Re: [Cryptography] XORing plaintext with ciphertext

2013-09-07 Thread Florian Weimer
* Dave Horsfall: Take the plaintext and the ciphertext, and XOR them together. Does the result reveal anything about the key or the painttext? Yes, their length. ___ The cryptography mailing list cryptography@metzdowd.com

Re: [Cryptography] Snowden fabricated digital keys to get access to NSA servers?

2013-07-04 Thread Florian Weimer
* John Gilmore: [John here. Let's try some speculation about what this phrase, fabricating digital keys, might mean.] Most likely, as part of his job at the contractor, he had administrator access to a system which was used for key management, perhaps to apply security updates, manage backups

Re: ciphers with keys modifying control flow?

2010-09-29 Thread Florian Weimer
* Steven Bellovin: Does anyone know of any ciphers where bits of keys modify the control path, rather than just data operations? AES. See François Koeune, Jean-Jacques Quisqater, A timing attack aganst Rijndael. Université catholique de Louvain, Technicl Report CG-1999.

Re: Obama administration revives Draconian communications intercept plans

2010-09-28 Thread Florian Weimer
Essentially, officials want Congress to require all services that enable communications — including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct “peer to peer” messaging like Skype — to be technically

Re: Haystack redux

2010-09-27 Thread Florian Weimer
, if you're anonymous and oppressed, you're still oppressed. -- Florian Weimerfwei...@bfk.de BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99

Re: towards https everywhere and strict transport security

2010-08-26 Thread Florian Weimer
introducing additional round trips because there is no explicit handshake. Lack of handshake generally makes error recovery quite complex once there are multiple protocol versions you need to support, but handshaking is *not* a consequence of layering. -- Florian Weimerfwei...@bfk.de

Re: MITM attack against WPA2-Enterprise?

2010-07-26 Thread Florian Weimer
* Donald Eastlake: It's always possible to make protocols more secure at higher cost. On the other hand, group key vulnerabilities are nothing new. It's just that many protocol designers seem to not understand them. Back when Cisco proposed XAUTH for IPsec, there was a heated discussion about

Re: Encryption and authentication modes

2010-07-23 Thread Florian Weimer
about the URL case I mentioned), but only to up to a degree. -- Florian Weimerfwei...@bfk.de BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99

Encryption and authentication modes

2010-07-14 Thread Florian Weimer
implementing CCM? -- Florian Weimerfwei...@bfk.de BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99

Re: What's the state of the art in factorization?

2010-04-22 Thread Florian Weimer
* Thierry Moreau: For which purpose(s) is the DNS root signature key an attractive target? You might be able to make it to CNN if your spin is really good. - The Cryptography Mailing List Unsubscribe by sending unsubscribe

Re: What's the state of the art in factorization?

2010-04-22 Thread Florian Weimer
* Thierry Moreau: Florian Weimer wrote: * Thierry Moreau: For which purpose(s) is the DNS root signature key an attractive target? You might be able to make it to CNN if your spin is really good. But even without this self-restraint, there would be no spin for a CNN story. Dedication

Re: Crypto dongles to secure online transactions

2009-11-09 Thread Florian Weimer
* John Levine: At a meeting a few weeks ago I was talking to a guy from BITS, the e-commerce part of the Financial Services Roundtable, about the way that malware infected PCs break all banks' fancy multi-password logins since no matter how complex the login process, a botted PC can wait

Re: Possibly questionable security decisions in DNS root management

2009-10-22 Thread Florian Weimer
. If there's an effect, it will be due to the more rigid protocol specification and a gradual phase-out of grossly non-compliant DNS implementations, and not due to the cryptography involved. -- Florian Weimerfwei...@bfk.de BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße

Re: Possibly questionable security decisions in DNS root management

2009-10-22 Thread Florian Weimer
-trusted source is quite risky. (It turns out that the current signing schemes have not been designed for this type of application, but the general crypto community is very slow at realizing this discrepancy.) -- Florian Weimerfwei...@bfk.de BFK edv-consulting GmbH http

Re: Possibly questionable security decisions in DNS root management

2009-10-22 Thread Florian Weimer
. (And the priming response is already larger than 600 bytes due to IPv6 records.) DNSKEY RRsets are more interesting. But in the end, this is not a DNS problem, it's a lack of regulation of the IP layer. -- Florian Weimerfwei...@bfk.de BFK edv-consulting GmbH http

Re: Possibly questionable security decisions in DNS root management

2009-10-22 Thread Florian Weimer
by private analysis. (It is somewhat at odds with my own conclusions.) -- Florian Weimerfwei...@bfk.de BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99

Re: brute force physics Was: cleversafe...

2009-08-13 Thread Florian Weimer
to our lack of means to build machine registers which can store integers in the mathematical sense. -- Florian Weimerfwei...@bfk.de BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99

Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-04 Thread Florian Weimer
* Stephan Somogyi: At 13:08 -0500 03.03.2009, Adam Fields wrote: When compelled to give out your password Unless I'm misunderstanding the ruling, Boucher is not being compelled to produce his passphrase (like he could under RIPA Section 49 in the UK), but he is being told to produce the

Re: Property RIghts in Keys

2009-02-13 Thread Florian Weimer
[Moderator's note: I've been clamping down on the IP discussion since not much more really new was being said, but I'm allowing this through because it brings up an interesting side point -- I will reply to it to move to that discussion. --Perry] * Perry E. Metzger: However, a cert seems almost

Re: What risk is being defended against here?

2009-01-17 Thread Florian Weimer
* Jerry Leichter: Any speculations (beyond bureaucracy at its finest)? I wild guess would be fraudulent testing organizations which claim to have been subject to fraud themselves, and the testing standards body answered with some sort of regulation. (For certain German language test instances

Re: Security by asking the drunk whether he's drunk

2008-12-28 Thread Florian Weimer
* Jerry Leichter: I got in touch with the company and actually received intelligent responses both at their 800 number - I placed my order that way - and in a response from their customer service people. Most remarkable - almost all organizations ignore such communication. It's ironic

Re: Raw RSA binary string and public key 'detection'

2008-11-22 Thread Florian Weimer
* Dirk-Willem van Gulik: Been looking at the Telnic (dev.telnic.org) effort. In essence; NAPTR dns records which contain private details such as a phone number. These are encrypted against the public keys of your friends (so if you have 20 friends and 3 phone numbers visible to all friends

Re: voting by m of n digital signature?

2008-11-14 Thread Florian Weimer
* James A. Donald: Is there a way of constructing a digital signature so that the signature proves that at least m possessors of secret keys corresponding to n public keys signed, for n a dozen or less, without revealing how many more than m, or which ones signed? What about this?

Re: More US bank silliness

2008-09-09 Thread Florian Weimer
* Peter Gutmann: On a semi-related topic, it'd be interesting to get some discussion about FF3 removing the FF2 SSL indicators of the padlock and (more visibly) the background colour-change for the URL bar when SSL is active and replacing it with a spoof-friendly indicator that's part of

Re: OpenID/Debian PRNG/DNS Cache poisoning advisory

2008-08-08 Thread Florian Weimer
* Eric Rescorla: Why do you say a couple of megabytes? 99% of the value would be 1024-bit RSA keys. There are ~32,000 such keys. There are three sets of keys, for big-endian 32-bit, little-endian 32-bit and little-endian 64-bit. On top of that, openssl genrsa generates different keys

Looking through a modulo operation

2008-07-20 Thread Florian Weimer
I've got a function f : S - X x S where S = (Z/2Z)**96 and X = (Z/2Z)**32. Suppose that s_0 is fixed and (x_i, s_i) = f(s_{i-1}). (f implements a PRNG. The s_i are subsequent internal states and the x_i are results.) Now f happens to be linear. I know the values of x_i, x_{i+1}, ..., x_{i+k}

Re: “A Practical Attack on the MIFARE Classic”

2008-07-16 Thread Florian Weimer
* Karsten Nohl: The benefits clearly outweigh the risks since half a year after announcing the vulnerabilities, Mifare Classic is hopefully not used in any high security application anymore. Isn't this a bit of wishful thinking? The dynamics are probably very involved because you usually

Re: Kaminsky finds DNS exploit

2008-07-14 Thread Florian Weimer
* Jack Lloyd: Perhaps there is something subtle here that is more dangerous than the well known problems, and all these source port randomization and transaction id randomization fixes are just a smokescreen of sorts for a fix for something Dan found. It's not a smokescreen, it's a

Re: Kaminsky finds DNS exploit

2008-07-14 Thread Florian Weimer
* John Levine: CERT/CC mentions this: | It is important to note that without changes to the DNS protocol, such | as those that the DNS Security Extensions (DNSSEC) introduce, these | mitigations cannot completely prevent cache poisoning. Why wouldn't switching to TCP lookups solve the problem?

Re: Kaminsky finds DNS exploit

2008-07-10 Thread Florian Weimer
* Paul Hoffman: The take-away here is not that Dan didn't discover the problem, but Dan got it fixed. I haven't seen credible claims that the underlying issue can actually be fixed in the classic DNS protocol. There are workarounds on top of workarounds. A real fix requires more or less

Re: Secure voice?

2008-07-07 Thread Florian Weimer
* Allen: Interesting tidbit: http://www.epaynews.com/index.cgi?survey=ref=browsef=viewid=121516308313743148197block= Nick Ogden, a Briton who launched one of the world's first e-commerce processors in 1994, has developed a system for voice-signed financial transactions. The Voice Transact

Re: Strength in Complexity?

2008-07-06 Thread Florian Weimer
* Arshad Noor: I may be a little naive, but can a protocol itself enforce proper key-management? I can certainly see it facilitating the required discipline, but I can't see how a protocol alone can enforce it. Any examples you can cite where this has been done, would be very helpful. As

Re: German banks liable for phishing (really: keylogging) attacks

2008-07-05 Thread Florian Weimer
* Stephan Neuhaus: This article: http://www.spiegel.de/wirtschaft/0,1518,563606,00.html (sorry, German only) describes a judgment made by a German district court which says that banks are liable for damages due to phishing attacks. District court may be a bit misleading, it's the entry-level

Re: ITU-T recommendations for X.509v3 certificates

2008-07-05 Thread Florian Weimer
* Peter Gutmann: Or is it unreasonable to expect that the specs match what is actually needed for interoperability with existing implementations (mostly in the TLS, S/MIME area)? There is very little correspondence between PKI specs and reality. I should have written that my main goal was to

Re: Strength in Complexity?

2008-07-05 Thread Florian Weimer
* Peter Gutmann: [1] Show of hands, how many people here not directly involved with X.509 work knew that the spec required that all extensions in CA root certificates (trust anchors in recent X.509 jargon) be ignored by an implementation? So if you put in name constraints, key

Re: Strength in Complexity?

2008-07-05 Thread Florian Weimer
* Arshad Noor: The author of an article that appeared in InformationWeek this week (June 30, 2008) on Enterprise Key Management Infrastructure (EKMI): http://www.informationweek.com/shared/printableArticle.jhtml?articleID=208800937 states the following: There are, of course, obstacles

Re: Strength in Complexity?

2008-07-05 Thread Florian Weimer
* Peter Gutmann: Florian Weimer [EMAIL PROTECTED] writes: * Peter Gutmann: [1] Show of hands, how many people here not directly involved with X.509 work knew that the spec required that all extensions in CA root certificates (trust anchors in recent X.509 jargon) be ignored

Re: skype claims they have no technical means to assist wiretapping

2008-06-16 Thread Florian Weimer
* Perry E. Metzger: Excerpt: Jennifer Caukin, Skype's director of corporate communications replied to us: We have not received any subpoenas or court orders asking us to perform a live interception or wiretap of Skype-to-Skype communications. In any event, because of

Re: RIM to give in to GAK in India

2008-05-27 Thread Florian Weimer
* Dave Korn: In a major change of stance, Canada-based Research In Motion (RIM) may allow the Indian government to intercept non-corporate emails sent over BlackBerrys. Research In Motion (RIM), the Canadian

Re: [ROS] The perils of security tools

2008-05-23 Thread Florian Weimer
* Peter Gutmann: Debian seem to be particularly bad for not reporting changes to maintainers, This shouldn't be the case. There's a clear policy that non-packaging changes (basically, anything beyond trivial build fixes and pathname changes for FHS compliance) should be submitted upstream.

Re: [ROS] The perils of security tools

2008-05-23 Thread Florian Weimer
* Ben Laurie: Jonathan S. Shapiro wrote: Ben: I'm idly curious. Was this exceptionally unusual case where use of uninitialized memory was valid properly commented in the code? It's mentioned in the manpage for a function that eventually calls the function that was (correctly) patched--through

Re: [ROS] The perils of security tools

2008-05-23 Thread Florian Weimer
* Ben Laurie: I must confess that I said that because I did not have the energy to figure out the other routes to adding entropy, such as adding an int (e.g. a PID, which I'm told still makes it in there). The PID dependency is there because of the need for fork support--obviously, the PRNG

Re: OpenSparc -- the open source chip (except for the crypto parts)

2008-05-05 Thread Florian Weimer
, or if the code is actually bogus. (And for most (all?) non-trivial software, source code acquisition costs are way below validiation costs, so public availability of source code is indeed a red herring.) -- Florian Weimer[EMAIL PROTECTED] BFK edv-consulting GmbH http://www.bfk.de

Re: How is DNSSEC

2008-03-26 Thread Florian Weimer
* James A. Donald: From time to time I hear that DNSSEC is working fine, and on examining the matter I find it is working fine except that Seems to me that if DNSSEC is actually working fine, I should be able to provide an authoritative public key for any domain name I control, and

Re: SSL/TLS and port 587

2008-01-23 Thread Florian Weimer
) if this message turns out to be spam. There's nothing related to confidentiality that I know of. -- Florian Weimer[EMAIL PROTECTED] BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721

Re: patent of the day

2008-01-23 Thread Florian Weimer
approaches: | | * The content of a page disappears when its respective encryption key | is deleted, a very fast operation. [...] AFAICS, the patent does not reference the paper. -- Florian Weimer[EMAIL PROTECTED] BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100

Re: Question on export issues

2008-01-02 Thread Florian Weimer
* Ivan Krstić: We've recently had to jump through the BIS crypto export hoops at OLPC. Our systems both ship with crypto built-in and, due to their Fedora underpinnings, allow end-user installation of various crypto libraries -- all open-source -- through our servers. It was a nightmare; the

Re: PlayStation 3 predicts next US president

2007-12-13 Thread Florian Weimer
* William Allen Simpson: Assuming, Dp := any electronic document submitted by some person, converted to its canonical form Cp := a electronic certificate irrefutably identifying the other person submitting the document Cn := certificate of the notary Tn := timestamp

Re: Seagate announces hardware FDE for laptop and desktop machines

2007-10-05 Thread Florian Weimer
* Ivan Krstić: On Oct 3, 2007, at 4:39 AM, Florian Weimer wrote: But this exhibits an issue with disk-based encryption: you can't really know what they are doing, and if they are doing it right. (Given countless examples of badly-deployed cryptography, this isn't just paranoia, but a real

Re: Seagate announces hardware FDE for laptop and desktop machines

2007-10-03 Thread Florian Weimer
* Simon Josefsson: One would assume that if you disable the password, the data would NOT be accessible. Making it accessible should require a read+decrypt+write of the entire disk, which would be quite time consuming. It may be that this is happening in the background, although it isn't

Re: interesting paper on the economics of security

2007-08-22 Thread Florian Weimer
* Hal Finney: Information on the quality of AV and other security products is widely available on the net, in magazines and other places that consumers might look for reviews and comparisons. This is completely unlike the situation with individual used cars. I don't see this analogy as

Re: How the Greek cellphone network was tapped.

2007-07-10 Thread Florian Weimer
* John Ioannidis: Florian Weimer wrote: It's also an open question whether network operators subject to interception requirements can legally offer built-in E2E encryption capabilities without backdoors. You probably meant device vendors, not network operators. The whole *point* of E2E

Re: How the Greek cellphone network was tapped.

2007-07-09 Thread Florian Weimer
* Ian Farquhar: Crypto has been an IP minefield for some years. With the expiry of certain patents, and the availability of other unencumbered crypto primitives (eg. AES), we may see this change. But John's other points are well made, and still valid. Downloadable MP3 ring tones are a

Re: UK RIPA Pt 3

2007-07-05 Thread Florian Weimer
* Peter Fairbrother: I forgot to mention that Pt.3 also includes coercive demands for access keys - so for instance if Mr Bill Gates came to the UK, and if there was some existing question about Microsoft's behaviour in some perhaps current EU legal matter, Mr Gates could be required to give

Re: Hackers target C-level execs and their families

2007-07-05 Thread Florian Weimer
* Udhay Shankar N.: Hasn't this already been going on a while? I'm only surprised there hasn't been a big public incident yet. Doesn't this one count? | According to Chief Superintendent Arye Edelman, head of the Tel Aviv | fraud squad, which ran the investigation, Haephrati used two methods

Re: The bank fraud blame game

2007-07-02 Thread Florian Weimer
* Ian G.: Banks are the larger and more informed party. But not as far as client-side fraudulent activity is concerned. After all, the attacked systems are not under their administrative control. They need to provide systems that are reasonable given the situation (anglo courts generally

Re: The bank fraud blame game

2007-07-02 Thread Florian Weimer
* Anne Lynn Wheeler: In the mid-90s, financial institutions looking at the internet for online, commercial banking and cash management (i.e. business equivalent to consumer online banking) were extremely conflicted ... they frequently were almost insisting on their own appliance at the

Re: The bank fraud blame game

2007-07-01 Thread Florian Weimer
* Jerry Leichter: OK, I could live with that as stated. But: The code also adds: We reserve the right to request access to your computer or device in order to verify that you have taken all reasonable steps to protect your computer or device and safeguard your

Re: IBM Lost Tape(s)

2007-06-11 Thread Florian Weimer
* John Ioannidis: I wonder how much it cost them to find current addresses for everybody so we could be notified. I guess it's pretty easy because your personal information is available to so many organizations, without any safeguards. Obviously, they had your social security number (it's only

Re: 307 digit number factored

2007-06-09 Thread Florian Weimer
* Victor Duchovni: But no one is issuing certificates which are suitable for use with SMTP (in the sense that the CA provides a security benefit). As far as I know, there isn't even a way to store mail routing information in X.509 certificates. There is no need to store routing

Re: 307 digit number factored

2007-05-23 Thread Florian Weimer
* Victor Duchovni: That's good of you not to expect it, given that zero of the major CAs seem to support ECC certs today, and even if they did, those certs would not work in IE on XP. We are not talking about this year or next of course. My estimate is that Postfix releases designed this

Re: no surprise - Sun fails to open source the crypto part of Java

2007-05-14 Thread Florian Weimer
* Ian G.: My worry was that they hadn't open sourced the architecture component, the part that wasn't meant to be replaceable. However even if open sourced, Sun may still wield a stick over the providers by insisting that they manage the signing process for the providers. The signing

Re: no surprise - Sun fails to open source the crypto part of Java

2007-05-12 Thread Florian Weimer
* Ian G.: Does anyone know what Sun failed to opensource in the crypto part of Java? The Sun JCE provider appears to be missing, which means that few cryptographic algorithms are actually implemented in the source drop. All the symmetric encryption algorithms are missing, for instance.

Re: Public key encrypt-then-sign or sign-then-encrypt?

2007-05-02 Thread Florian Weimer
* Travis H.: Also there's a semantic issue; am I attesting to the plaintext, or the ciphertext? It's possible the difference could be important. With sign, then encrypt, it's also possible that the receiver decrypts the message, and then leaks it, potentially giving the impression that the

Re: Was a mistake made in the design of AACS?

2007-05-02 Thread Florian Weimer
* Perry E. Metzger: This seems to me to be, yet again, an instance where failure to consider threat models is a major cause of security failure. Sorry, but where's the security failure? Where can you buy hardware devices that can copy HD disks? Or download software that does, with a readily

Re: DNSSEC to be strangled at birth.

2007-04-05 Thread Florian Weimer
* Peter Gutmann: Dave Korn [EMAIL PROTECTED] writes: Surely if this goes ahead, it will mean that DNSSEC is doomed to widespread non-acceptance. I realise this is a bit of a cheap shot, but: How will this be any different from the current situation? You can see that the keys change and

Re: DNSSEC to be strangled at birth.

2007-04-05 Thread Florian Weimer
* Simon Josefsson: However, in practice I don't believe many will trust the root key alone -- for example, I believe most if not all Swedish ISPs would configure in trust of the .se key as well. There are some examples that such static configuration is extremely bad. Look at the problems

Re: Failure of PKI in messaging

2007-02-15 Thread Florian Weimer
* James A. Donald: Obviously financial institutions should sign their messages to their customers, to prevent phishing. The only such signatures I have ever seen use gpg and come from niche players. Deutsche Postbank uses S/MIME, and they are anything but a niche player. It doesn't help

Re: Free WiFi man-in-the-middle scam seen in the wild.

2007-01-30 Thread Florian Weimer
* Perry E. Metzger: If you go over to, say, www.fidelity.com, you will find that you can't even get to the http: version of the page any more -- you are always redirected to the https: version. Of course, this only helps if users visit the site using bookmarks that were created after the

Re: Fwd: [FDE] Largest Ever Single FDE implementation

2007-01-03 Thread Florian Weimer
* Saqib Ali: You can read about the competition, which will come to a close in the next 90 days at: http://www.fbo.gov/spg/USAF/AFMC/ESC/FA8771-07-R-0001/Attachments.html In the process, the following document has been published:

Re: ATM vulnerability

2006-12-21 Thread Florian Weimer
I hesitate to use the syllable crypto in describing this paper, but those who have not seen it may find it interesting. http://www.arx.com/documents/The_Unbearable_Lightness_of_PIN_Cracking.pdf Or profitable. In a weired sense, yes. If I understand the paper correctly, the authors show

Re: Hamiltonian path as protection against DOS.

2006-10-03 Thread Florian Weimer
* James A. Donald: DOS is now a major problem - every business, online games, money movers, banks, porno sites, casinos, now comes under DOS attack from extortionists. How do Hamiltonian paths protect against the H.R.4411 attack? (Part of the DoS problem online casinos face is that due to

Re: Circle Bank plays with two-factor authentication

2006-10-01 Thread Florian Weimer
* Steven M. Bellovin: Again -- the scheme isn't foolproof, but it's probably *good enough*. I agree that if you consider this scheme in isolation, it's better than plain user names and passwords. But I wonder if it significantly increases customer confusion because banks told their customer

Re: Locating private keys in RAM?

2006-09-07 Thread Florian Weimer
* Douglas F. Calvert: I remember seeing a paper about identifying private keys in RAM. I thought it was by Rivest but I can not locate it for the life of me. Does anyone remember reading something like this? The basic operation was to identify areas in RAM that had certain characteristics

Re: Recovering data from encrypted disks, broken CD's

2006-07-29 Thread Florian Weimer
* Steven M. Bellovin: I wonder how accurate this is. It's certainly true that some drives have vendor passwords to unlock them. It's hard to see how they could break through (good) software encryption, A lot of software tends to create temporary files in random places. If you don't encrypt

Re: NIST hash function design competition

2006-07-20 Thread Florian Weimer
* Travis H.: On 7/11/06, Hal Finney [EMAIL PROTECTED] wrote: : So what went wrong? Answer: NIST failed to recognize that table lookups : do not take constant time. âTable lookup: not vulnerable to timing : attacks, NIST stated in [19, Section 3.6.2]. NIST's statement was, : and is,

Re: Greek cellular wiretapping scandal

2006-06-25 Thread Florian Weimer
* Steven M. Bellovin: I have more than a passing aquaintance with the complexity of phone switch software; doing that was *hard* for anyone, especially anyone not a switch developer. Isn't Ericsson's switching software written in Erlang, is highly modular and officially supports run-time code

Re: Status of SRP

2006-06-06 Thread Florian Weimer
* Anne Lynn Wheeler: Florian Weimer wrote: FINREAD is really interesting. I've finally managed to browse the specs, and it looks as if this platform can be used to build something that is secure against compromised hosts. However, I fear that the support costs are too high, and that's why

Re: Status of SRP

2006-06-03 Thread Florian Weimer
* Ka-Ping Yee: Passpet's strategy is to customize a button that you click. We are used to recognizing toolbar buttons by their appearance, so it seems plausible that if the button has a custom per-user icon, users are unlikely to click on a spoofed button with the wrong icon. Unlike other

Re: Status of SRP

2006-06-03 Thread Florian Weimer
* Anne Lynn Wheeler: Florian Weimer wrote: If you've deployed two-factor authentication (like German banks did in the late 80s/early 90s), the relevant attacks do involve compromised customer PCs. 8-( Just because you can't solve it with your technology doesn't mean you can pretend

Re: Status of SRP

2006-06-01 Thread Florian Weimer
* James A. Donald: The obvious solution to the phishing crisis is the widespread deployment of SRP, but this does not seem to happening. SASL-SRP was recently dropped. What is the problem? There is no way to force an end user to enter a password only over SRP. That's why SRP is not

Re: Status of opportunistic encryption

2006-05-29 Thread Florian Weimer
* Sandy Harris: Recent news stories seem to me to make it obvious that anyone with privacy concerns (i.e. more-or-less everyone) should be encrypting as much of their communication as possible. Implementing opportunistic encryption is the best way I know of to do that for the Internet. I'm

Re: picking a hash function to be encrypted

2006-05-15 Thread Florian Weimer
* Travis H.: IIUC, protocol design _should_ be easy, you just perform some finite-state analysis and verify that, assuming your primitives are ideal, no protocol-level operations break it. Is this still true if you don't know your actual requirements?

Re: History and definition of the term 'principal'?

2006-04-29 Thread Florian Weimer
* Hadmut Danisch: The only precise definition I found is in a law dictionary where it is defined as a legal term. The OED might also be helpful: B. [...] 2. a. A chief actor or doer; the chief person engaged in some transaction or function, esp. in relation to one employed by or acting

Re: NPR : E-Mail Encryption Rare in Everyday Use

2006-03-08 Thread Florian Weimer
* Bill Stewart: Or you could try using the Google Keyserver - just because there isn't one doesn't mean you can't type in 9E94 4513 3983 5F70 or 9383DE06 or [EMAIL PROTECTED] PGP Key and see what's in Google's cache. What a peculiar advice. We know for sure that Google logs these

Re: NPR : E-Mail Encryption Rare in Everyday Use

2006-02-28 Thread Florian Weimer
* Ben Laurie: I don't use PGP - for email encryption I use enigmail, and getting missing keys is as hard as pressing the get missing keys button. A step which has really profound privacy implications. I couldn't find a PGP key server operator that committed itself to keeping logs confidential

Re: GnuTLS (libgrypt really) and Postfix

2006-02-14 Thread Florian Weimer
* Werner Koch: On Sat, 11 Feb 2006 12:36:52 +0100, Simon Josefsson said: 1) It invoke exit, as you have noticed. While this only happen in extreme and fatal situations, and not during runtime, it is not that serious. Yet, I agree it is poor design to do this in a library.

Re: AW: [Clips] Banks Seek Better Online-Security Tools

2005-12-07 Thread Florian Weimer
* Ulrich Kuehn: In 2000 someone here in Germany already demonstrated how to attack smart card based HBCI transactions. Those transactions are authorized by an RSA signature done by the card. Here's a link: http://www.heise.de/newsticker/meldung/9349 The attack relyed on the card reader not

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread Florian Weimer
* Nicholas Bohm: [EMAIL PROTECTED] wrote: You know, I'd wonder how many people on this list use or have used online banking. To start the ball rolling, I have not and won't. --dan I do. My bank provides an RSA SecureId, so I feel reasonably safe against anyone other than the bank.

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread Florian Weimer
You know, I'd wonder how many people on this list use or have used online banking. To start the ball rolling, I have not and won't. Why? Repudiating transactions is easier than ever. As a consumer, I fear technology which is completely secure according to experts, but which can be broken

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread Florian Weimer
* Eugen Leitl: The German PIN/TAN system is reasonably secure, being an effective one-time pad distributed through out of band channel (mailed dead tree in a tamperproof envelope). Some banks have optimized away the special envelope. 8-( It is of course not immune to phishing (PIN/TAN

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-06 Thread Florian Weimer
* Jonathan Thornburg: Ahh, but how do you know that the transaction actually sent to the bank is the same as the one you thought you authorized with that OTP? If your computer (or web browser) has been cracked, you can't trust _anything_ it displays. There are already viruses in the wild

Re: ISAKMP flaws?

2005-11-18 Thread Florian Weimer
* Peter Gutmann: I haven't been following the IPSec mailing lists of late -- can anyone who knows details explain what the issue is? These bugs have been uncovered by a PROTOS-style test suite. Such test suites can only reveal missing checks for boundary conditions, leading to out- of-bounds

Re: ISAKMP flaws?

2005-11-18 Thread Florian Weimer
* William Allen Simpson: Quoting Photuris: Design Criteria, LNCS, Springer-Verlag, 1999: The hallmark of successful Internet protocols is that they are relatively simple. This aids in analysis of the protocol design, improves implementation interoperability, and reduces operational

Re: ISAKMP flaws?

2005-11-18 Thread Florian Weimer
* William Allen Simpson: Florian Weimer wrote: Photuris uses a baroque variable-length integer encoding similar to that of OpenPGP, a clear warning sign. 8-/ On the contrary: + a VERY SIMPLE variable-length integer encoding, where every number has EXACTLY ONE possible representation

Re: ISAKMP flaws?

2005-11-17 Thread Florian Weimer
* Perry E. Metzger: I haven't been following the IPSec mailing lists of late -- can anyone who knows details explain what the issue is? These bugs have been uncovered by a PROTOS-style test suite. Such test suites can only reveal missing checks for boundary conditions, leading to

Re: FW: Fermat's primality test vs. Miller-Rabin

2005-11-13 Thread Florian Weimer
* Charlie Kaufman: The probability of a single run of Miller-Rabin or Fermat not detecting that a randomly chosen number is composite is almost vanishingly small. How do you chose a random integer, that this, based on which probability distribution? 8-) Anyway, one can show that for some

Re: How broad is the SPEKE patent.

2005-11-11 Thread Florian Weimer
* James A. Donald: I figured that the obvious solution to all this was to deploy zero knowledge technologies, where both parties prove knowledge of the shared secret without revealing the shared secret. Keep in mind that one party runs the required software on a computed infected with

Re: Cisco VPN password recovery program

2005-10-20 Thread Florian Weimer
* Perry E. Metzger: Via cryptome: http://evilscientists.de/blog/?page_id=343 The Cisco VPN Client uses weak encryption to store user and group passwords in your local profile file. I coded a little tool to reveal the saved passwords from a given profile file. If this is true,

Re: Cisco VPN password recovery program

2005-10-20 Thread Florian Weimer
http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_guide_chapter09186a00803ee1f0.html#wp2477015 - - - Cisco Client Parameters Allow Password Storage on Client - Check this box to allow IPSec clients to store their login passwords on their local

  1   2   >