webcam encryption beats quasar encryption
Internet webcam signals from webcams could emerge as an exotic but effective new tool for securing terrestrial communications against eavesdropping. Scientists have come up with a method for encrypting messages using the internet objects, which emit signals and are thought to be powered by DC voltage. Scientists at the National Institute of Cool Security Ideas (NICSI) propose using the signals emitted by webcams to lock and unlock digital communications in a secure fashion. The researchers believe webcams could make an ideal cryptographic tool because the signals they emit are impossible to predict. Webcam-based cryptography is based on a physical fact that such a webcam signal is random and has a very broad frequency spectrum. NICSI scientists suggest using an agreed webcam signal to add randomness to a stream cipher. Each communicating party would only need to know which webcam to monitor and when to start in order to encrypt and decrypt a message. Without knowing the target webcam and time an eavesdropper should be unable to decrypt the message. NICSI scientists believes voyeur-cryptography could appeal to anyone who requires high-security communications. He adds that the method does not require a large radio antenna like quasar encryption because the signals exist already on the internet. Plus quasar signals are really boring compared to many webcam signals. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Linux RNG paper
Gutterman, Pinkas, and Reinman have produced a nice as-built-specification and analysis of the Linux random number generator. From http://eprint.iacr.org/2006/086.pdf: Following our analysis of the LRNG, we suggest the following recommendations for the design of pseudo-random number generators. ² Fixing the LRNG. The issues which were reported in this paper should be fixed. In particular, the LRNG code should be changed to prevent attacks on its forward security. The OpenWRT implementation should be changed to provide more entropy to the LRNG, or at least save its state during shutdown. ² Implementing a quota for the consumption of random bits. Random bits are a limited resource, and attackers can easily mount a denial-of-service attack (even remotely) by consuming random bits at a high rate. The common solution for this type of problem is to implement a quota system which limits the effect of each user, or each process, on the operation of other users of the same system. Such a quota system should be added to the Linux kernel. ² Adopting the Barak-Halevi construction. The Barak-Halevi (BH) construction and its analysis [3] are attractive in their simplicity, which clearly identifies the role of every component of the system, and enables a simple implementation. In comparison, the current LRNG construction is an overkill in some aspects (like the size of the pools or the number of SHA-1 invocations), but its complexity does not improve its security but rather hides its weaknesses. We suggest that future constructions of pseudo-random number generators follow the BH construction (and in general, try to keep it simple). ² Since randomness is often consumed in a multi-user environment, it makes sense to generalize the BH model to such environments. Ideally, each user should have its own random-number generator, and these generators should be refreshed with different data which is all derived from the entropy sources available to the system (perhaps after going through an additional PRNG). This architecture should prevent denial-of-service attacks, and prevent one user from learning about the randomness used by other users - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RSA-640 factored
From: http://mathworld.wolfram.com/news/2005-11-08/rsa-640 November 8, 2005--A team at the German Federal Agency for Information Technology Security (BSI) recently announced the factorization of the 193-digit number 310 7418240490 0437213507 5003588856 7930037346 0228427275 4572016194 8823206440 5180815045 5634682967 1723286782 4379162728 3803341547 1073108501 9195485290 0733772482 2783525742 3864540146 9173660247 7652346609 known as RSA-640. The team responsible for this factorization is the same one that previously factored the 174-digit number known as RSA-576 (MathWorld headline news, December 5, 2003) and the 200-digit number known as RSA-200 (MathWorld headline news, May 10, 2005). -Michael Heyman - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
FYI: Credit bureaus to adopt data protection standard
Credit bureaus to adopt data protection standard By Reuters http://news.com.com/Credit+bureaus+to+adopt+data+protection+standard/210 0-1029_3-5877870.html Story last modified Thu Sep 22 21:58:00 PDT 2005 The top three U.S. credit reporting companies said on Thursday they would adopt a single, shared encryption standard to better protect the huge amounts of sensitive electronic data they receive every day from banks, retailers and credit-card companies. Equifax, Experian and TransUnion, which maintain huge databases on hundreds of millions of Americans, said the joint effort would involve the development and adoption of a data-cloaking code built on an encrypted algorithm and 128-bit, secret-key technologies. In a statement, the companies insisted they have long employed information security tools and programs to ensure the information they compile from third parties isn't intercepted by thieves. But they said that by creating and adhering to a single, beefed-up industry standard, they would further assure the protection of sensitive consumer data when transmitted between data furnishers and credit reporting companies. We're trying to make it easier for them so they don't have to juggle three different standards when they're dealing with us, said Colleen Tunney, a spokeswoman for Chicago-based TransUnion. The coordinated effort by the three traditional rivals is the latest proof of the serious threat posed by identity thieves and Internet-enabled crooks--and the unprecedented lengths business is going to in order to fight back. According to a report released earlier this week by Symantec, the world's biggest maker of security software, programs designed to steal confidential information accounted for three-quarters of viruses during the first half of 2005, up from 54 percent in the last six months of 2004. The credit reporting agencies aren't alone in seeking strength in numbers. Speaking at a credit-card conference earlier this week in Memphis, Tenn., the top security experts at Visa and MasterCard, the world's two biggest card associations and long-time rivals, said that they, too, were cooperating to crack down on fraud. Visa and MasterCard said the unity was required given the growing sophistication of the thieves, who, they said, were increasingly acting in concert and hiring former Soviet KGB cryptographers to help crack security codes. Previous Next Among the challenges the financial services industry faces is the emergence of highly sophisticated sleeper crimeware programs that infect a computer and then wait--quietly--for the user to log into a highly secure site such as an online banking or brokerage account. Once the infected user has run the gauntlet of passwords and authentication hurdles and is inside, the sleeper program wakes up and swings into action, launching what is known as a man-in-the-middle attack. In the case of an online bank account, for instance, it might send instructions to the secure server--which the server believes to be legitimate and the infected user cannot see--to liquidate the account and transfer the balance overseas using automatic clearing-house services. We're making it tougher and tougher for the bad guys, John Shaughnessy, senior vice president for fraud prevention at Visa USA, told the Memphis conference on Monday. But the Russians are good. Story Copyright (c) 2005 Reuters Limited. All rights reserved. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RSA gets a reprieve?
From: www.newscientist.com/channel/info-tech/mg18625054.000 ATTEMPTS to build quantum computers could run up against a fundamental limit on how long useful information can persist inside them. Exceed the limit and information could just leak away, making computation impossible...Rather than remaining in a superposition of two states, a qubit will spontaneously collapse into one state or another (Physical Review Letters, vol 94, p 230401). When we discovered this we were stunned, says van den Brink...the time limit for decoherence seems to grow shorter as systems get smaller. Zaanen says that for some of the most promising qubit technologies the limit would be about 1 second. It's not a problem at the moment, he says, because researchers are fighting to get coherence times up to around a microsecond. But this fundamental limit is getting within reach. This plus the no-cloning theorem means that if a quantum computer cannot factor an RSA modulus in under a second, RSA will remain unbreakable. (I'm not a quantum physicist or quantum computer programmer so I don't even know if the no-cloning theorem, which states qubits of unknown states cannot be copied, applies.) -Michael Heyman - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Retailers Experiment With Biometric Payment article
From http://www.washingtonpost.com/wp-dyn/content/article/2005/06/08/AR20050 60802335_pf.html: You can always get a new Social Security number, but you certainly can't get a new thumbprint..., Lee [of EFF] said...Robinson, of BioPay, argues that a personal check written at a grocery store passes through eight people before it is cashed, a process he considers much less secure than a biometric payment, in which the fingerprint image is connected immediately to the user's bank account. What can I do to hurt you if I have a picture of the tip of your finger? Not much, Robinson said, contending that associating fingerprints with legal troubles is unwarranted. BioPay does not share its biometric data with government agencies, and in fact, the full fingerprints are not stored in the system. Instead, a complex mathematical algorithm is created to represent identifying characteristics of the fingerprint, which are matched to the real thing when a user shows up at a checkout counter. No discussion on the threat of finger removal... -Michael - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Citibank discloses private information to improve security
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Gutmann Sent: Tuesday, May 31, 2005 1:29 PM In this situation, I believe that the users, through hard won experience with computers, _correctly_ assumed this was a false positive. Probably not. [SNIP text on user's thoughts on warning dialogs] The false positive I was referring to is the something is telling me something unimportant positive. I didn't mean to infer that the users likely went through a thought process centered around the possible causes of the certificate failure, specifically the likelihood of an active man-in-the-middle vs. software bug, vs. setup error, vs. etc.. So, when the box popped up, in the unimportant vs. important choice that the users went through, they correctly chose unimportant. These warning dialogs pop up regularly and usually they are crying wolf. I've probably seen hundreds of signature validation warnings from various web-sites for certificates and Active-X and possibly other signed content. I can't recall needing to heed even one of the warnings. We are trying to detect man-in-the-middle or outright spoofing with signatures and our false positive rate is through the roof. The false positive rate must be zero or nearly zero to work as a useful detector in real world situations. Defense in depth can help against spoofing - this includes valid certificates, personalization (even if it is the less-than-optimal Citibank-like solution), PetName, etc. Man-in-the-middle is harder given that we have such a high false positive rate on our best weapon. -Michael - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Citibank discloses private information to improve security
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James A. Donald Sent: Saturday, May 28, 2005 1:48 PM With bank web sites, experience has shown that only 0.3% of users are deterred by an invalid certificate, probably because very few users have any idea what a certificate authority is, what it does, or why they should care. I assume you refer to the BankDirect case with the accidentally invalid certificate. In this situation, I believe that the users, through hard won experience with computers, _correctly_ assumed this was a false positive. If an attack had actually occurred, the users would have been wrong. Luckily for them, they were correct and did not let the mistake interfere with their commerce. The one in 300 users that did let the mistake interfere wasted their time and, perhaps, money if they lost money due to the delay in access. As it stands, the system works reasonably well (of course it still has its share of problems). If 300 out of 300 users wasted time and money because of the mistake (say if the system were designed so users could not bypass the possibly bad certificate warning), the security folks in ivory towers may pat themselves on the back saying, look, the system works great! - the actual users of the technology would be more then a little ticked. A brittle system that cannot accept failures will always have trouble dealing with us fallible types. I'm not familiar with the BankDirect site, but if it like banking sites I am used to, it is fairly impersonal and easy to spoof. One way to reduce the ease-of-spoof factor is to add many ways to identify the bank web site. If one or two of them fail, the web site is probably still valid. Ways to identify a site include certificates, personalized greetings (Hello Michael, Welcome back, you haven't been here in 4 days and we've missed you), code words, the PetName tool, green light by anti-phishing software, even the URL and overall look-and-feel. So what if a couple of them fail? That happens all the time and we have to expect that and design our systems to work in spite of it. -Michael Heyman - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]