RE: OpenID/Debian PRNG/DNS Cache poisoning advisory

2008-08-08 Thread Dave Korn
Eric Rescorla wrote on 08 August 2008 16:06: At Fri, 8 Aug 2008 11:50:59 +0100, Ben Laurie wrote: However, since the CRLs will almost certainly not be checked, this means the site will still be vulnerable to attack for the lifetime of the certificate (and perhaps beyond, depending on user

RE: OpenID/Debian PRNG/DNS Cache poisoning advisory

2008-08-08 Thread Dave Korn
Eric Rescorla wrote on 08 August 2008 17:58: At Fri, 8 Aug 2008 17:31:15 +0100, Dave Korn wrote: Eric Rescorla wrote on 08 August 2008 16:06: At Fri, 8 Aug 2008 11:50:59 +0100, Ben Laurie wrote: However, since the CRLs will almost certainly not be checked, this means the site

RE: how bad is IPETEE?

2008-07-11 Thread Dave Korn
John Ioannidis wrote on 10 July 2008 18:03: Eugen Leitl wrote: In case somebody missed it, http://www.tfr.org/wiki/index.php?title=Technical_Proposal_(IPETEE) If this is a joke, I'm not getting it. /ji I thought the bit about Set $wgLogo to the URL path to your own logo image was

RE: Ransomware

2008-06-11 Thread Dave Korn
Dave Howe wrote on 11 June 2008 19:13: The Fungi wrote: On Tue, Jun 10, 2008 at 11:41:56PM +0100, Dave Howe wrote: The key size would imply PKI; that being true, then the ransom may be for a session key (specific per machine) rather than the master key it is unwrapped with. Per the

RE: Ransomware

2008-06-11 Thread Dave Korn
Leichter, Jerry wrote on 11 June 2008 20:04: Why are we wasting time even considering trying to break the public key? If this thing generates only a single session key (rather, a host key) per machine, then why is it not trivial to break? The actual encryption algorithm used is RC4,

RE: RIM to give in to GAK in India

2008-05-27 Thread Dave Korn
Perry E. Metzger wrote on 27 May 2008 16:14: Excerpt: In a major change of stance, Canada-based Research In Motion (RIM) may allow the Indian government to intercept non-corporate emails sent over BlackBerrys.

RE: RIM to give in to GAK in India

2008-05-27 Thread Dave Korn
Florian Weimer wrote on 27 May 2008 18:49: * Dave Korn: In a major change of stance, Canada-based Research In Motion (RIM) may allow the Indian government to intercept non-corporate emails sent over

RE: Microsoft COFEE

2008-05-02 Thread Dave Korn
Arshad Noor wrote on 30 April 2008 20:36: It can be ordered to decrypt system passwords??? So, I wonder what attackers can do with this... They can run pwdump, lsadump, samdump, dump the pstore, snarf the SAM, all that kind of stuff that is completely routine and everyday. See here for a

RE: Firewire threat to FDE

2008-03-21 Thread Dave Korn
Hagai Bar-El wrote on 18 March 2008 10:17: All they need to do is make sure (through a user-controlled but default-on feature) that when the workstation is locked, new Firewire or PCMCIA devices cannot be introduced. That hard? Yes it is, without redesigning the PCI bus. A bus-mastering

RE: Open source FDE for Win32

2008-02-14 Thread Dave Korn
On 11 February 2008 04:13, Ali, Saqib wrote: I installed TrueCrypt on my laptop and ran some benchmark tests/ Benchmark Results: http://www.full-disk-encryption.net/wiki/index.php/TrueCrypt#Benchmarks Thanks for doing this! Cons: 1) Buffered Read and Buffered Transfer Rate was almost

RE: Dutch Transport Card Broken

2008-01-30 Thread Dave Korn
On 30 January 2008 17:01, Jim Cheesman wrote: James A. Donald: SSL is layered on top of TCP, and then one layers one's actual protocol on top of SSL, with the result that a transaction involves a painfully large number of round trips. Richard Salz wrote: Perhaps theoretically painful,

RE: Dutch Transport Card Broken

2008-01-30 Thread Dave Korn
On 30 January 2008 17:03, Perry E. Metzger wrote: My main point here was, in fact, quite related to yours, and one that we make over and over again -- innovation in such systems for its own sake is also not economically efficient or engineering smart. Hear hear! This maxim should be

RE: Fixing SSL (was Re: Dutch Transport Card Broken)

2008-01-30 Thread Dave Korn
On 30 January 2008 17:03, Eric Rescorla wrote: We really do need to reinvent and replace SSL/TCP, though doing it right is a hard problem that takes more than morning coffee. TCP could need some stronger integrity protection. 8 Bits of checksum isnĀ“t enough in reality. (1 out of 256

RE: SSL/TLS and port 587

2008-01-23 Thread Dave Korn
On 22 January 2008 18:38, Ed Gerck wrote: It is misleading to claim that port 587 solves the security problem of email eavesdropping, and gives people a false sense of security. It is worse than using a 56-bit DES key -- the email is in plaintext where it is most vulnerable. Well, yes:

RE: patent of the day

2008-01-23 Thread Dave Korn
On 23 January 2008 04:45, Ali, Saqib wrote: can anyone please shed more light on this patent. It seems like a patent on the simple process of cryptographic erase.. As far as I can tell, they're describing a hardware pass-through OTF encryption unit that plugs inline with a hard drive

RE: Foibles of user security questions

2008-01-14 Thread Dave Korn
On 07 January 2008 17:14, Leichter, Jerry wrote: Reported on Computerworld recently: To improve security, a system was modified to ask one of a set of fixed-form questions after the password was entered. Users had to provide the answers up front to enroll. One question: Mother's maiden

RE: More on in-memory zeroisation

2007-12-14 Thread Dave Korn
I've been through the code. As far as I can see, there's nothing in expand_builtin_memset_args that treats any value differently, so there can't be anything special about memset(x, 0, y). Also as far as I can tell, gcc doesn't optimise out calls to memset, not even thoroughly dead ones: for

RE: More on in-memory zeroisation

2007-12-10 Thread Dave Korn
On 09 December 2007 06:16, Peter Gutmann wrote: Reading through Secure Programming with Static Analysis, I noticed an observation in the text that newer versions of gcc such as 3.4.4 and 4.1.2 treat the pattern: memset(?, 0, ?) differently from any other memset in that it's not

RE: Scare tactic?

2007-09-20 Thread Dave Korn
On 19 September 2007 22:01, Nash Foster wrote: http://labs.musecurity.com/2007/09/18/widespread-dh-implementation-weakness/ Any actual cryptographers care to comment on this? IANAAC. I don't feel qualified to judge. Nor do I, but I'll have a go anyway. Any errors are all my own

RE: Another Snake Oil Candidate

2007-09-13 Thread Dave Korn
On 13 September 2007 04:18, Aram Perez wrote: to circumvent keylogging spyware - More on this later... The first time you plug it in, you initialize it with a password - Oh, wait until I disable my keylogging spyware. You enter that password to unlock your secure files -

RE: Rare 17th century crypto book for auction.

2007-09-12 Thread Dave Korn
On 12 September 2007 19:28, Steven M. Bellovin wrote: On Wed, 12 Sep 2007 09:28:51 -0400 Perry E. Metzger [EMAIL PROTECTED] wrote: A rare 17th century crypto book is being auctioned. http://www.liveauctioneers.com/item/4122383/ As I commented to Bruce, see what Kahn says about it:

RE: Seagate announces hardware FDE for laptop and desktop machines

2007-09-09 Thread Dave Korn
On 07 September 2007 21:28, Leichter, Jerry wrote: Grow up. *If* the drive vendor keeps the mechanism secret, you have cause for complaint. But can you name a drive vendor who's done anything like that in years? All DVD drive manufacturers. That's why nobody could write a driver for

RE: debunking snake oil

2007-09-01 Thread Dave Korn
On 31 August 2007 02:44, travis+ml-cryptography wrote: I think it might be fun to start up a collection of snake oil cryptographic methods and cryptanalytic attacks against them. I was going to post about crypto done wrong after reading this item[*]:

RE: debunking snake oil

2007-09-01 Thread Dave Korn
On 02 September 2007 01:13, Nash Foster wrote: I don't think fingerprint scanners work in a way that's obviously amenable to hashing with well-known algorithms. Fingerprint scanners produce an image, from which some features can be identified. But, not all the same features can be extracted

RE: more reports of terrorist steganography

2007-08-20 Thread Dave Korn
On 20 August 2007 16:00, Steven M. Bellovin wrote: http://www.esecurityplanet.com/prevention/article.php/3694711 I'd sure like technical details... Well, how about 'it can't possibly work [well]'? [ ... ] The article provides a detailed example of how 20 messages can be hidden in a 100

RE: Free Rootkit with Every New Intel Machine

2007-06-26 Thread Dave Korn
On 26 June 2007 00:51, Ian Farquhar (ifarquha) wrote: It seems odd for the TPM of all devices to be put on a pluggable module as shown here. The whole point of the chip is to be bound tightly to the motherboard and to observe the boot and initial program load sequence. Maybe I am showing

RE: Blackberries insecure?

2007-06-21 Thread Dave Korn
On 21 June 2007 04:41, Steven M. Bellovin wrote: According to the AP (which is quoting Le Monde), French government defense experts have advised officials in France's corridors of power to stop using BlackBerry, reportedly to avoid snooping by U.S. intelligence agencies. That's a bit

RE: stickers can deter car theft

2007-05-26 Thread Dave Korn
On 26 May 2007 04:33, James Muir wrote: Anyone heard of this before? Been happening all over the place for several years now. Many references at http://www.schneier.com/blog/archives/2006/10/please_stop_my.html cheers, DaveK -- Can't think of a witty .sigline today

RE: Russian cyberwar against Estonia?

2007-05-23 Thread Dave Korn
On 22 May 2007 14:51, Trei, Peter wrote: In fairness, its worth noting that the issue is also mixed up in Estonian electoral politics: http://news.bbc.co.uk/1/hi/world/europe/6645789.stm The timing of the electronic attacks, and the messages left by vandals, leave little doubt that the

RE: Russian cyberwar against Estonia?

2007-05-18 Thread Dave Korn
On 18 May 2007 05:44, Alex Alten wrote: This may be a bit off the crypto topic, You betcha! but it is interesting nonetheless. Russia accused of unleashing cyberwar to disable Estonia http://www.guardian.co.uk/print/0,,329864981-103610,00.html Estonia accuses Russia of 'cyberattack'

RE: can a random number be subject to a takedown?

2007-05-02 Thread Dave Korn
On 01 May 2007 22:33, Jon Callas wrote: On May 1, 2007, at 12:53 PM, Perry E. Metzger wrote: unsigned char* guess_key(void) { unsigned char key[] = {0x0a, 0xFa, 0x12, 0x03, 0xD9, 0x42, 0x57, 0xC6, 0x9E, 0x75, 0xE4, 0x5C,

RE: Randomness

2007-04-28 Thread Dave Korn
On 27 April 2007 20:34, Eastlake III Donald-LDE008 wrote: See http://xkcd.com/c221.html. Donald http://web.archive.org/web/20011027002011/http://dilbert.com/comics/dilbert/ar chive/images/dilbert2001182781025.gif cheers, DaveK -- Can't think of a witty .sigline today

RE: DNSSEC to be strangled at birth.

2007-04-07 Thread Dave Korn
On 06 April 2007 00:50, Paul Hoffman wrote: because, with it, one can sign the appropriate chain of keys to forge records for any zone one likes. If the owner of any key signs below their level, it is immediately visible to anyone doing active checking. Only if they get sent that

RE: WEP cracked even worse

2007-04-05 Thread Dave Korn
On 04 April 2007 00:44, Perry E. Metzger wrote: Not that WEP has been considered remotely secure for some time, but the best crack is now down to 40,000 packets for a 50% chance of cracking the key. http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/ Sorry, is that actually better

DNSSEC to be strangled at birth.

2007-04-05 Thread Dave Korn
Afternoon all, This story is a couple of days old now but I haven't seen it mentioned on-list yet. The DHS has requested the master key for the DNS root zone. http://www.heise.de/english/newsticker/news/87655 http://www.theregister.co.uk/2007/04/03/dns_master_key_controversy/

RE: DNSSEC to be strangled at birth.

2007-04-05 Thread Dave Korn
On 05 April 2007 16:48, [EMAIL PROTECTED] wrote: Dave, For the purposes of discussion, (1) Why should I care whether Iran or China sign up? I think it would be consistent to either a) care that *everybody* signs up, or b) not care about DNSSEC at all, but I think that a fragmentary

RE: link fest on fingerprint biometrics

2006-09-09 Thread Dave Korn
On 08 September 2006 00:38, Travis H. wrote: At home I have an excellent page on making fake fingerprints, but I cannot find it right now. It used gelatin (like jello) and was successful at fooling a sensor. http://search.theregister.co.uk/?q=gummi should be a start. cheers,

Impossible compression still not possible. [was RE: Debunking the PGP backdoor myth for good. [was RE: Hypothesis: PGP backdoor (was: A security bug in PGP products?)]]

2006-08-30 Thread Dave Korn
On 28 August 2006 15:30, Ondrej Mikle wrote: Ad. compression algorithm: I conjecture there exists an algorithm (not necessarily *finite*) that can compress large numbers (strings/files/...) into small space, more precisely, it can compress number that is N bytes long into O(P(log N)) bytes,

RE: Impossible compression still not possible. [was RE: Debunking the PGP backdoor myth for good. [was RE: Hypothesis: PGP backdoor (was: A security bug in PGP products?)]]

2006-08-30 Thread Dave Korn
On 28 August 2006 17:12, Ondrej Mikle wrote: We are both talking about the same thing :-) Oh! I am not saying there is a finite deterministic algorithm to compress every string into small space, there isn't. BTW, thanks for There is ***NO*** way round the counting theory. :-) All I

Debunking the PGP backdoor myth for good. [was RE: Hypothesis: PGP backdoor (was: A security bug in PGP products?)]

2006-08-28 Thread Dave Korn
On 24 August 2006 03:06, Ondrej Mikle wrote: Hello. We discussed with V. Klima about the recent bug in PGPdisk that allowed extraction of key and data without the knowledge of passphrase. The result is a *very*wild*hypothesis*. Cf. http://www.safehack.com/Advisory/pgp/PGPcrack.html

Fw: A security bug in PGP products?

2006-08-27 Thread Dave Korn
[ Originally tried to post this through gmane, but it doesn't seem to work; apologies if this has been seen before. ] Max A. wrote: Hello! Could anybody familiar with PGP products look at the following page and explain in brief what it is about and what are consequences of the described

Re: A security bug in PGP products?

2006-08-27 Thread Dave Korn
Ondrej Mikle [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Max A. wrote: Hello! Could anybody familiar with PGP products look at the following page and explain in brief what it is about and what are consequences of the described bug?

Re: Creativity and security

2006-03-24 Thread Dave Korn
J. Bruce Fields wrote: On Thu, Mar 23, 2006 at 08:15:50PM -, Dave Korn wrote: So what they've been doing at my local branch of Marks Spencer for the past few weeks is, at the end of the transaction after the (now always chip'n'pin-based) card reader finishes authorizing your

Re: Creativity and security

2006-03-23 Thread Dave Korn
Olle Mulmo wrote: On Mar 20, 2006, at 21:51, [EMAIL PROTECTED] wrote: I was tearing up some old credit card receipts recently - after all these years, enough vendors continue to print full CC numbers on receipts that I'm hesitant to just toss them as is, though I doubt there are many

Re: GnuTLS (libgrypt really) and Postfix

2006-02-15 Thread Dave Korn
Werner Koch wrote: On Mon, 13 Feb 2006 03:07:26 -0500, John Denker said: Again, enough false dichotomies already! Just because error codes are open to abuse doesn't mean exiting is the correct thing to do. For Libgcrypt's usage patterns I am still convinced that it is the right decision.

Re: GnuTLS (libgrypt really) and Postfix

2006-02-12 Thread Dave Korn
Werner Koch wrote: On Sat, 11 Feb 2006 12:36:52 +0100, Simon Josefsson said: 1) It invoke exit, as you have noticed. While this only happen in extreme and fatal situations, and not during runtime, it is not that serious. Yet, I agree it is poor design to do this in a

Re: FWD: [IP] Encrypting Bittorrent to take out traffic shapers

2006-02-09 Thread Dave Korn
Alexander Klimov wrote: On Tue, 7 Feb 2006, Adam Fields wrote: Over the past months more Bittorrent users noticed that their ISP is killing all Bittorrent traffic . ISP?s like Rogers are using bit- shaping applications to throttle the traffic that is generated by Bittorrent. A side note is