Re: [Cryptography] Aside on random numbers (was Re: Opening Discussion: Speculation on BULLRUN)

2013-09-06 Thread Bill Squier

On Sep 6, 2013, at 10:03 AM, Perry E. Metzger wrote:
 Naively, one could take a picture of the dice and OCR it. However,
 one doesn't actually need to OCR the dice -- simply hashing the
 pixels from the image will have at least as much entropy if the
 position of the dice is recognizable from the image. 


 One could write an  app to do this, but of course the phone is
 not exactly a secure platform to begin with...


The cryptography mailing list

GSM eavesdropping

2010-08-02 Thread Bill Squier
...In his presentation at the Black Hat Conference, German GSM expert Karsten 
Nohl presented a tool he calls Kraken, which he claims can crack the A5/1 
encryption used for cell phone calls within seconds.

The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to

Re: What if you had a very good patent lawyer...

2010-07-24 Thread Bill Squier

On Jul 22, 2010, at 8:59 PM, John Gilmore wrote:

 It's pretty outrageous that anyone would try to patent rolling barcoded
 dice to generate random numbers.
 I've been generating random strings from dice for years.  I find that
 gamers' 20-sided dice are great; each roll gives you a hex digit, and
 anytime you roll a 17 thru 20, you just roll again.  One die will do;
 you just roll it as many times as you need hex digits.
 Presumably pointing a camera at ordinary dice could automate the data
 collection -- hey, wait, let me get my patent lawyer!

Too late.


The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to

Re: Secret Lock Detecting Lock

2009-11-10 Thread Bill Squier
On Nov 9, 2009, at 9:25 AM,  


 Unlock your door with a secret knock.

Prior to watching the video I said to myself, Great, now I can break  
into most of the homes on my block with 'Shave and a haircut, 2 bits'.

And you thought password creativity was poor...


The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to

Re: consulting question.... (DRM)

2009-05-27 Thread Bill Squier
This is getting a bit far afield from cryptography, but proper threat  
analysis is still relevant.

On May 27, 2009, at 4:07 AM, Ray Dillinger wrote:

On Tue, 2009-05-26 at 18:49 -0700, John Gilmore wrote:

It's a little hard to help without knowing more about the situation.
I.e. is this a software company?  Hardware?  Music?  Movies?
Documents?  E-Books?

It's a software company.

Is it trying to prevent access to something, or
the copying of something?  What's the something?  What's the threat
model?  Why is the company trying to do that?  Trying to restrain

Its customers would be other software companies that want to produce
monitored applications.  Their product inserts program code into
existing applications to make those applications monitor and report
their own usage and enforce the terms of their own licenses, for
example disabling themselves if the central database indicates that
their licensee's subscription has expired or if they've been used
for more hours/keystrokes/clicks/users/machines/whatever in the
current month than licensed for.

The idea is that software developers could use their product instead
of spending time and programming effort developing their own license-
enforcement mechanisms, using it to directly transform on the
executables as the last stage of the build process.

The threat model is that the users and sysadmins of the machines
where the monitored applications are running have a financial
motive to prevent those applications from reporting their usage.

If this is really their threat model, it's ill-considered.  First, no  
reputable company in their right mind would play games with software  
licensing in an attempt to save a few dollars.  In fact, most  
companies bend over backwards with internal audits and other  
mechanisms to ensure they are in compliance.  The risk is far too  
great to do otherwise -- both to reputation and to the bottom line.

They may counter that they are attempting to nudge into compliance  
reputable companies that are simply not large enough or savvy enough  
to ensure their own compliance.  In this case, something far less  
complex than what is traditionally implied by DRM can be used.

Thus, the users you are now considering are members of _disreputable_  
companies.  Since DRM is easily circumvented, and the company is  
disreputable, you have a reasonable expectation that your DRM will be  

Second, sysadmins have no financial motive, unless they are also the  
owners.  It is irrelevant to the sysadmin whether the business pays an  
appropriate amount for licenses. His salary is still his salary.

Finally, large institutions (let's take financial firms as this is my  
area of expertise) will not install software that has hard expirations  
or other restrictive licensing mechanisms.  The reason is simple.   
These mechanisms cause outages -- sometimes because of snafus in the  
renewal of licenses, sometimes because of poor code quality in the  
enforcement mechanism.  At my firm, any such scheme is an immediate  


The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to

Re: Permanent Privacy - Snake Oil or unbreakable encryption?

2008-07-07 Thread Bill Squier

On Jul 7, 2008, at 10:54 AM, Ali, Saqib wrote:

Quoting the Foxbusiness article:

PermanentPrivacy announces the world's first practical data
encryption system that is absolutely unbreakable. And is offering a
$1,000,000 challenge to anyone who can crack it.

Permanent Privacy (patent pending) has been verified by Peter
Schweitzer, one of Harvard's top cryptanalysts, and for the inevitable
cynics Permanent Privacy is offering $1,000,000 to anyone who can
decipher a sample of ciphertext.

My favorite part of that web site is from their How it Works section:

``For example, suppose that the plain text message is simply one 5- 
letter word. At first glance, you would think that this must be easy  
to break. But there are, let us say, about 100 printable characters on  
a computer keyboard, so there are some 100x100x100x100x100 ways of  
producing a 5-letter word.''


So, let me get this straight.  You appear to be using a one-time pad,  
but you discard all output that the robotic hand you send me is unable  
to type on my keyboard?


The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: delegating SSL certificates

2008-03-17 Thread Bill Squier

On Mar 17, 2008, at 10:06 AM, Leichter, Jerry wrote:

|  So at the company I work for, most of the internal systems have
|  expired SSL certs, or self-signed certs.  Obviously this is bad.
| You only think this is bad because you believe CAs add some value.
| Presumably the value they add is that they keep browsers from  

| up scary warning messages
Apple's checks certs on SSL-based mail server connections.
It has the good - but also bad - feature that it *always* asks for
user approval if it gets a cert it doesn't like.

Fixed in Leopard.  Certificate handling in general appears to be  
better -- although I can't be sure Tiger didn't let you fiddle with  
fine-grained entitlements as to when to trust a cert.


The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Fixing SSL (was Re: Dutch Transport Card Broken)

2008-02-14 Thread Bill Squier

On Feb 11, 2008, at 8:28 AM, Philipp G├╝hring wrote:

I had the feeling that Microsoft wants to abandon the usage of client
certificates completely, and move the people to CardSpace instead.
But how do you sign your emails with CardSpace? CardSpace only does  

realtime authentication part of the market ...

We (Morgan Stanley) were able to pressure them into a rapid fix, and  
they have committed to delivering it in SP1.  Keep your fingers crossed.

If anyone needs more information how to upgrade your Web-based CA  
for IE7:

Step (2), On Vista you have to add this website to the list of  
trusted sites in the internet-settings. can be quite unpalatable.   
Depending on your customers' situations, an alternative might be more  
palatable: Generate the key and deliver a PKCS#12.

This depends on whether you believe in the non-repudiation fairy or  
not -- or more accurately, whether you're already assuming the  
repudiation risk.


The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Cryptome cut off by NTT/Verio

2007-04-29 Thread Bill Squier

On Apr 29, 2007, at 11:47 AM, Perry E. Metzger wrote:

Slightly off topic, but not deeply. Many of you are familiar with
John Young's Cryptome web site. Apparently NTT/Verio has suddenly
(after many years) decided that Cryptome violates the ISP's AUP,
though they haven't made it particularly clear why.

The following link will work for at least a few days I imagine:

It appears to already be dead, but still exists in Google's cache:


The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Surprise! Another serious hole in Diebold voting machines...

2006-05-15 Thread Bill Squier

...okay, not so much surprise.


  Scientists said Diebold appeared to have opened the hole by making  
it as
  easy as possible to upgrade the software inside its machines. The  

  said Iowa's Jones, is a violation of federal voting system rules.

  All of us who have heard the technical details of this are really  
  It defies reason that anyone who works with security would  
tolerate this

  design, he said.



The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Cisco VPN password recovery program

2005-10-21 Thread Bill Squier

On Oct 19, 2005, at 10:29 AM, Perry E. Metzger wrote:

Via cryptome:

   The Cisco VPN Client uses weak encryption to store user and group
   passwords in your local profile file.  I coded a little tool to
   reveal the saved passwords from a given profile file.

If this is true, it doesn't sound like Cisco used a particularly smart
design for this.

No matter what their strategy for encrypting the on-disk passphrase,  
this simple trick will work:

ltrace -i ./vpnclient connect ... 21 | fgrep 805ac57 (or similar  
library call tracing technique on an OS besides linux).

This used to be used by

but apparently they've switched to the evilscientists' method.


The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]