silky wrote:
On Tue, Feb 24, 2009 at 8:30 AM, Ed Gerck wrote:
[snip]
Thanks for the comment. The BofA SiteKey attack you mention does not work
for the web access scheme I mentioned because the usercode is private and
random with a very large search space, and is always sent after SSL starts
,
if they so want and are motivated to, or learn to be motivated. Mark
Twain's cat was afraid of the cold stove.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography&
silky wrote:
On Sun, Feb 22, 2009 at 6:33 AM, Ed Gerck wrote:
(UI in use since 2000, for web access control and authorization) After you
enter a usercode in the first screen, you are presented with a second screen
to enter your password. The usercode is a mnemonic 6-character code such as
d
success so far.
Comments are welcome. More at
Best regards,
Ed Gerck
e...@gerck.com
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
[Moderator's note: I'll let Ed have the last word. I'm sure everyone
knows what I'd say anyway. --Perry]
Perry E. Metzger wrote:
Ed Gerck <[EMAIL PROTECTED]> writes:
In any case, there are a large number of reasons US banks don't
(generally) require or even
an perform for each account.
What makes a good difference in preventing an attack as mentioned by
Dan is to /not/ allow weak passwords in the first place! But, because
this is not really possible with PIN systems (even with 6 digits), the
security designer can detect attack pattern
arios.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Ed Gerck writes:
-+--
| ...
| Not so fast. Bank PINs are usually just 4 numeric characters long and
| yet they are considered /safe/ even for web access to the account
| (where a physical card is not required).
|
| Why? Because after 4 tries the
time you need to try enough combinations so that you can succeed.
I'm not defending the designers of that email system, as I do not know
any specifics -- I'm just pointing out that what you mention is not
necessarily a problem and may be even safer than secure online banking
today.
gue use of its private-key for signing end-user certs.
This trust, limited by this extent, can be used in automating use of
certs from that CA -- for example, only accept signatures from
end-user certs of that CA if the cert is less than 31 days old (or, 15
days -- whatever your risk m
IanG wrote:
Ed Gerck wrote:
When you look at trust in various contexts, you will still find the
need to receive information from sources OTHER than the source you
want to trust. You may use these channels under different names, such
as memory which is a special type of output that serves as
se copy and transfer trust in our social interactions, not just
in our digital interactions.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
ts B". You can't call that operation a "copy".
Trust is indeed expressed by relationships. And those relationships
can be transmitted with proper consideration -- just not in your
example. In the case of SSL certs, a simple file copy is enough.
Cheers,
Ed Gerck
Addendum:
D
Bill Frantz wrote:
[EMAIL PROTECTED] (Ed Gerck) on Monday, June 2, 2008 wrote:
To trust something, you need to receive information from sources OTHER
than the source you want to trust, and from as many other sources as
necessary according to the extent of the trust you want. With more trust
n previous post). Similarly, we have to do it right when we
transmit data (for example, if we don't have enough bandwidth or if
there is too much noise, the data will be not be 100% transferred).
Cheers,
Ed Gerck
-
The Crypt
third-parties that most people will trust.
This is how SSL works. The site provides a digital certificate signed by
a CA that most browsers trust, providing an independent channel to
verify that the web address is correct -- in addition to what the
browser's location line says.
Cheers
as a synergy: with
more usability in a secure system, security increases. With less
usability in a secure system, security decreases. A secure system that
is not usable will be left aside by users.
Cheers,
Ed Gerck
;s reaction time and make sure that the error-correcting
channel has enough capacity to counter-react within that reaction
time. For chip fabrication, this may be quite long.
Cheers,
Ed Gerck
-
The Cryptography Maili
Perry E. Metzger wrote:
Ed Gerck <[EMAIL PROTECTED]> writes:
Each chip does not have to be 100% independent, and does not have to
be used 100% of the time.
Assuming a random selection of both outputs and chips for testing, and
a finite set of possible outputs, it is possible to calculat
chip)
[**]. Trust can be positive (what we call trust), negative (distrust),
and zero (atrust -- there is no trust value associated with the
information, neither trust nor distrust). More in [*].
Cheers,
Ed Gerck
References:
[*] www.nma.com/papers/it-trust-part1.pdf
www.mcwg.org/mcg-mirror/t
Leichter, Jerry wrote:
No real technical data I can find on the site, and I've never seen
a site with so little information about who's involved. (Typically,
you at least get a list of the top execs.) Some ex-spooks? Pure
snake oil? Somewhere in between?
He's likely called Paul McGough, of
din.cs.cmu.edu/wp-uploads/hamming.pdf
(BTW, this was a great talk!)
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
have been prevented by SSL/TLS
protecting email submission.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Steven M. Bellovin wrote:
On Tue, 22 Jan 2008 21:49:32 -0800
Ed Gerck <[EMAIL PROTECTED]> wrote:
As I commented in the
second paragraph, an attack at the ISP (where SSL/TLS is
of no help) has been the dominant threat -- and that is
why one of the main problems is called "
tless wiretapping and so on, why any private communications should
be "in the clear" I just don't know. Even my MTA offers up SSL or TLS to
other MTA's when advertising its capabilities. The RFC is there, use it
as they say.
--
Paul Hoffman wrote:
At 10:38 AM -0800 1/22/08, Ed Gerck wrote:
The often expressed idea that SSL/TLS and port 587 are somehow able to
prevent warrantless wiretapping and so on, or protect any private
communications, is IMO simply not supported by facts.
Can you point to some sources of this
on.
It is misleading to claim that port 587 solves the security problem of email
eavesdropping, and gives people a false sense of security. It is worse than
using a 56-bit DES key -- the email is in plaintext where it is most vulnerable.
Cheers
fraud paid for by
insurance, which is what happens today. We did solve the e-commerce security
problem, by putting in insurance. We can not solve it that way [for elections].
(from my Brookings Symposium comment, Washington, DC, January 2000).
Cheers,
Ed Gerck
--
legal frameworks that can
be used to bind the key to a person.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
(entirely on their own and
not by a mandate) to point out non-compliance of evaluated products
-- proprietary or open source -- to basic architectural requirements
of the standard. Here [x] = competitors, attackers, outside experts,
anyone in general.
Cheers,
Ed Gerck
is a "service oracle" that
does not necessarily reveal code details or flaws. SaaS could be supplied
remotely or locally, with a secure processor card or secure USB-processor.
Cheers,
Ed Gerck
-
The Cryptography Ma
e the workload.
What matters here is the expected cost of password search,
not the password or payload Shannon entropy. For some pointers
on this discussion, and why high Shannon entropy does not
mean high workload, see
http://www.cs.berkeley.edu/~daw/my-posts/entropy-measures
Cheers,
Ed
Steven M. Bellovin wrote:
http://www.tgdaily.com/content/view/33425/118/
"Ann Arbor (MI) - University of Michigan scientists have discovered a
breakthrough way to utilize light in cryptography. The new technique
can crack even complex codes in a matter of seconds. Scientists believe
this techniq
hy Skype wrote about "love", is
that Skype users worldwide cannot call or hear voicemail for
many hours now.
The visible error is that users cannot login -- hence can't call,
etc. While this could understandable, what is not understandable
is Skype's love declaration
The first is simply a MSFT Vista requirement for BitLocker file
encryption. The second is for example present in ACER laptops
(Aspire 5920) as eLock -- it allows you to protect and then
unlock storage devices that can be mounted as a file system when
plugged into the trusted system (the laptop), or
oss in the remaining through-signal, which
can easily be detected.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
in the blog in
general.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Ivan Krstić wrote:
> On Jul 14, 2007, at 2:43 PM, Ed Gerck wrote:
>> 1. firewall port-knocking to block scanning and attacks
>> 2. firewall logging and IP disabling for repeated attacks (prevent DoS,
>> block dictionary attacks)
>> 3. pre- and post-filtering to prevent
have other SSH security issues that you would like to see solved /in SSH/.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
ives/000520.html
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
n QC (and QKD based on
QC) might just reflect equally naive security assumptions
found in today's conventional cryptography. [1]
I would suggest QC as a very fruitful area of research, and one
that can add much insight back into conventional cryptography.
Cheers,
Ed Gerck
[1] For example, the
d work, such as magnetic domain encoding when storing it
in a hard disk.
Now, if you pass a copyright-protected work through an irreversible
hash function, it would be hard to claim the result to be
copyright-protected.
Cheers,
Ed
Guus Sliepen wrote:
> On Thu, Feb 15, 2007 at 02:47:05PM -0800, Ed Gerck wrote:
>
>> Zmail actually reduces the amount of trust by not storing your usercode,
>> password, or keys anywhere. This makes sense for zmail, and is an incentive
>> to actually do it, to reduce risk
James A. Donald wrote:
> Ed Gerck wrote:
>> I am using this insight in a secure email solution that provides
>> just that -- a reference point that the user trusts, both sending
>> and receiving email. Without such reference point, the user can
>> easily fall prey to
x27;t secure first communications. It is just
harder and _not_ necessary for banks (because the client already knows
the bank and vice versa).
Best,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
can
easily fall prey to con games. Trust begins as "self-trust". Anyone
interested in trying it out, please send me a personal email with
application info.
Best,
Ed Gerck
-
The Cryptography Mailing List
Unsubscrib
.
Best,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
tually voted. This
procedure also helps prevent vote selling and coercion. The voter cannot
produce a non-repudiable proof of how the voter voted.
Best,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
. Moderators are welcome
too.
Best,
Ed Gerck
[1] Based on a general, information-theory model of voting that applies
to any technology, first presented in 2001. See
http://safevote.com/doc/VotingSystems_FromArtToScience.pdf
Provides any desired number of independent records, which are readily
av
n into account.
The solution seems fairly intuitive. In fact, it was used about 500
years by the Mogul in India to prevent fraud.
The solution is also technologically neutral, but has more chances for
success, and less cost, with e-voting.
Best,
Ed Gerck
[1] In Shannon's cryptograp
olution is also technologically neutral, but has more chances for
success, and less cost, with e-voting.
Best,
Ed Gerck
[1] In Shannon's cryptography terms, the solution reduces the probability
of existence of a covert channel to a value as close to zero as we want.
This is done by
not just do the math and say -- it works! This
was the same mistake of email encryption. That the system can actually
be used turns out to be more important than any security promise.
Cheers,
Ed Gerck
(*) Apparently, at most. Their 3-digit matrix counter, also included
in the
thentication can
make the system less secure than just username/password, while
considerably reducing usability. A lose-lose for users.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Travis H. wrote:
So the opponent then knows the password given to him is not valid, and
might continue to search for a current one.
Not likely for the same data. After all, the data is protected by
a password that "expired".
And/or step through the
program with a debugger, like a software cr
ssword
is given. The data becomes inaccessible even if the coercer has the binary data.
Another possibility is to combine the above with threshold cryptography.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sendi
heaven for
criminals because criminal activity is often detected
and evidenced by its "outside" effects, including
tracing.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe c
ase arguments
(as they do) arise. Trust depends on parallel channels. So
based, trust actually reduces liability.
The knife cuts the other way too, and that's why unrevocably
expiring documents that can be so treated (legally and business
wise) is also necessary to reduc
C A L L F O R P A P E R S
The 4th International Workshop for
Technology, Economy and Legal Aspects of
Virtual Goods
Organized by the GI Working Group ECOM
and in parallel with
audited and stored.
For large elections, or for commercial use, the entire election work
can be automated and third-party audited.
More info at:
http://zvote.zsentry.com/zelection.htm
Election Manager and Voter registration at:
https://zsentry.com/mail/premiumsecurity.html
Cheers,
Ed Gerck
EITHER hash the key OR discard the
first bytes).
Cheers, Ed Gerck
Joseph Ashwood wrote:
- Original Message - From: "Ed Gerck" <[EMAIL PROTECTED]>
Subject: [!! SPAM] Re: Is AES better than RC4
...
-
The Cr
gnature -- but fails to recognize that, ultimately, the key
by itself cannot operate(or own) anything.
Being responsible for an account, or creating keys or passwords, is within
the idea of "owing or operating".
Cheers,
Ed Gerck
--
why data entropy seems
confusing and contradictory to use. It may actually be a much
more powerful tool for data security than currently used.
Cheers,
Ed Gerck
[1] For example, J. Kestin, A Course in Thermodynamics, Blaisdell,
1966.
it.
"...allows the detection of man-in-the-middle (MiTM) attacks by
displaying a short authentication string for the users to read and
compare over the phone."
Depends on the trust model. May not work.
Cheers,
Ed Gerck
-
John W Noerenberg II wrote:
At 5:58 PM -0800 2/24/06, Ed Gerck wrote:
A phone number is not an "envelope" -- it's routing information, just
like
an email address. Publishing the email address is not in question and
there are alternative ways to find it out, such as search engin
bles a covert channel (eg, weak key, key escrow, shared private key), YOUR
envelope is compromised from the start and you have no way of knowing it. This
is
quite different from an address, which single purpose is to route the
communication.
That's I said the postal analogue of the public-k
routing
information. My public-key is the envelope analogue.)
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
of PGP and PKI evolution, users still say it's just not working.
The problem seems to be the methods, not the implementations. Notwithstanding
people that do "the good thing".
Really? I just write "Ed Gerck" on an envelope and it gets to you? I
doubt it. Presumably I have to
Ben Laurie wrote:
Ed Gerck wrote:
This IS one of the sticky points ;-) If postal mail would work this way,
you'd have to ask me to send you an envelope before you can send me mail.
This is counter-intuitive to users.
We have keyservers for this (my chosen technology was PGP). If you
Ben Laurie wrote:
Ed Gerck wrote:
Paul,
Usability should by now be recognized as the key issue for security -
namely, if users can't use it, it doesn't actually work.
And what I heard in the story is that even savvy users such as Phil Z
(who'd have no problem with key managemen
W, just to show that usability is king, could you please send me an
encrypted email -- I even let you choose any secure method that you want.
Cheers,
Ed Gerck
Paul Hoffman wrote:
At 1:56 PM -0800 2/23/06, Ed Gerck wrote:
This story (in addition to the daily headlines) seems to make the case
that
the
This story (in addition to the daily headlines) seems to make the case that
the available techniques for secure email (hushmail, outlook/pki and pgp) do
NOT actually work.
http://www.npr.org/templates/story/story.php?storyId=5227744
Cheers,
Ed Gerck
ons are welcome. A comparison of current email technologies is
presented at http://email-security.net/papers/pki-pgp-ibe.htm
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
te input is also appreciated.
Comments are welcome.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
recommendation from either the Pope or the Dalai Lama
(except during Ramadan, when only approval by the Taliban
will do), and then reject them out of hand if I haven't had
my second cup of coffee.
Cheers,
Ed Gerck
-
The
gital
> certificates to key owners for the benefit of relying parties.
The RPs are not part of the contract. Without CAs, there's no "key
owner" in PKI. It's for the benefit (and reduction of liability)
of the key owners.
Cheers,
Ed Gerck
--
l Technologies" paper and Blog comments in the site as well,
at http://email-security.net
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Anne & Lynn Wheeler wrote:
Ed Gerck wrote:
Regarding PKI, the X.509 idea is not just to automate the process of
reliance but to do so without introducing vulnerabilities in the
threat model considered in the CPS.
but that is one of the points of the article that as you automate more
th
what are the trade-offs.
By comparing the capabilities and faults of the secure email products
per technology used, these and other problems come up in the score card.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Uns
the trade-offs?
To limit the number of
possible copies, email should be sent by a direct
connection from the client to the recipient mail server,
rather than this store and forward crap.
Store and forward makes it reliable -- nothing needs to be
100% online 100% of the time (wh
at http://email-security.net/papers/pki-pgp-ibe.htm
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
==
CALL FOR PAPERS
First International Workshop on
Interoperability Solutions to Trust, Security, Policies and QoS
for Enhanced Enterprise Systems
ll be peer-reviewed
before publication. Product and service listings are also
welcome, search-engine style (short pitch + link).
Regards,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe crypto
Read in an email from a website:
You'll need to send us your CC information via regular email or fax. I
would suggest splitting up your CC info if you send it to us via email in
two separate emails for security.
-
The Cryptogra
ust be stolen at the same
time for the attack to be successful.
Cheers,
Ed Gerck
Perry E. Metzger wrote:
Often, banks send people PINs for their accounts by printing them on
tamper "secure" mailers. Some folks at Cambridge have discovered that
it is easy to read the PINs with
ales?
Do As I Say, Not As I Do?
By weakly fighting fraud, aren't we allowing fraud systems
to become stronger and stronger, just like any biological
threat? The parasites are also fighting for survival. We're
allowing even email to be so degraded that fax and snail
mail are no
; --
acceptable indeed, because it is paid for.
Cheers,
Ed Gerck
[*] Unless the concept of trust in communication systems is defined in
terms of bits and machines, while also making sense for humans, it really
cannot be applied to e-commerce. And there are some who use trust as a
synonym for aut
Original Message
Subject: VirtualGoods Workshop in Florence: Deadline for Submission,
July 20th
Date: Wed, 6 Jul 2005 15:55:37 +0200
From: Juergen Nuetzel <[EMAIL PROTECTED]>
Reply-To: Juergen Nuetzel <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Dear Members of
es as a function
of all the above -- including the threat model;
- provide for key management, with revocation, expiration and roll-over,
before you face these needs without planning.
Cheers,
Ed Gerck
Ian G wrote:
I'd like to take a password and expand it into
several keys. It seems lik
Ian G wrote:
> This will change,. I predict that the banks will end up
with the liability for phishing, for good or for bad, and
they will then find it in their hearts to finance the add-ons,
which will battle it out, thus leading to the 'best practices'
which will be incorporated into the bro
refresh it at will, each user will have the security that he wants.
Matt Crawford wrote:
On May 26, 2005, at 13:24, Ed Gerck wrote:
A better solution, along the same lines, would have been for Citibank to
ask from their account holders when they login for Internet banking,
whether they would like
tatic. The ATM's last-four is private and static too (unless
you want the burden to change your card often).
Lance James wrote:
But from your point, the codeword would be in the clear as well.
Respectively speaking, I don't see how either solution would solve this.
Ed Gerck wrote:
Li
who should actually guard it,
in the name of security?
Cheers,
Ed Gerck
--
I use ZSentry Mail Secure Email
https://zsentry.com/R/index.html/[EMAIL PROTECTED]
-
The Cryptography Ma
Matt Crawford wrote:
On Mar 5, 2005, at 11:32, Ed Gerck wrote:
The worse part, however, is that the server side can always fake your
authentication using a third-party because the server side can
always calculate ahead and generate "your next number" for that
third-party to enter -
d) -- and that's how they are recognized.
So, again, if someone breaks into your file using "your" number --
who is responsible?
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
en you have no correction channel available. I am
looking at N outputs, N sources of information (each one as independent as
possible but not necessarily 100% independent). You have no reference for
detecting a "spike", I have N-1.
Cheers,
Ed Gerck
--
Amir Herzberg wrote:
Ed Gerck responded to me:
Can
you trust what trustbar shows you?
This trust translates to:
-- Trusting the TrustBar code (which is open source so can be validated
by tech-savvy users / sys-admin)
-- Trusting that this code was not modified (same as for any other
aspect of
also possible without trustbar but requires a couple
mouseclicks. Wouldn't it be better if Firefox/Mozilla simply
put the name of the CA next to the lock icon?
Cheers,
Ed Gerck
[1] see corresponding flaws noted in
http://nma.com/papers/cer
Dear Virtual Goods Community,
here is the link to the cfp:
http://virtualgoods.tu-ilmenau.de/2005/cfp_short.txt
Please feel free to distrubute it.
Best regards
Juergen
Here is the text:
C A L L F O R P A P E R S
The 3rd International Workshop for
Technolog
with the internal state. These processes are, however,
not free from correlations either.
Cheers,
Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
C. Distribution
of any software, or text, can be likewise protected -- just don't let
the attacker control everything.
The problem here is not MD5. The problem is allowing the attacker to
have too much power.
Cheers,
Ed Gerck
-
1 - 100 of 154 matches
Mail list logo