[Cryptography] Books on modern cryptanalysis

2013-09-11 Thread Bernie Cosell
The recent flood of discussions has touched on many modern attacks on 
cryptosystems.   I'm long out of the crypto world [I last had a crypto 
clearance *before* differential cryptanalysys was public info!].  Attacks 
that leak a bit at a time strike me as amazing.  I remember reading about 
attacks that involved running chips at lower voltage than they were 
supposed to have and that somehow allowed them to be compromised, etc.

Anyhow, are there any (not *too* technical) books on the modern 
techniques for attacking cryptosystems?

  Thanks.   /bernie\

-- 
Bernie Cosell Fantasy Farm Fibers
mailto:ber...@fantasyfarm.com Pearisburg, VA
--  Too many people, too few sheep  --   



___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography


Re: [Cryptography] Opening Discussion: Speculation on BULLRUN

2013-09-05 Thread Bernie Cosell
On 5 Sep 2013 at 16:11, Phillip Hallam-Baker wrote:

 I would bet that there is more than enough DES traffic to be worth
 attack 
 and probably quite a bit on IDEA as well. There is probably even some 40
 and 64 bit crypto in use.

Indeed -- would you (or any of us) guess that NSA could break TDES these 
days?

/Bernie\

-- 
Bernie Cosell Fantasy Farm Fibers
mailto:ber...@fantasyfarm.com Pearisburg, VA
--  Too many people, too few sheep  --   



___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography


Re: English 19-year-old jailed for refusal to disclose decryption key

2010-10-07 Thread Bernie Cosell
On 7 Oct 2010 at 12:05, Jerry Leichter wrote:

 On Oct 7, 2010, at 4:14 AM, Christoph Gruber gr...@guru.at wrote:
  a 19-year-old just got a 16-month jail sentence for his refusal to
  disclose the password that would have allowed investigators to see
  what was on his hard drive.
  
  What about http://www.truecrypt.org/docs/?s=plausible-deniability
  Could this be used?
 Sure. And the technology used would have no effect on the standard
 ... used in court:

I think you're not getting the trick here: with truecrypt's plausible 
deniability hack you *CAN* give them the password and they *CAN* decrypt 
the file [or filesystem].  BUT: it is a double encryption setup.  If you 
use one password only some of it gets decrypted, if you use the other 
password all of it is decrypted.  There's no way to tell if you used the 
first password that you didn't decrypt everything.  So in theory you 
could hide the nasty stuff behind the second passsword, a ton of innocent 
stuff behind the first password and just give them the first password 
when asked.  In practice, I dunno if it really works or will really let 
you slide by.

  /Bernie\


-- 
Bernie Cosell Fantasy Farm Fibers
mailto:ber...@fantasyfarm.com Pearisburg, VA
--  Too many people, too few sheep  --   



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Something you have, something else you have, and, uh, something else you have

2010-09-27 Thread Bernie Cosell
On 17 Sep 2010 at 20:53, Peter Gutmann wrote:

 From the ukcrypto mailing list:
 
   Just had a new Lloyds credit card delivered, it had a sticker saying I have
   to call a number to activate it. I call, it's an automated system.
 
   It asks for the card number, fair enough. It asks for the expiry date, well
   maybe, It asks for my DOB, the only information that isn't actually on the
   card, but no big secret. And then it asks for the three-digit-security-code-
   on-the-back, well wtf?

 Looks like it's not just US banks whose interpretation of n-factor auth is n
 times as much 1-factor auth.

Well, as I understood it, a key part of the auth that wasn't mentioned 
was the source telephone #, and so lost-in-the-mail/theft would, on top 
of guessing the trivial questions, also have to call from your home phone 
[or the phone associated with the account].  Not perfectly secure but I 
was under the impression that ANI was harder to spoof than CallerID is.

  /Bernie\

-- 
Bernie Cosell Fantasy Farm Fibers
mailto:ber...@fantasyfarm.com Pearisburg, VA
--  Too many people, too few sheep  --   



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: TLS break

2009-11-16 Thread Bernie Cosell
On 11 Nov 2009 at 10:57, Jonathan Katz wrote:

 Anyone care to give a layman's explanation of the attack? The 
 explanations I have seen assume a detailed knowledge of the way TLS/SSL 
 handle re-negotiation, which is not something that is easy to come by 
 without reading the RFC. (As opposed to the main protocol, where one can 
 find textbook descriptions.)

I had a hard time with this, too, but this PDF really clarified it for 
me:

http://extendedsubset.com/Renegotiating_TLS_pd.pdf

Let me try a layman's explanation (assuming I have it right)

We start assuming the attacker can to hijack or MITM the victim's TCP 
connections.

The attacker opens *its*own* TLS connection to the server [so that is now 
being encrypted by a symmetric key the attacker picked] and sticks some 
data into the pipe.

The victim wants a TLS connection and so begins negotiating one.  The 
attacker just MITM's that as a *renegotiation* with the server for its 
TLS connection.  (that is, the victim thinks they're negotiating a NEW 
TLS connection, but the attacker proxies that into a *renegotation* on 
the existing TLS connection).  In short order the attacker is frozen out 
of the connection [since it will then be encrypted by a key picked by the 
victim], BUT: the victim's data will ride over the TLS connection that 
the attacker had previously set up and pre-loaded with some data, and so 
the victim's data *FOLLOWS* the attacker's -- the attacker was able to 
inject arbitrary data *in*front* of the victim's data.

As I understand it, this is only really a vulnerability in situations 
where a command to do something *precedes* the authentication to enable 
the command.  The obvious place where this happens, of course, is with 
HTTPS where the command [GET or POST] comes first and the authentication 
[be it a cookie or form vbls] comes later.

  /bernie\

-- 
Bernie Cosell Fantasy Farm Fibers
mailto:ber...@fantasyfarm.com Pearisburg, VA
--  Too many people, too few sheep  --   



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com