Re: [Cryptography] Radioactive random numbers
(curse you anti-gmail-top-posting zealots...) On Wed, Sep 11, 2013 at 3:47 PM, Dave Horsfall d...@horsfall.org wrote: Another whacky idea... Given that there is One True Source of randomness to wit radioactive emission, has anyone considered playing with old smoke detectors? Yep. For fun I wrote a custom firmware for the Sparkfun Geiger counter to do random bit or byte generation that I could mix into my system's entropy pool. I'll eventually update the code to also work with the ExcelPhysics APOC. acknowledging some prior art: http://www.fourmilab.ch/hotbits/ The ionising types are being phased out in favour of optical (at least in Australia) so there must be heaps of them lying around. There are heaps of them at big-box retailers in the US, with no sign of going away. I got a couple for $5 each. I know - legislative requirements, HAZMAT etc, but it ought to make for a good thought experiment. Low activity sources seem to be fairly unencumbered. There are plenty of places that will sell calibrated test sources or lumps of random ore for educational use. Then you get to tell people funny stories about the time you bought radioactive material on the internet, and someone else gets to do the compliance paperwork (if necessary). Homebrew geiger counter rigs aren't exactly practical or scalable - I don't want to make my datacenter guys cut open a case of smoke detectors and solder a dozen GM tubes so we can have good random numbers. A better solution might be to use one of the various thumb-drive sized AVR-USB boards: load in a simple firmware to emulate a serial port, and emit samples from the onboard ADCs and RC oscillators... no soldering required. I was going to say that it's simple to inspect the code - even the generated assembly or the raw hex - for undesired behavior, then I remembered the USB side is non-trivial. If you're not using the onboard USB hardware it's much easier to verify that you're only doing an ADC sample, a timer read, a couple of comparisons, a UART write, and nothing else (assuming you offload the whitening to your host's entropy pool). -- GDB has a 'break' feature; why doesn't it have 'fix' too? ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: security questions
On Wed, Aug 6, 2008 at 8:23 AM, Peter Saint-Andre [EMAIL PROTECTED] wrote: Wells Fargo is requiring their online banking customers to provide answers to security questions such as these: *** ... *** It strikes me that the answers to many of these questions might be public information or subject to social engineering attacks... Lie. I don't actually give the real answers to those questions for just that reason. Make up some plausible and memorable words (maybe using a tool like yould), and pick your mother a new random name from the phone book. -- GDB has a 'break' feature; why doesn't it have 'fix' too? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: the joy of enhanced certs
On Wed, Jun 4, 2008 at 12:51 PM, Perry E. Metzger [EMAIL PROTECTED] wrote: An object lesson in this just fell in my lap -- I just got my first email from a spammer that links to a web site that uses such a cert, certified by a CA I've never heard of (Starfield Technologies, Inc.) starfield = godaddy. see https://www.godaddy.com/gdshop/ssl/ssl.asp?app_hdr=ci=12421 and click on the fluffy little webtrust icons to get the reports. https://cert.webtrust.org/ViewSeal?id=355 -- GDB has a 'break' feature; why doesn't it have 'fix' too? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Seagate announces hardware FDE for laptop and desktop machines
On 9/6/07, Jacob Appelbaum [EMAIL PROTECTED] wrote: Seagate recently announced a 1TB drive for desktop systems and a 250GB laptop drive. What's of interest is that it appears to use a system called DriveTrust for Full Disk Encryption. It's apparently AES-128. Yes, but will it work on my UltraSparc? How about my PPC powermac? Or maybe my OpenBSD laptop? What's that - I have to use some opaque mechanism to key my drive? Pass. And how do I know that the drive didn't just store a copy of my encryption key in NVRAM somewhere which can be retrieved by reading some magic sequence of negative sectors? And what about a zillion other paranoid but reasonable concerns? CK -- GDB has a 'break' feature; why doesn't it have 'fix' too? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: (Short) Intro and question
On 1/6/07, Allen [EMAIL PROTECTED] wrote: One of the questions that I have been raising is trust and how to ensure that that it is not misplaced or eroded over time. Which leads me to my question for the list: I can see easily how to do split key for 2 out of x for key recovery, but I can't seem to find a reference to the 3 out of x problem. In case I have not been clear enough, it is commonly known that it is harder to get collusion when three people need to act together than when there are just two. For most encryption 2 out x is just fine, but some things need a higher level of security than 2 out of x can provide. http://freshmeat.net/projects/sharesecret/ http://freshmeat.net/projects/shsecret/ http://freshmeat.net/projects// I can't speak much about them other than when I last tested them, they were able to split and reassemble a few test cases. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Dirty Secrets of noise based RNGs
On 7/4/06, Thor Lancelot Simon [EMAIL PROTECTED] wrote: 2) Hifn used to make this documentation publically available but access to it now requires permission from Hifn sales -- it has been password protected on their public web site. In other words, after years of design wins based on little but open-source friendliness (after all, Hifn's chips are no faster, often slower, than others', and notoriously buggy) they are now, at least on this issue, biting the hand that feeds them. ftp://ftp.hifn.com/ - it's a little shaky right now, but lots of people have mirrored its contents. ;) keep an eye on it. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: European country forbids its citizens from smiling for passport photos
On 9/17/05, William Allen Simpson [EMAIL PROTECTED] wrote: Do you really need to click on this link to know which one it is? http://cbs5.com/watercooler/watercooler_story_258152613.html I guess we should give neutral facial expressions for the photo, then smile (or frown) while in the airport Sounds like the technology (still) isn't ready for prime time. And this is news why? http://www.pptc.gc.ca/passports/get_photo_specs_e.asp http://travel.state.gov/passport/guide/composition/composition_874.html -- GDB has a 'break' feature; why doesn't it have 'fix' too? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Another entry in the internet security hall of shame....
On 8/26/05, Steven M. Bellovin [EMAIL PROTECTED] wrote: ... If you don't trust your (or your correspondents') IM servers, it may be a different situation. I haven't read Google's privacy policies for IM; if it's anything like gmail, they're using automated tools that look at your messages and add to your behavioral profile. As Peter said, though, you can always run your own server or find one that you do trust. Got a nice little surprise yesterday when I [ge]mailed someone, and moments later gaim beeps at me. Checking gaim, I see that suddenly these users had been added to my gaim/gtalk buddies list without my intervention. Grr Anyway, I wouldn't be the least bit surprised if somewhere down the road a folder called archived gtalk shows up in gmail where you can search through all your old conversations. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: WYTM - but what if it was true?
On 6/26/05, Dan Kaminsky [EMAIL PROTECTED] wrote: It is not necessary though that there exists an acceptable solution that keeps PC's with persistent stores secure. A bootable CD from a bank is an unexpectedly compelling option, as are the sort of services we're going to see coming out of all those new net-connected gaming systems coming out soon. You just know that people won't want to totally reboot their machines every time they want to bank, because that'll break their excel+quicken+msmoney integrated finances. So they try make a bootable HD partition, or run it under vmware, or copy the trusted client off. These of course cannot be allowed by the banks if they want to preserve the illusion of their secure banking app... And now we have a market for cracked trusted banking clients, both for phishers and lazy people... it's game copy protection wars all over again. :) -- GDB has a 'break' feature; why doesn't it have 'fix' too? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: How secure is the ATA encrypted disk?
On 4/8/05, James A. Donald [EMAIL PROTECTED] wrote: -- Every ATA disk contains encryption firmware, though not all bioses allow you to use it. Not all drives contain this encryption firmware, which isn't actually encryption firmware. It's more of a login feature. You have to send the drive the password before you can do any real I/O. $ sudo atactl wd0 Model: HMS360404D5CF00, Rev: DN4SCA2A, Serial #: N2L7G5HA Device type: ATA, fixed Cylinders: 7936, heads: 16, sec/track: 63, total sectors: 7999488 Device capabilities: IORDY operation IORDY disabling Device supports the following standards: ATA-1 ATA-2 ATA-3 ATA-4 Device supports the following command sets: NOP command READ BUFFER command WRITE BUFFER command Read look-ahead Write cache Power Management feature set Flush Cache command Advanced Power Management feature set CFA feature set Device has enabled the following command sets/features: NOP command READ BUFFER command WRITE BUFFER command Read look-ahead Write cache Power Management feature set Flush Cache command Advanced Power Management feature set CFA feature set # sudo atactl wd0 Model: SAMSUNG MP0804H, Rev: UE100-14, Serial #: S042J10Y241522 Device type: ATA, fixed Cylinders: 16383, heads: 16, sec/track: 63, total sectors: 156368016 Device capabilities: ATA standby timer values IORDY operation IORDY disabling Device supports the following standards: ATA-1 ATA-2 ATA-3 ATA-4 ATA-5 ATA-6 ATA-7 Master password revision code 0xfffe Device supports the following command sets: READ BUFFER command WRITE BUFFER command Host Protected Area feature set Read look-ahead Write cache Power Management feature set Security Mode feature set SMART feature set Flush Cache Ext command Flush Cache command Device Configuration Overlay feature set 48bit address feature set Automatic Acoustic Management feature set Set Max security extension commands Advanced Power Management feature set DOWNLOAD MICROCODE command SMART self-test SMART error logging Device has enabled the following command sets/features: READ BUFFER command WRITE BUFFER command Host Protected Area feature set Read look-ahead Write cache Power Management feature set SMART feature set Flush Cache Ext command Flush Cache command Device Configuration Overlay feature set 48bit address feature set DOWNLOAD MICROCODE command -- GDB has a 'break' feature; why doesn't it have 'fix' too? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: link-layer encryptors for Ethernet?
http://www.gdds.com/company/portfolio.html#ias http://www.gdc4s.com/Products/sectera.htm Maybe one of these nifty looking general dynamics widgets is what you're after? -- GDB has a 'break' feature; why doesn't it have 'fix' too? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: link-layer encryptors for Ethernet?
http://www.google.com/search?q=ethernet+link+encryptor says that there are. There's even a widget that supposedly runs up to gigabit. http://www.atmedia.de/english/news.html I'm enough of a freenix zealot though that I'd build one out of a couple of opteron boxen with gig ether cards and run ether over ipsec or something like that. CK On Mon, 07 Feb 2005 15:11:41 -0500, Steven M. Bellovin [EMAIL PROTECTED] wrote: Are there any commercial link-layer encryptors for Ethernet available? I know that Xerox used to make them, way back when, but are there any current ones, able to deal with current speeds (and connectors)? --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] -- GDB has a 'break' feature; why doesn't it have 'fix' too? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Conspiracy Theory O' The Day
On Tue, 04 Jan 2005 15:41:12 -0500, John Denker [EMAIL PROTECTED] wrote: Udhay Shankar N wrote: I just got a batch of spam: perfectly justified blocks of random-looking characters. Makes me wonder if somebody is trying to train Bayesian filters to reject PGP messages. Or someone is trying to slip messages past bayesian filters trained to allow pgp messages. Most of these spams are awarded insanely high spam scores by spamassassin. Another hypothesis: Cover traffic, to defeat traffic analysis. The procedure: send N copies. N-M of them are spam, sent to uninterested parties. The other M parties are the intended recipients. Provided NM, and other mild restrictions, they achieve plausible deniability. I've been getting spam with blocks of text strongly resembling pgp signatures appended for years now. Got about 250 of them last year. And, amusingly enough, they seem to keep up on their patches (the versions of pgp seem to keep up with the official releases). Still, the signatures would never verify, as there were invalid base64 characters in the signature block. -- GDB has a 'break' feature; why doesn't it have 'fix' too? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: 3DES performance
On Wed, 8 Dec 2004 13:33:27 +0100, Lee Parkes [EMAIL PROTECTED] wrote: Hi, I'm working on a project for a company that involves the use of 3DES. They have asked me to find out what the overheads are for encrypting a binary file. There will be quite a lot of traffic coming in (in the region of hundreds of thousands of files per hour). Has anyone got any figures for 3DES performance? I've tried bdes on OpenBSD which has given me some useful results. use openssl speed. ttyp1# openssl speed des blowfish To get the most accurate results, try to run this program when this computer is idle. Doing des cbc for 3s on 16 size blocks: 3237791 des cbc's in 2.74s Doing des cbc for 3s on 64 size blocks: 885896 des cbc's in 2.74s Doing des cbc for 3s on 256 size blocks: 173965 des cbc's in 2.15s Doing des cbc for 3s on 1024 size blocks: 53943 des cbc's in 2.59s Doing des cbc for 3s on 8192 size blocks: 6254 des cbc's in 2.37s Doing des ede3 for 3s on 16 size blocks: 1253405 des ede3's in 2.64s Doing des ede3 for 3s on 64 size blocks: 331913 des ede3's in 2.77s Doing des ede3 for 3s on 256 size blocks: 82690 des ede3's in 2.75s Doing des ede3 for 3s on 1024 size blocks: 19544 des ede3's in 2.54s Doing des ede3 for 3s on 8192 size blocks: 2455 des ede3's in 2.55s Doing blowfish cbc for 3s on 16 size blocks: 3843597 blowfish cbc's in 2.02s Doing blowfish cbc for 3s on 64 size blocks: 645760 blowfish cbc's in 1.14s Doing blowfish cbc for 3s on 256 size blocks: 352101 blowfish cbc's in 2.70s Doing blowfish cbc for 3s on 1024 size blocks: 88319 blowfish cbc's in 2.63s Doing blowfish cbc for 3s on 8192 size blocks: 11269 blowfish cbc's in 2.69s OpenSSL 0.9.7d 17 Mar 2004 built on: date not available options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) compiler: information not available available timing options: USE_TOD HZ=100 [sysconf value] timing function used: getrusage The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes des cbc 18891.73k20675.95k20729.04k21296.44k21642.88k des ede3 7594.60k 7680.88k 7697.69k 7882.07k 7896.48k blowfish cbc 30510.41k36233.33k33442.44k34452.82k34350.01k -- GDB has a 'break' feature; why doesn't it have 'fix' too? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]