com/press/us/en/pressrelease/27840.wss
http://portal.acm.org/citation.cfm?id=1536414.1536440

This is just a proof of possibility, not (yet) feasibility.


saqib
http://enterprise20.squarespace.com

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Re: New Technology to Make Digital Data Disappear, on Purpose

[Ali, Saqib]

a good article about the technology and its implications:
http://www.physorg.com/news173556803.html

[Moderator's note: old news (we already had announcements on Vanish here
weeks ago), but in the last few days Ed Felten announced attacks on
Vanish:
http://www.freedom-to-tinker.com/blog/felten/breaking-vanish-story-security-research-action
so I thought I'd let this through as a way of mentioning that... --Perry]

saqib
http://replaycall.com

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Re: Privacy Plug-In Fakes out Facebook

[Ali, Saqib]

[Moderator's note: I don't want an extended discussion on this topic,
but I'll allow this one message through. --Perry]

Another fine example of throwing cryptography at a behavioral problem.
And why should I trust  a 3rd party server to protect the encryption
keys

I know that Facebook privacy settings were convoluted in the past. But
they have improved a lot. And there are nice tutorials on privacy
settings for facebook. Spend 10 mins, and properly configure these
settings.

Just my $0.02

saqib
http://bit.ly/NISTCloudComputing

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Re: Unattended reboots (was Re: The clouds are not random enough)

[Ali, Saqib]

> If you (or anyone on this forum) know of technology that allows the
> application to gain access to the crypto-hardware after an unattended
> reboot - but can prevent an attacker from gaining access to those keys
> after compromising a legitimate ID on the machine

This is the conundrum of the of the the decade. The TPMs etc, tie a
HDD to a server. This helps in cases where the HDDs are discarded w/o
proper destruction of data or are stolen. If you have a problem of
entire servers being stolen, than you have to worry about physical
security.

saqib
http://kawphi.blogspot.com

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

The clouds are not random enough

[Ali, Saqib]

Why Cloud Computing Needs More Chaos:
http://www.forbes.com/2009/07/30/cloud-computing-security-technology-cio-network-cloud-computing.html

[Moderator's note: It is not supposed to be the moderator's job to read
a link and then summarize for the readers it is interesting to click
on. In the future, posters should provide at least a few sentences
explaining why a link is of interest or I'm going to simply stop
forwarding them.

In the current instance, the article is about a growing problem -- the
lack of good quality random numbers in VMs provided by services like EC2
and the effect this has on security. --Perry]
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Re: New Technology to Make Digital Data Disappear, on Purpose

[Ali, Saqib]

Online demo of Vanish:
http://regina.cs.washington.edu/cgi-bin/vanishservice.py



saqib
http://kawphi.blogspot.com

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

New Technology to Make Digital Data Disappear, on Purpose

[Ali, Saqib]

The researchers said they had struck upon a unique approach that
relies on “shattering” an encryption key that is held by neither party
in an e-mail exchange but is widely scattered across a peer-to-peer
file sharing system.

The pieces of the key, small numbers, tend to “erode” over time as
they gradually fall out of use. To make keys erode, or timeout, Vanish
takes advantage of the structure of a peer-to-peer file system. Such
networks are based on millions of personal computers whose Internet
addresses change as they come and go from the network. This would make
it exceedingly difficult for an eavesdropper or spy to reassemble the
pieces of the key because the key is never held in a single location.
The Vanish technology is applicable to more than just e-mail or other
electronic messages

Read more:
http://www.nytimes.com/2009/07/21/science/21crypto.html



Saqib
http://kawphi.blogspot.com

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Re: Physical security rather than crypto---but perhaps of interest

[Ali, Saqib]

Since we are on this topic:

"You don’t need to be a crowned Ranger class master hacker to sneak
into someone’s email or facebook account these days. Which means that
you’re not simply being a nervous nellie if you’re worried about
security.

In fact, users of public WiFi should be worried. If you use WiFi to
access some of the most popular email and social networking services,
like, gmail, yahoo mail, hotmail, and facebook, your account
information floats around in the air, often completely unsecured.

You want some more fear with your coffee? Chris Soghoian, a fellow at
the Berkman Center for Internet and Society, took a look into WiFi and
account security to find out just how scary the situation is."

Listen to the audio at:
http://blogs.law.harvard.edu/mediaberkman/2009/07/16/radio-berkman-126-the-g-fail/



saqib
http://www.capital-punishment.us

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Weakness in Social Security Numbers Is Found

[Ali, Saqib]

Read more:
http://www.nytimes.com/2009/07/07/us/07numbers.html?_r=2&ref=instapundit


saqib
http://www.capital-punishment.us

[Moderator's note: this isn't really a weakness in SSNs, unless you're
stupid enough to use them as a password -- which we already knew was
bad. None the less, interesting work. --Perry]
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Transcripts of the NIST Sessions from the first SHA3 Candidate Conference

[Ali, Saqib]

The transcripts are available at:
http://csrc.nist.gov/groups/ST/hash/sha-3/Round1/Feb2009/program.html




saqib
http://www.capital-punishment.us

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

OT: Presentation on Effectively and Securely Using the Cloud Computing Paradigm

[Ali, Saqib]

NIST has published a working draft of the Cloud Computing Security presentation:
http://csrc.nist.gov/groups/SNS/cloud-computing/index.html

Both of the documents on this page are excellent read for anyone
interested in Cloud Computing.

Some of the Security Advantages mentioned in the presentation are:

Shifting public data to a external cloud reduces the exposure of the
internal sensitive data
Cloud homogeneity makes security auditing/testing simpler
Clouds enable automated security management
Redundancy / Disaster Recovery
Data Fragmentation and Dispersal
Dedicated Security Team
Greater Investment in Security Infrastructure
Fault Tolerance and Reliability
Greater Resiliency
Hypervisor Protection Against Network Attacks
Possible Reduction of C&A Activities (Access to Pre-Accredited Clouds)
Simplification of Compliance Analysis
Data Held by Unbiased Party (cloud vendor assertion)
Low-Cost Disaster Recovery and Data Storage Solutions
On-Demand Security Controls
Real-Time Detection of System Tampering
Rapid Re-Constitution of Services
Advanced Honeynet Capabilities

What are your thoughts on these benefits?

Thanks
Saqib
http://www.capital-punishment.us

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

A Service to Prove You are Really You

[Ali, Saqib]

On the Internet, nobody knows you’re a dog, as the New Yorker cartoon
famously said. But what if, while you are surfing, you want to prove
your pedigree?
Equifax, the big credit agency that already knows more about your flea
count than you do, wants to help. :
http://bits.blogs.nytimes.com/2009/05/19/a-service-to-prove-you-are-really-you/


Saqib
http://www.capital-punishment.us

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Response to "The Strange Rise and Fall of Hardware Disk Encryption"

[Ali, Saqib]

Here is a response to Jon Callas'  "The Strange Rise and Fall of
Hardware Disk Encryption"[1]:
http://security-basics.blogspot.com/2009/04/re-fde-mgiebelpgpcom-has-shared-strange_6682.html


1. 
http://blog.pgp.com/index.php/2009/04/the-strange-rise-and-fall-of-hardware-disk-encryption/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

How to Share without Spilling the Beans

[Ali, Saqib]

A new protocol aims to protect privacy while allowing organizations to
share valuable information:
http://www.technologyreview.com/communications/22238/?a=f


saqib
http://www.capital-punishment.net

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

UK must balance surveillance and data collection with privacy

[Ali, Saqib]

Britain's House of Lords Constitution Committee released a report
Friday saying that the country's use of widespread video surveillance
and personal data collection pose a threat to citizens' privacy and
freedom. The committee said that while such surveillance and data
collection could serve legitimate law-enforcement purposes, those
interests should be balanced against privacy concerns, including
Article 8 of the European Convention on Human Rights. The committee
also issued specific recommendations that DNA data on individuals be
consolidated to the National DNA Database, and that closed-circuit
television surveillance only be used under strict oversight and where
it has been shown to be effective.

More info:
http://jurist.law.pitt.edu/paperchase/2009/02/uk-must-balance-surveillance-and-data.php
http://www.publications.parliament.uk/pa/ld200809/ldselect/ldconst/18/18.pdf


saqib
http://www.capital-punishment.net

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

More on (no pun intended) D-wave quantum computer

[Ali, Saqib]

Source:
http://bits.blogs.nytimes.com/2008/12/22/d-wave-arms-smoking-gun-proof-of-quantum-computer/


"Once D-Wave collects the results of the simulations and processes the
information, it will compare the simulation against an actual run of
its latest quantum computer, which should be completed in the next few
months. If the figures match up, then D-Wave will have shown that it
really has a quantum machine, silencing skeptics, according to Geordie
Rose, the company's chief technology officer. "

I still don't see how figures matching up prove that what d-wave
developed is a quantum computer. it just proves that it is a faster
computer……..

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Lifting Some Restrictions on Encryption Exports

[Ali, Saqib]

Does anyone have more info on the following:
http://snurl.com/75m3f

I couldn't find any other article that talked about it. The pay per
news is the only item I found.

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: "usable security" at www.usable.com

[Ali, Saqib]

> to make it easy to login to participating web sites.  However, I don't
> see any details of the protocols or algorithms.

The service looks very user friendly and secure (i.e. if implemented properly)

It is unfortunate that being a security aware company they don't
provide information about the protocols or algorithms. I haven't used
the service either. So I am as clueless as anyone else. But I won't
let that stop me from making some speculations ;-)

Note: The following are pure speculations and wild guesses:

The service seems to incorporate a technology similar to RSA's
passmark to perform mutual authentication i.e. authenticate the client
machine to the server to prevent phishing. In addition, it appears,
they are also utilizing host-proof hosting AJAX paradigm such that
your login information is never sent to the Usable's cloud servers in
clear-text.

Both of these technologies are well-defined and, if implemented
properly, provide reasonable amount of security.

BankOfAmerica utilizes RSA's Passmark for Logons. Passpack utilizes
Host-proof hosting AJAX paradigm.

saqib
http://doctrina.wordpress.com/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

No Legitimate Expectation of Privacy for Data on Office Computer, Court Says

[Ali, Saqib]

An employee has no reasonable expectation of privacy in personal files
stored on a company-owned computer and an employer's consent makes a
police search lawful, an appeals court says in a ruling of first
impression in New Jersey.

"We conclude ... that neither the law nor society recognize as
legitimate defendant's subjective expectation of privacy in a
workplace computer he used to commit a crime," Judge Marie Simonelli
wrote for the three-judge panel in State v. M.A., A-4922-06.

Read More:
http://www.law.com/jsp/article.jsp?id=1202424228730


saqib
http://doctrina.wordpress.com/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Introducing Cryptanalysis

[Ali, Saqib]

A informative blog post on the topic of cryptanalysis by Mark
Chu-Carroll of Google:
http://scienceblogs.com/goodmath/2008/08/introducing_cryptanalysis.php



saqib
http://doctrina.wordpress.com/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Security by restraining order

[Ali, Saqib]

JOLT's coverage of the topic and some new updates:
http://jolt.law.harvard.edu/digest/district-courts/mbta-v-anderson


saqib
http://doctrina.wordpress.com/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Dutch chipmaker sues to silence security researchers

[Ali, Saqib]

Latest updates (17.07.08):
Dutch courts OKs publishing how to hack NXP chip
http://uk.reuters.com/article/governmentFilingsNews/idUKL186838820080718


saqib
http://doctrina.wordpress.com/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Dutch chipmaker sues to silence security researchers

[Ali, Saqib]

Dutch chipmaker NXP Semiconductors has sued a university in The
Netherlands to block publication of research that details security
flaws in NXP's Mifare Classic wireless smart cards, which are used in
transit and building entry systems around the world.

More at:
http://news.cnet.com/8301-10784_3-9985886-7.html?hhTest=1

saqib
http://doctrina.wordpress.com/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Permanent Privacy - Snake Oil or unbreakable encryption?

[Ali, Saqib]

> This reads like snake oil.
>> http://www.foxbusiness.com/story/hackers-hell-privacy-compromised/
> This reads like a pump'n'dump stock scam.

zdnet tries to expose the snake-oil crypto and the pump'n'dump stock scam:
http://blogs.zdnet.com/security/?p=1448

good start. but i think they could have done better..


saqib
http://doctrina.wordpress.com/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Permanent Privacy - Snake Oil or unbreakable encryption?

[Ali, Saqib]

Quoting the Foxbusiness article:

"PermanentPrivacy announces the world's first practical data
encryption system that is absolutely unbreakable. And is offering a
$1,000,000 challenge to anyone who can crack it.

Permanent Privacy (patent pending) has been verified by Peter
Schweitzer, one of Harvard's top cryptanalysts, and for the inevitable
cynics Permanent Privacy is offering $1,000,000 to anyone who can
decipher a sample of ciphertext."


http://www.foxbusiness.com/story/hackers-hell-privacy-compromised/
http://www.permanentprivacy.com/


saqib
http://doctrina.wordpress.com/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Code makers and breakers of WWII era

[Ali, Saqib]

Actually the correct URL is:
http://www.sscnet.ucla.edu/geog/gessler/collections/cryptology.htm

On Wed, Jun 4, 2008 at 1:59 PM, Ali, Saqib <[EMAIL PROTECTED]> wrote:
> Here is another site that has a lot more details and photographs:
> http://www.sscnet.ucla.edu/geog/gessler/collections/crypto-hebern.htm
>
> saqib
> http://doctrina.wordpress.com/
>

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Code makers and breakers of WWII era

[Ali, Saqib]

Here is another site that has a lot more details and photographs:
http://www.sscnet.ucla.edu/geog/gessler/collections/crypto-hebern.htm

saqib
http://doctrina.wordpress.com/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Question re Turing test and image recognition

[Ali, Saqib]

Check out http://www.numenta.com/ . They have an SDK that you d/l and
play with it.

saqib
http://doctrina.wordpress.com/

On Fri, May 16, 2008 at 8:36 AM, Allen <[EMAIL PROTECTED]> wrote:
> Hi gang,
>
> In looking at captchas that have been broken via software it dawned on me
> that the amount of "mental processing" involved is actually very little. I'm
> interested in what the current state of image recognition via software of
> things like knowing the difference between a monkey and a cat or a child
> laughing or just happy and the degree of reliability of the differentiation.
> I've done a bit of looking around and don't find much. Does anyone have
> knowledge of or a  pointer to someone who might know where to look about
> this?
>
> Thanks,
>
> Allen
>
> -
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
>

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: It seems being in an explosion isn't enough...

[Ali, Saqib]

>Edwards said the Seagate hard drive -- which was
>about eight years old in 2003 -- featured much
>greater fault tolerance and durability than current
>hard drives of similar capacity.

I am not so sure about this statement. The newer drives are far more
ruggedized and superior in constuction. For e.g. the newer EE25 are
designed to "operate" @
1) Operating temperatures of –30°C to 85°C
2) Operating altitudes from –1000 feet to 16,400 feet
3) Operating vibration up to 2.0 Gs
4) Long-duration (11 ms) shock capability of 150 Gs

where as the older ST9385AG:
1) Operating temperatures of 5° to 55°C (41° to 131°F)
2) Operating altitudes from –1,000 ft to 10,000 ft (–300 m to 3,000 m)
3) Operating vibration up to 0.5 Gs
4) shock capability of 100 Gs


Source:
http://www.seagate.com/docs/pdf/datasheet/disc/ds_ee25_2.pdf
http://www.seagate.com/support/disc/manuals/ata/9655pma.pdf

saqib
http://doctrina.wordpress.com/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Pentagon looks for 'Killer Switch'

[Ali, Saqib]

Not exactly related to Malicious Hardware/Software discussion, but
interesting nonetheless:
http://blog.wired.com/defense/2008/04/the-case-of-the.html
http://spectrum.ieee.org/may08/6171

saqib
http://doctrina.wordpress.com/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Snake oil crypto of the day: BabelSecure Samurai

[Ali, Saqib]

See:
http://babelsecure.com/challenge.aspx

Snake-oil sales pitch:
"The creators of BabelSecure are so confident in the ability and
security of Samurai, they have created the Turing Challenge. The first
individual or team to break the following code will earn $5000"

saqib
http://doctrina.wordpress.com/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Privacy as Contextual Integrity - A lecture by Dr. Nissembaum of NYU

[Ali, Saqib]

Dr. Helen Nissenbaum of NYU gave an extremely interesting, engaging
and stimulating lecture entitled "Privacy in Context" at UC Berkeley:

http://security-basics.blogspot.com/2008/04/fde-privacy-as-contextual-integrity.html
(audio recording and lecture notes)

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Levels of security according to the easiness to steel biometric data

[Ali, Saqib]

I believe ISC2 (https://www.isc2.org/ ) did some testing and published
their findings. Maybe someone from ISC2 on this list can give you the
exact reference to that material.

saqib
http://doctrina.wordpress.com/

On Mon, Mar 31, 2008 at 11:10 AM, Danilo Gligoroski
<[EMAIL PROTECTED]> wrote:
> Hi,
>
>
>  Probably you have heard about this:
>
>  CCC publishes fingerprints of German Home Secretary
>  Date: 31 March 2008
>  Source: Heise.de
>
>  In a protest against the use of biometric data, the
>  Chaos Computer Club (CCC) has taken a step that will
>  raise a few eyebrows ­ in the current issue of its
>  club magazine Die Datenschleuder, the hackers have
>  published the fingerprint of German Home Secretary,
>  ...
>  Link: http://www.liveleak.com/view?i=b29_1206968252
>
>
>
>  QUESTION: Does anybody knows about the existence of a
>  security research in area of grading the easiness to
>  steel biometric data.
>  For example, I guess that stealing information of
>  someone's "face" is easier than stealing information
>  about someone's "fingerprints",
>  but stealing information about someone's "retina"
>  would be much harder.
>
>
>  Such a scale can be useful in the design of secure
>  protocols and secured information systems.
>
>
>  Danilo Gligoroski!
>

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: cold boot attacks on disk encryption

[Ali, Saqib]

i think in most cases tamper-resistant is sufficient - provided the
device that can detect an attempt of tampering, and erase itself. DRAM
chips referred to in this attack are not tamper-resistant.

http://www.linkedin.com/in/encryption


On Thu, Feb 21, 2008 at 2:59 PM, Perry E. Metzger <[EMAIL PROTECTED]> wrote:
>
>  "Ali, Saqib" <[EMAIL PROTECTED]> writes:
>
> > How about TPM? Would this type of attack work on a tamper-resistant ver1.2 
> > TPM?
>
>  The phrase is "tamper resistant", not "tamper proof". Depending on how
>  determined your attackers are, pretty much anything depending on
>  tamper resistant hardware will fall. As always, the question is
>  whether what you are protecting is worth more than the attackers would
>  have to spend on the attack.
>
>  --
>
>
> Perry E. Metzger[EMAIL PROTECTED]
>



-- 
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: cold boot attacks on disk encryption

[Ali, Saqib]

>  Umm, pardon my bluntness, but what do you think the FDE stores the key
>  in, if not DRAM? The encrypting device controller is a computer system
>  with a CPU and memory. I can easily imagine what you'd need to build
>  to do this to a disk drive. This attack works on anything that has RAM.

How about TPM? Would this type of attack work on a tamper-resistant ver1.2 TPM?

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: cold boot attacks on disk encryption

[Ali, Saqib]

After thinking about this a bit, i have changed my views on this
attack. i think it is quite easy to perform this attack. i myself have
been in similar situations, where my personal computer could have been
easily compromised by this attack

However, the hardware based encryption solutions like (Seagate FDE)
would easily deter this type of attacks, because in a Seagate FDE
drive the decryption key never gets to the DRAM. The keys always
remain in the Trusted ASIC on the drive.


On Thu, Feb 21, 2008 at 11:51 AM, Perry E. Metzger <[EMAIL PROTECTED]> wrote:
>
>  "Ali, Saqib" <[EMAIL PROTECTED]> writes:
>  > This methods requires the computer to be "recently" turned-on and unlocked.
>
>  No, it just requires that the computer was recently turned on. It need
>  not have been "unlocked" -- it jut needed to have keying material in RAM.
>
>
>  > So the only way it would work is that the victim unlocks the disks
>  > i.e. enter their preboot password and turn off the computer and
>  > "immediately" handover (conveniently) the computer to the attacker so
>  > that the attacker remove the DRAM chip and store in nitrogen.
>
>  LN2 is pretty trivial to get your hands on, and will remain happy and
>  liquid in an ordinary thermos for quite some hours or longer. However,
>  the authors point out that canned air works fine, too.
>
>
>  > And the attacker has to do all this in less then 2 seconds :)
>
>  No, they may even have minutes depending on the RAM you have.
>
>
>  > Or am I missing something?
>
>  People readily assume that rebooting or turning off a computer wipes
>  RAM. It doesn't. This is just more evidence that it is bad
>  to assume that the contents of RAM are gone even if you turn off the
>  machine.
>
>  Perry
>



-- 
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: cold boot attacks on disk encryption

[Ali, Saqib]

interesting paper. but i fail to see how this could be "deadly" (as
the author puts it) to the disk encryption products.

This methods requires the computer to be "recently" turned-on and unlocked.

So the only way it would work is that the victim unlocks the disks
i.e. enter their preboot password and turn off the computer and
"immediately" handover (conveniently) the computer to the attacker so
that the attacker remove the DRAM chip and store in nitrogen. And the
attacker has to do all this in less then 2 seconds :) If the
attacker is standing right next to the victim, why even let the victim
turn-off the unlocked computer

Or am I missing something?

-- 
Saqib Ali,
http://www.full-disk-encryption.net


On 2/21/08, Perry E. Metzger <[EMAIL PROTECTED]> wrote:
>
>  Ed Felten blogs on his latest research:
>
>  http://www.freedom-to-tinker.com/?p=1257
>
>  Excerpt:
>
> Today eight colleagues and I are releasing a significant new
> research result. We show that disk encryption, the standard
> approach to protecting sensitive data on laptops, can be defeated
> by relatively simple methods. We demonstrate our methods by using
> them to defeat three popular disk encryption products: BitLocker,
> which comes with Windows Vista; FileVault, which comes with MacOS
> X; and dm-crypt, which is used with Linux.
>
>  More info: http://citp.princeton.edu/memory
>
>  Paper: http://citp.princeton.edu.nyud.net/pub/coldboot.pdf
>
>
>
>  --
>  Perry E. Metzger[EMAIL PROTECTED]
>
>  -
>  The Cryptography Mailing List
>  Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
>

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Open source FDE for Win32

[Ali, Saqib]

I installed TrueCrypt on my laptop and ran some benchmark tests/

Benchmark Results:
http://www.full-disk-encryption.net/wiki/index.php/TrueCrypt#Benchmarks

Pros:
1) Easy to use product. Simple clean interface. Very user-friendly!
2) Free and Open Source
3) Multiple Encryption and Hashing algorithm available.

Cons:
1) Buffered Read and Buffered Transfer Rate was almost halved after
TrueCrypt FDE was enabled :-(.
2) Access Time for large file (250+MB) increased by 11%.
3) The initial encryption of the 120 GB HDD took 2 hours.




On Feb 7, 2008 11:46 PM, Hagai Bar-El <[EMAIL PROTECTED]> wrote:
> List,
>
> Finally, an open source FDE (Full Disk Encryption) for Win32. It is the
> first one I am aware of:
>
> www.truecrypt.org
>
> TC is not a new player, but starting February 5th (version 5) it also
> provides FDE.
>
> Didn't get to try it yet.
>
> Hagai.
>
>
> -
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
>

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: questions on RFC2631 and DH key agreement

[Ali, Saqib]

http://www.xml-dev.com/blog/index.php?action=viewtopic&id=196

On 2/1/08,  =JeffH  <[EMAIL PROTECTED]> wrote:
>
> So AFAICT from perusal of RFC2631 "Diffie-Hellman Key Agreement Method" and
> RFC2630 CMS, when one executes a simple DH static profile between two parties,
> the only things that really need to go over the wire are each party's public
> keys (ya and yb) if { p, q, g, j } are known to both parties. And thus,
> "Generation of Keying Material" is done by each party separately, using the
> value of ZZ that each independently calculates, yes?  Thus keying material
> doesn't cross the wire and risk exposure (among various things).
>
> So if p, q, g are not static, then a simplistic, nominally valid, DH profile
> would be to..
>
>
>   a b
>   --   --
>
>   g, p, ya >
>
>
>   <--- yb
>
>
>  [calculates ZZ] [calculates ZZ]
>  [calculates keying material][calculates keying material]
>   . .
>   . .
>   . .
>
>
>
> ..yes?
>
>
> Other than for b perhaps wanting to verify the correctness of { p, q, g, j }
> ("group parameter validation"), is there any reason to send q ?
>
>
>
> thanks,
>
> =JeffH
>
>

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: patent of the day

[Ali, Saqib]

can anyone please shed more light on this patent. It seems like a
patent on the simple process of cryptographic erase..

saqib
http://www.full-disk-encryption.net/wiki


On Jan 22, 2008 7:29 PM, Perry E. Metzger <[EMAIL PROTECTED]> wrote:
>
> http://www.google.com/patents?vid=USPAT6993661

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

DRM Helps Sink Another Content Distribution Project

[Ali, Saqib]

See:
http://msl1.mit.edu/furdlog/?p=6538

And Foxtrot on DMCA:
http://www.gocomics.com/foxtrot/2007/12/30/

And Opus on e-books:
http://www.salon.com/comics/opus/2007/12/30/opus/


saqib
http://www.quantumcrypto.de/dante/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Electronic Voting: Danger and Opportunity

[Ali, Saqib]

University of Illinois will hold a talk on "Electronic Voting: Danger
and Opportunity". Professor Edward W. Felten of Princeton University
will be speaking.See:
http://webtools.uiuc.edu/calendar/Calendar?calId=504&eventId=78090&ACTION=VIEW_EVENT


saqib
http://www.quantumcrypto.de/dante/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: gauging interest in forming an USA chapter of IISP

[Ali, Saqib]

How will this be any different from being a member of ISC2 or ISACA?
Why do we need to be a member of "yet" another organization?

saqib
http://www.quantumcrypto.de/dante/


On Dec 12, 2007 12:21 PM, Alex Alten <[EMAIL PROTECTED]> wrote:
>
> Would anyone on this list be interested in forming a USA chapter of the
> Institute
> of Information Security Professionals (IISP, www.instisp.org)?
>
> I'm finding it rather difficult to attend events, etc., that are only in
> London.
>
> - Alex

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Protocols and Systems for Privacy Preserving Protection of Digital Identity

[Ali, Saqib]

Interesting Presentation:
http://www.cerias.purdue.edu/news_and_events/events/calendar/[EMAIL PROTECTED]

Format: iPod compatible MP4 Video

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

DirecTV, Inc. v. Huynh

[Ali, Saqib]

Ninth Circuit Allows Individuals to Use Devices to Decrypt Satellite
Television Signals:
http://jolt.law.harvard.edu/digest/?p=19


Jennifer Granick expects that the ruling will "prevent[] satellite and
cable TV companies from piling on excessive damages that would punish
and chill legitimate encryption research."
Declan McCullagh discusses the various legal and illegal uses of the
smart card devices purchased by defendants.


saqib
http://www.quantumcrypto.de/dante/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Full Disk Encryption solutions selected for US Government use

[Ali, Saqib]

> Right -- I was unaware that Windows actually had any real (pre-boot)
> FDE solutions before about the time of BitLocker. But I only
> peripherally have any idea about Windows crypto solutions, so I
> wouldn't be surprised if I'm wrong. Cheers,

Windows have had FDE (with pre-boot) solutions for a  long while. Here
is a list: http://www.full-disk-encryption.net/Full_Disc_Encryption.html

Note: BitLocker is NOT true FDE. It is only volume based encryption.
It has 3 modes. In one of the mode you can store the key on a external
USB device. Only in that mode BitLocker acts as a FDE solution with
pre-boot.

saqib
http://security-basics.blogspot.com/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Full Disk Encryption solutions selected for US Government use

[Ali, Saqib]

> > Out of curiousity, are any open source FDE products being evaluated?
> Are there at all any open source FDE products for Win32?

Not that I know off. But with Full Disk Encryption now being embedded
into the hardware (Seagate FDE Momentus and Danberry), it doesn't make
much sense to start a open source FDE for Windows project now
anyways. Just my 1+1 cents.

saqib
http://security-basics.blogspot.com/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Perfect Storm is gathering

[Ali, Saqib]

I a good artikle about Storm worm in Guardian:
http://observer.guardian.co.uk/business/story/0,,2195730,00.html


saqib
http://security-basics.blogspot.com/2007/10/execute-spammers.html

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Commercial CAPTCHA-breakers for sale

[Ali, Saqib]

On 10/22/07, Ian G <[EMAIL PROTECTED]> wrote:
> Peter Gutmann wrote:
> > http://www.lafdc.com/captcha/ is a site that sells commercial 
> > CAPTCHA-breaking
> > software.

The complexity of some the captchas shown on this web-site made me
think. We have gone to such extents to prevent against spammers. When
we should be prosecuting and hanging the spammers.

Remember
"Men are not hanged for stealing horses, but that horses may not be
stolen" George Savile

saqib
http://security-basics.blogspot.com/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Intelligent Redaction

[Ali, Saqib]

Xerox Unveils Technology That Blocks Access to Sensitive Data in
Documents to Prevent Security Leaks
http://www.parc.com/about/pressroom/news/2007-10-15-redaction.html

The Innovation: The technology includes a detection software tool that
uses content analysis and an intelligent user interface to easily
protect sensitive information. It can encrypt only the sensitive
sections or paragraphs of a document, a capability previously not
available.

saqib
http://security-basics.blogspot.com/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Full Disk Encryption solutions selected for US Government use

[Ali, Saqib]

> Out of curiousity, Vista (BitLocker) was not mentioned?

BitLocker lacks centralized management, and has very limited key
recovery capability. Also it is limited to Vista Business or Ultimate
Edition.

BitLocker, if you are not using a external USB device to store the
key, falls back to volume level encryption.

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Full Disk Encryption solutions selected for US Government use

[Ali, Saqib]

Arshad,

Some of the solutions already include a KMS. One of the key
requirements of this particular RFP was "Transparency". Can you please
elaborate more on how StrongKey KMS would have improved on
transparency?

Thanks
saqib
http://security-basics.blogspot.com/



On 10/8/07, Arshad Noor <[EMAIL PROTECTED]> wrote:
> We submitted a letter to the Program Manager, that while they RFP
> was asking for an FDE solution, they really needed to focus on Key
> Management across the agency, rather than the actual encryption
> solution itself, before they deployed any encryption product.
>
> We proposed our open-source Symmetric Key Management System (SKMS)
> software - StrongKey - as a solution since it includes utilities to
> perform file, directory and column-level database encryption using
> FIPS-certified tokens: smartcards, HSMs and software modules (NSS).
>
> Given that the solution we proposed was OSS, that it could leverage
> any FIPS-certified token through their published JCE/PKCS11 library,
> and that the StrongKey protocol is winding its way through OASIS
> towards becoming the Symmetric Key Services Markup Language (SKSML)
> with the support of 33 companies/individuals including the DoD, we
> believed that this solution was optimal for the government from many
> different points of view.
>
> However, because the RFP was narrowly written for FDE products only,
> our submission was not accepted.  That's life in the Federal
> procurement lane they think they're buying a state of the art
> security solution and they don't realize that the state of the art
> has already shifted under their feet.
>
> Arshad Noor
> StrongAuth, Inc.
>
> - Original Message -
> From: "Steven M. Bellovin" <[EMAIL PROTECTED]>
>
> On Mon, 18 Jun 2007 22:57:36 -0700
> "Ali, Saqib" <[EMAIL PROTECTED]> wrote:
>
> > US Government has select 9 security vendors that will product drive
> > and file level encryption software.
> >
> > See:
> > http://security-basics.blogspot.com/2007/06/fde-fde-solutions-selected-for-us.html
> > OR
> > http://tinyurl.com/2xffax
> >
>
> Out of curiousity, are any open source FDE products being evaluated?
>
> -
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
>

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Seagate announces hardware FDE for laptop and desktop machines

[Ali, Saqib]

> I think the really interesting question is what happens when you lose
> a FDE-ed hard drive.  Do you still need to publish the incident and
> contact potentially affected individuals?  If the answer is "no", I'm
> sure this technology will be quickly adopted, independently of its
> actual implementation.

California Senate Bill CA1386 provides a "Get Out of Jail Free" Card
if you are using "reasonable" means to protect the confidentiality of
data. However you still have to proof it


saqib
http://security-basics.blogspot.com/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Snake-Oil cypto: Product vs. Media Coverage

[Ali, Saqib]

Note in the following Blog entry Mr. Schneier is criticizing NOT the
product but idiotic media coverage:
http://www.schneier.com/blog/archives/2007/09/idiotic_cryptog.html


saqib
http://security-basics.blogspot.com/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: flavors of reptile lubricant, was Another Snake Oil Candidate

[Ali, Saqib]

On 13 Sep 2007 13:45:42 -, John Levine <[EMAIL PROTECTED]> wrote:
> I always understood snake oil crypto to refer to products that were of
> no value to anyone, e.g., products that claim to have secret
> unbreakable encryption, million bit keys, or "one time pads" produced
> by PRNGs.

hear hear!

I think in the zeal for criticism of the IronDrive, folks have
expanded the definition of Snake Oil to include "All" security
products.

I don't like the "Military Grade AES Encryption" phrase that IronDrive
uses on their website, cause that implies they know what Military is
using. Maybe somebody should notify DoD that these IronDrive folks
know what Military uses to encrypt info ;-)

But other then that I don't see any Snake Oil Crypto like
techno-babble used by IronDrive Marketing.

saqib
http://security-basics.blogspot.com/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Another Snake Oil Candidate

[Ali, Saqib]

On 9/11/07, Aram Perez <[EMAIL PROTECTED]> wrote:
> The world's most secure USB Flash Drive: .

you didn't explain why it is a "Snake Oil" Candidate..

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: New DoD encryption mandate

[Ali, Saqib]

> I still don't follow. BitLocker explicitly includes a (optionally
> file-based) recovery password. If you want central management, why
> not centrally manage _that_?

On if MS provided some way to manage them centrally. Using a encrypted
DB to manually store the keys in it, is simply not feasible.

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: New DoD encryption mandate

[Ali, Saqib]

On 8/17/07, Ivan Krstic <[EMAIL PROTECTED]> wrote:
> How so? If your computer goes bad, you need a *backup*. That's
> entirely orthogonal to the drive encryption problem.

One of the functions provided by the TPM is to wrap/bind and store the
bulk encryption keys. Now let's us say the mother board or the TPM
goes bad on your notebook or you simply want to upgrade the computer.
You need to be able to restore+transfer the information stored in the
TPM to your new computer. This is where you need TPM management suite
that support key backup/restore and transfer.

A large company's (name withheld) strategy regarding TPM was to ignore
it. Not too long ago few key engineers from that company decided that
a TPM enabled encrypted vault would be good place to secure their
documents. Somehow they managed to lock themselves out of the
encrypted vaults (maybe forgotten password / or lost keys). Had that
company not ignored the TPM and instituted a key backup/archive
program, the engineers would have been able to recover their
confidential documents. We can blame the engineers, but at the end of
the day it was the whole company that lost money and valuable design
documents.

saqib
http://security-basics.blogspot.com/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: New DoD encryption mandate

[Ali, Saqib]

On 8/15/07, Ed Gerck <[EMAIL PROTECTED]> wrote:
> The first is simply a MSFT Vista requirement for BitLocker file
> encryption.

I think one of the problems with Bitlocker is that it is only
available in Vista Business Edition purchased  under MS Software
Assurance (SA). Not many shops have the MS SA. It is also available in
Ultimate but that is way tooo expensive. Also what about non-MS
operating systems?

The other problem is that it lacks any centralized management. If you
are letting TPM manage your Bitlocker keys you still need a TPM
management suite with key backup/restore/transfer/migrate capabilities
in case your computer goes bad.

The third problem is that it is software based encryption, which uses
the main CPU to perform the encryption.

saqib
http://www.linkedin.com/in/encryption

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Quantum Cryptography

[Ali, Saqib]

...whereas the key distribution systems we have aren't affected by
eavesdropping unless the attacker has the ability to perform 2^128 or
more operations, which he doesn't.


Paul: Here you are assuming that key exchange has already taken place.
But key exchange is the toughest part. That is where Quantum Key
Distribution QKD comes in the picture. Once the keys are exchanged
using QKD, you have to rely on conventional cryptography to do bulk
encryption using symmetric crypto.

Using Quantum Crypto to do bulk encryption doesn't make any sense. It
is only useful in key distribution.

saqib
http://www.linkedin.com/in/encryption

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Quantum Cryptography

[Ali, Saqib]

- Quantum Cryptography is "fiction" (strictly claims that it solves
  an applied problem are fiction, indisputably interesting Physics).


Well that is a broad (and maybe unfair) statement.

Quantum Key Distribution (QKD) solves an applied problem of secure key
distribution. It may not be able to ensure "unconditional" secrecy
during key exchange, but it can detect any eavesdropping. Once
eavesdropping is detected, the key can be discarded.

saqib
http://security-basics.blogspot.com/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: question re practical use of secret sharing

[Ali, Saqib]

There is a opensource implementation available:
http://point-at-infinity.org//



On 6/13/07, Charles Jackson <[EMAIL PROTECTED]> wrote:

A quick question.

Is anyone aware of a commercial product that implements secret sharing? If
so, can I get a pointer to some product literature?



--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Full Disk Encryption solutions selected for US Government use

[Ali, Saqib]

US Government has select 9 security vendors that will product drive
and file level encryption software.

See:
http://security-basics.blogspot.com/2007/06/fde-fde-solutions-selected-for-us.html
OR
http://tinyurl.com/2xffax

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: A crazy thought?

[Ali, Saqib]

Allen,

I am not sure what you are trying to achieve. The CA never has your
private key. They are just signing a X.509 certificate that holds your
public key. This way they are vouching that that you own the public.
Even if you subpoena a CA they won't be able to decrypt any
information encrypted with your public key.

So having a separation-of-duty is not providing any additional security.

Can you please elaborate on you are trying to achieve?

Thanks
saqib
http://www.full-disk-encryption.net

On 5/26/07, Allen <[EMAIL PROTECTED]> wrote:

Hi Gang,

In a class I was in today a statement was made that there is no way
that anyone could present someone else's digital signature as their
own because no one has has their private key to sign it with. This
was in the context of a CA certificate which had it inside. I tried
to suggest that there might be scenarios that could accomplish this
but was told "impossible." Not being totally clear on all the
methods that bind the digital signature to an identity I let it be;
however, the "impossible" mantra got me to thinking about it and
wondering what vectors might make this possible.

Validating a digital signature requires getting the public key from
some source, like a CA, or a publicly accessible database and
decrypting the signature to validate that the private key associated
with the public key created the digital signature, or "open message."

Which lead me to the thought of trust in the repository for the
public key. Here in the USA, there is a long history of behind the
scenes "cooperation" by various large companies with the forces of
the law, like the wiretap in the A&TT wire room, etc.

What is to prevent this from happening at a CA and it not being
known for a lengthy period of time? Jurors have been suborned for
political reasons, why not CAs? Would you, could you trust a CA
based in a country with a low ethics standard or a low regard for
human rights?

Which lead me to the thought that if it is possible, what could be
done to reduce the risk of it happening?

It occurred to me that perhaps some variation of "separation of
duties" like two CAs located in different political environments
might be used to accomplish this by having each cross-signing the
certificate so that the compromise of one CA would trigger an
invalid certificate. This might work if the compromise of the CA
happened *after* the original certificate was issued, but what if
the compromise was long standing? Is there any way to accomplish this?

Thoughts?

Best to all,

Allen

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]




--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Enterprise Right Management vs. Traditional Encryption Tools

[Ali, Saqib]

Hi Jon,


Rights management systems work against polite attackers. They are
useless against impolite attackers. Look at the way that
entertainment rights management systems have been attacked.
The rights management system will be secure so long as no one wants
to break them. There is tension between the desire to break it and
the degree to which its users rely on it. At some point, this tension
will snap and it's going to hurt the people who rely on it. A
metaphor involving a rubber band and that smarting is likely apt.


What about DRM/ERM that uses TPM? With TPM the content is pretty much
tied to a machine (barring screen captures etc)

Will ERM/DRM be ineffective even with the use of TPM?

Thanks
Saqib Ali

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Enterprise Right Management vs. Traditional Encryption Tools

[Ali, Saqib]

I was recently asked why not just deploy a Enterprise Right Management
solution instead of using various encryption tools to prevent data
leaks.

Any thoughts?

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: phone encryption technology becoming popular in Italy

[Ali, Saqib]

A notable mention is http://www.cryptophone.com/ . They are the only
secure phone provider that allows for independent review of the source
code.

On 4/30/07, Steven M. Bellovin <[EMAIL PROTECTED]> wrote:

According to an NY Times article
(http://news.com.com/Phone+taps+in+Italy+spur+rush+toward+encryption/2100-1029_3-6180118.html?tag=nefd.top),
phone encryption technology is becoming popular in Italy because of
many recent incidents of conversations being published.  Sometimes, a
wiretap is being leaked; other times, it seems to be private behavior:

What has spurred encryption sales is not so much the legal
wiretapping authorized by Italian magistrates--though
information about those calls is also frequently leaked to the
press--but the widespread availability of wiretapping
technology over the Internet, which has created a growing pool
of amateur eavesdroppers. Those snoops have a ready market in
the Italian media for filched celebrity conversations.



--Steve Bellovin, http://www.cs.columbia.edu/~smb

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]




--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: crypto component services - is there a market?

[Ali, Saqib]

i am not sure what you mean by "crypto component services". Can you
please elaborate?

saqib
http://www.full-disk-encryption.net

On 4/16/07, Travis H. <[EMAIL PROTECTED]> wrote:

So back when I was reading about secure logging I thought it'd be
a fun service to offer, but it doesn't seem like a "product" that
the average business would be interested in; it seems more like
something that would be a component of a larger system, or used by
other systems.

Same with digital timestamping.

Does anyone think there is a market for these "point solutions"?

--
Kill dash nine, and its no more CPU time, kill dash nine, and that
process is mine. -><- http://www.subspacefield.org/~travis/>
For a good time on my UBE blacklist, email [EMAIL PROTECTED]





--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]