Re: Another Snake Oil Candidate

2007-09-13 Thread Jeffrey Altman
Damien Miller wrote:

 It protects against the common threat model of lost/stolen USB keys. Why is
 this snake oil? Your criticism seems akin to calling a physical lock insecure
 because it doesn't protect you from burglars once you have unlocked it.

Many many years ago an office that a startup I was working for was
burglarized by picking the lock on the office door.  They took a number
of computers.  The police recommended that we replace the locks with XYZ
super lock that could not be picked and we did so at significant expense
prior to replacing all of the computers.

Three or four weeks later the office was burglarized again.  They could
not pick the lock so they took a sledgehammer to the wall next to the
door, reached in unlocked the door from the inside and proceeded to go
about their business.

This wasn't a failure of the lock.  The lock did its job.


The product you are describing is not snake oil.  You have a valid gripe
that the product is not marketed along with a description of the attack
vectors it protects against and those that it does not.

Jeffrey Altman

Description: S/MIME Cryptographic Signature

Re: New article on root certificate problems with Windows

2007-07-19 Thread Jeffrey Altman
 The executive summary, so I've got something to reply to:
   In the default configuration for Windows XP with Service Pack 2 (SP2),
 if a
   user removes one of the trusted root certificates, and the certifier who
   issued that root certificate is trusted by Microsoft, Windows will
   add the root certificate back into the user's store and use the original
   trust settings.
 While I don't agree with this behaviour, I can see why Microsoft would do
 this, and I can't see them changing it at any time in the future.  It's the
 same reason why they ignore key usage restrictions and allow (for
 example) an
 encryption-only key to be used for signatures, and a thousand other
 of PKI etiquette: There'd be too many user complaints if they didn't.

The real flaw that I see in their design is that they permit
certificates that they installed to be removed.  Instead they should
have provided a disabled feature so that those who wish to disable
installed certs can do so and thereby ensure that in the future they
won't be restored.

Jeffrey Altman

Description: S/MIME Cryptographic Signature

Re: Status of SRP

2006-06-04 Thread Jeffrey Altman
James A. Donald wrote:
 Jeffrey Altman wrote:
 Unfortunately, SRP is not the solution to the phishing
 problem. The phishing problem is made up of many
 subtle sub-problems involving the ease of spoofing a
 web site and the challenges involved in securing the
 enrollment and password change mechanisms.
 With SRP, the web site cannot be spoofed, for it must
 prove it knows the  user's secret passphrase.

James, SRP can only prevent spoof's of successful authentications
and it can only prevent spoof's when it is actually used.

It cannot prevent spoof's of unsuccessful authentications and that
is where a huge part of the problem lies.  Consider the reaction
of many individuals when they receive a page that indicates that
their username and/or password are incorrect?

Sites that offer the common secret question(s) can be spoofed.
The attacker spoof's sits in the middle, captures the question from
the real site, the answer from the user, and if the real site says
that the new password is being sent, puts up a new page indicating
that the password should be changed online along with prompts for
private information that the attacker wants.

Stopping phishing with successful authentication is not even half
the problem.

Jeffrey Altman

Description: S/MIME Cryptographic Signature

Re: Status of SRP

2006-06-02 Thread Jeffrey Altman
James A. Donald wrote:
 The obvious solution to the phishing crisis is the widespread deployment
 of SRP, but this does not seem to happening.  SASL-SRP was recently
 dropped.  What is the problem?

Unfortunately, SRP is not the solution to the phishing problem.
The phishing problem is made up of many subtle sub-problems involving
the ease of spoofing a web site and the challenges involved in securing
the enrollment and password change mechanisms.  SRP would allow a client
to know that a service is in fact the correct service when the
authentication succeeds.  However, it would not help in the situation
when the authentication fails.  This could be because the user is not
sure of what the password is or even sure which account name was being

Solving the phishing problem requires changes on many levels:

(1) Some form of secure chrome for browsers must be deployed where
the security either comes from a trusted desktop or by per-user
customizations that significantly decrease the chances that the
attacker can fake the web site experience.  (Prevent the attacker
from replicating the browser frame, toolbars, lock icons,
certificate dialogs, etc.)

(2) Reducing the number of accounts and passwords (or other identifiers)
that end users need to remember.  With a separate identifier for
each and every web site it is no surprise that my extended family
can never remember what was used at each site.   Therefore, it is
not much of a surprise when a site says that the authentication

(3) Secure mechanisms must be developed for handling enrollment and
password changing.

Only then can we truly address the phishing problem.

Jeffrey Altman

Description: S/MIME Cryptographic Signature

Solution revealed

2006-04-28 Thread Jeffrey Altman
Da Vinci judge's secret code revealed
Fri Apr 28, 2006 8:25 AM ET

By Peter Graff

LONDON (Reuters) - Mystery solved. It was the admiral.

A secret code embedded in the text of a court ruling in the case of Dan
Brown's bestseller The Da Vinci Code has been cracked, but far from
revealing an ancient conspiracy it is simply an obscure reference to a
Royal Navy admiral.

British High Court Justice Peter Smith, who handed down a ruling that
Brown had not plagiarized his book, had embedded his own secret message
in his judgment by italicizing letters scattered throughout the 71-page

In Brown's book, a secret code reveals an ancient conspiracy to hide
facts about Jesus Christ.

The judge's own code briefly caused a wave of amused speculation when it
was discovered by a lawyer this week, nearly a month after the ruling
was handed down.

But the lawyer, Dan Tench, cracked it after a day of puzzling. The
judge's code was based on the Fibonacci sequence, a mathematical
progression discussed in the book.

After much trial and error, we found a formula which fitted, wrote
Tench, who had nothing to do with the Brown case but discovered the
italicized letters when studying the ruling.

The judge's secret message was: Jackie Fisher, who are you?
Dreadnought, Tench wrote in the Guardian newspaper.

Judge Smith is known as a navy buff, and Fisher was a Royal Navy admiral
who developed the idea for a giant battleship called the HMS Dreadnought
in the early 20th century.

Tench wrote that the judge had e-mailed him to confirm he had guessed
the secret code right.

The judge later confirmed the existence of the code, and revealed that
the Fibonacci sequence was indeed the secret to its solution.

The message reveals a significant but now overlooked event that
occurred virtually 100 years to the day of the start of the trial, he
said in a statement.

He said that he is not normally much of a fan of puzzles, such as the
Japanese number puzzles that have become an obsession of the British press.

The preparation of the Code took about 40 minutes and its insertion
another 40 minutes or so, he wrote. I hate crosswords and do not do
Sudoku as I do not have the patience.

Description: S/MIME Cryptographic Signature

Latest Da Vinci mystery: judge's own secret code

2006-04-27 Thread Jeffrey Altman
Latest Da Vinci mystery: judge's own secret code
Thu Apr 27, 2006 8:11 AM ET

By Peter Graff

LONDON (Reuters) - Three weeks after a British court passed judgment in
the copyright case involving Dan Brown's bestseller The Da Vinci Code,
a lawyer has uncovered what may be a secret message buried in the text
of the ruling.

Lawyer Dan Tench noticed some letters in the judgment had been
italicized, and it suddenly dawned on him that they spelled a phrase
that included the name of the judge: Smith code.

Justice Peter Smith, who during the trial displayed a sense of humor
unusual in the rarified world of bewigged barristers and ancient
tradition, appears to have embraced the mysterious world of codes and
conspiracy that run through the novel.

I thought it was a mistake, that there were some stray letters that had
been italicized because the word processor had gone wrong, Tench told

Tench initially told The Times newspaper that apparently random letters
in the judge's ruling appeared in italics. Wouldn't it be clever if the
judge had embedded a secret message in the text? The Times ran a jokey item.

And then I got an e-mail from the judge, said Tench.

He said Smith told him to look back at the first paragraphs. The
italicized letters scattered throughout the judgment spell out:

Those in the first paragraphs spell out smith code.

But what does the rest mean?

The novel, and upcoming movie starring Tom Hanks, are about a secret
code that reveals ancient mysteries about Jesus Christ.

Smith, who ruled that author Brown had not plagiarized his hugely
popular thriller from another book, The Holy Blood and the Holy Grail,
has so far not given any clues to his own mystery code.

For now, the judge is not speaking. His clerk said he is refusing
interviews. She would not confirm whether there truly was a secret
mystery embedded in his judgment.

But she did confirm that he is, generally speaking, a humorous type of

Description: S/MIME Cryptographic Signature