Re: End of the line for Ireland's dotcom star
Lynn and John Saylior have raised an important point. Who at Baltimore, or was once there, is likely to be able to account for the security of the certs for customers who still rely upon them? Not somebody to spin a fairy tale, but to truthfully explain what Baltimore has done to avoid betraying the trust of its customers, or handing that trust over to others who may not have Baltimore's scruples or be bound by its promises. Not that Baltimore's investors would give a hoot, but customers might want to know who to challenge about their private, once secure, data. This matter is important for it is a bellweather of what's to come with failure of other trusted parties or who or bought by less scrupulous if more financially endowed than always absolutely trustworthy crypto corporations. The recent stink about betrayal of customer data with JetBlue, Acxiom and eBay is timely. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
GSM Crack Paper
Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communications, by Elad Barkan, Eli Biham, Nathan Keller http://cryptome.org/gsm-crack-bbk.pdf (18 Pages, 234KB) Abstract. In this paper we present a very practical cipher-text only cryptanalysis of GSM encrypted communications, and various active attacks on the GSM protocols. These attacks can even break into GSM networks that use unbreakable ciphers. We describe a ciphertext-only attack on A5/2 that requires a few dozen milliseconds of encrypted off-the-air cellular conversation and finds the correct key in less than a second on a personal computer. We then extend this attack to a (more complex) ciphertext-only attack on A5/1. We describe new attacks on the protocols of networks that use A5/1, A5/3, or even GPRS. These attacks are based on security flaws of the GSM protocols, and work whenever the mobile phone supports A5/2. We emphasize that these attacks are on the protocols, and are thus applicable whenever the cellular phone supports a weak cipher, for instance they are also applicable using the cryptanalysis of A5/1. Unlike previous attacks on GSM that require unrealistic information, like long known plaintext periods, our attacks are very practical and do not require any knowledge of the content of the conversation. These attacks allow attackers to tap conversations and decrypt them either in real-time, or at any later time. We also show active attacks, such as call hijacking, altering data messages and call theft. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
South African Crypto Regulation
We offer a recent South African government statement on encryption import and export regulation: http://cryptome.org/za-crypto.htm - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Pre-cursor to Non-Secret Encryption
James Ellis, GCHQ, in his account of the development of non-secret encryption credits a Bell Laboratories 1944 report on Project C-43 for stimulating his conception: http://www.cesg.gov.uk/publications/media/nsecret/possnse.pdf The Possibility of Secure Non-Secret Digital Encryption J. H. Ellis, January 1970 Reference: (1) Final report on project C43. Bell Telephone Laboratory, October, 1944, p.23. The Bell lab paper appears not to be online. Brian Durham notes that NSA has listed in its Open Door archive of declassified crypto papers several of which refer to a Project C-43 which investigated from 1941-1944 decoding of speech codes. http://www.nsa.gov/programs/opendoor/narafindaid.html NR 4242 ZEMA172 35374A 19410521 PROJECT C-43 PRELIMINARY REPORTS NR 4243 ZEMA172 35375A 19411215 PROJECT C43 PRELIMINARY AND PROGRESS REPORTS NR 4675 ZEMA43 21276A 19430130 PROJECT C-43 CONTINUATION OF DECODING SPEECH CODES NR 3391 CBPM44 24215A 19441012 PROJECT C-43 DECODING SPEECH CODES The date of the last, October 12, 1944, corresponds to that of the Ellis citation. If this is the paper Ellis is referring to, it is worth noting the dates of the earlier reports, two in 1941 and one in 1943. Two other reports in the NSA archive may be related: NR 2416 CBLM17 5452A 19420529 NRDC PROJECT C-32: AC AND EC CASE NO. 22 NR 4674 ZEMA43 21275A 19420131 FINAL REPORT ON PROJECT C-32 SPEECH PRIVACY DECODING, 1942 Brian Durham will get copies of the paper for putting online, but that may take a while. Meanwhile, we would appreciate hearing from anyone who has read the papers or may have copies of them to share for publication. Related: We have a three-year-old FOIA request to NSA for information on: The invention, discovery and development of non-secret encryption (NSE) and public key cryptography (PKC) by United Kingdom, United States, or any other nation's intelligence and cryptology agencies, prior to, parallel with, or subsequent to, the PKC work of Diffie-Hellman-Merkle. NSA has recently said that some responsive information may be released in the near future, although it is not clear if that is weeks or months or years away. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Secrets of Computer Espionage: Tactics and Countermeasures
New book by Joel McNamara who runs the Tempest website: http://www.eskimo.com/~joel/tempest.html http://www.wiley.com/legacy/compbooks/mcnamara/ Secrets of Computer Espionage: Tactics and Countermeasures by Joel McNamara Covers electronic and wireless eavesdropping, computer surveillance, intelligence gathering, password cracking, keylogging, data duplication, black bag computer spy jobs, reconnaissance, risk assessment, legal issues, and advanced spying techniques used by the government. Author shares easily-implemented countermeasures against spying to detect and defeat eavesdroppers and other hostile individuals. Addresses legal issues, including the U.S. Patriot Act, legal spying in the workplace, and computer fraud crimes. ISBN 0-7645-3710-5 384 Pages June 2003 Links: http://www.wiley.com/legacy/compbooks/mcnamara/links.html - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: PGP Encryption Proves Powerful
If the FBI cannot crack PGP that does not mean other agencies with greater prowess cannot. It is unlikely that the capability to crack PGP would be publicly revealed for that would close an invaluable source of information. Intel crackers hardly ever reveal their most essential tools, though there are orchestrated releases of capability to mislead. In the case of the VENONA decrypts, there have been only partial public releases, along with misleading stories about how the decrypts were done -- the official story they were done only by dedicated cryptanalysts without help of code books or other assists, that Russian carelessness of OTP preparation provided the crib. Unofficial stories are that Russian codebooks were used, at least for some of the decrypts -- Thomas Powers, for one, recounts this version in several reprinted essays in The Intelligence Wars. That cover stories have been arranged for how the deciphering was actually done, some not privy to the hardworking NSA crackers. An undisclosed amount of the VENONA messages remain undeciphered, or at least not made public. Speculation is that NSA and whomever do not want to tell the full story of the decrypt capability, again, as with most intelligence agencies it is more beneficial to never reveal full capabilities, in particular not to temporary allies with the understanding that allies always spy on each other, whether those are US TLAs or foreign friends. Ther recent opening of domestic cooperation among the intel agencies and law enforcement will not likely get any of them to share fully. Still, it is impressive that PRZ valiantly argues that PGP is algorithmically impregnable. That should satisfy its users as well as its crackers. An uncracked code is the perfect spying tool. Based on a mulitude of accounts of sophisticated espionage deceptions it might be suspected that is the origin of PK crypto, and why it was leaked, and leaked again, and crypto export was eased, then greased again. Presumably there will be periodic reports of cryptographic impregnability to foster wider if not wiser use. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
