I'll be the first to admit that I don't understand this paper. I'm
just an engineer, not a mathematician. But it looks to me like the
authors are academics, who create an imaginary construction method for
a random number generator, then prove that
Does PGP have any particular support for key signing parties built in or is
this just something that has grown up as a practice of use?
It's just a practice. I agree that building a small amount of automation
for key signing parties would improve the web of trust.
I have started on a
b. There are low-end environments where performance really does
matter. Those often have rather different properties than other
environments--for example, RAM or ROM (for program code and S-boxes)
may be at a premium.
Such environments are getting very rare these days. For example, an
Here's a crazy idea: instead of using one of these formats, use a
human readable format that can be described by a formal grammar
which is hopefully regular, context-free, or context-sensitive in a
If only we could channel the late Jon Postel. Didn't you ever notice
And the problem appears to be compounded by dofus legacy implementations
that don't support PFS greater than 1024 bits. This comes from a
misunderstanding that DH keysizes only need to be half the RSA length.
So to go above 1024 bits PFS we have to either
1) Wait for all the servers to
Forwarded-By: David Farber d...@farber.net
Forwarded-By: Annie I. Anton Ph.D. aian...@mindspring.com
NSA cryptanalyst: We, too, are Americans
Summary: ZDNet Exclusive: An NSA mathematician shares his from-the-trenches
wiretapped Big Data that
led the prosecutors to you. Defending the citizens from the excesses
of government isn't their job. Defending their turf, their budget,
and their powers is their job.
The cryptography mailing list
Techdirt takes apart his statement here:
NSA Needs To Give Its Rank-and-File New Talking Points Defending
Surveillance; The Old
The FISA court has a web site (newly, this year):
Today they released a Memorandum Opinion and Primary Order in
case BR 13-109 (Business Records, 2013, case 109), which lays
out the legal reasoning behind ordering several telephone
This is one of the documents that an EFF Freedom of Information
lawsuit asked for. The government had been claiming they could not
release ANY FISA court orders or submissions. When the President
ordered the intelligence
I wouldn't mind if it had been called Pretty Good Forward Secrecy instead,
but it really is a lot better than regular public key.
My point was that the name is misleading and causes people to look for more
than is there.
There doesn't seem to be much downside to just calling it Forward
Johns Hopkins University censored this exact blog post by Prof. Green,
because of a complaint from its local defense contractor affiliated
with NSA, the Applied Physics Laboratory
... the Wassenaar Arrangement clearly says that
material, software and technology need an authorization to be exported /
What is actually the status of the law about cryptography and publishing
new algorithms ? Is the cryptographer that publish a paper without
Phillip Hallam-Baker hal...@gmail.com wrote:
5) Protocol vulnerability that IETF might have fixed but was discouraged
By the way, it was a very interesting exercise to actually write out
on graph paper the bytes that would be sent in a TLS exchange. I did
this with Paul Wouters
First, DNSSEC does not provide confidentiality. Given that, it's not
clear to me why the NSA would try to stop or slow its deployment.
DNSSEC authenticates keys that can be used to bootstrap
confidentiality. And it does so in a globally distributed, high
performance, high reliability
I have a small amount of raised eyebrow because the greatest bulwark
we have against the SIGINT capabilities of any intelligence agency are
that agency's IA cousins. I don't think that the Suite B curves would
have been intentionally weak. That would be a shock.
Then be shocked, shocked that
through no fault of your own.
The cryptography mailing list
The Daily Beast
Greenwald: Snowden's Files Are Out There if 'Anything Happens' to Him
by Eli Lake Jun 25, 2013 1:36 PM EDT
Snowden has shared encoded copies of all the
software for any Apple platform
except the Mac is already like that.
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
I don't know how NZ banks do it; in the US, they use the phone
number you're calling from. Yes, it's spoofable, but most folks (a)
don't know it, and (b) don't know how.
No, they don't use the phone number to validate anything. I routinely
ignore the instructions to call from your home
It's worth a quote from the paper at CRYPTO '10 on factorization of a
A good paper by top academics.
Another conclusion from
our work is that we can confidently say that if we restrict ourselves to
an open community, academic effort such as ours and unless something
... 2048-bit keys performing
at 1/9th of 1024-bit. My own internal benchmarks have been closer to
1/7th to 1/8th. Either way, that's back in line with the above stated
90-95% overhead. Meaning, in Dan's words 2048 ain't happening.
Can I abuse a phrase and
There is no guarantee, once an eavesdropping system is
implemented, that it will be used only for legitimate purposes -- see,
for example, the scandal in which Greek government ministers were
listened to using the lawful intercept features of cellphone
And, by the way, what ever
It's pretty outrageous that anyone would try to patent rolling barcoded
dice to generate random numbers.
I've been generating random strings from dice for years. I find that
gamers' 20-sided dice are great; each roll gives you a hex digit, and
anytime you roll a 17 thru 20, you just roll again.
designed 25 years ago would not scale to today's load. There was a
crucial design mistake: DNS packets were limited to 512 bytes. As a
result, there are 10s or 100s of millions of machines that read *only*
Yes, that was stupid, but it was done very early in the evolution of
ts a fun story, but... RFC 4034 says RSA/SHA1 is mandatory and DSA is
I was looking at RFC 2536 from March 1999, which says Implementation
of DSA is mandatory for DNS security. (Page 2.) I guess by March 2005
(RFC 4034), something closer to sanity had prevailed.
FYI. As I understand it, TI calculator boot ROMs use a 512 bit RSA
public key to check the signature of the software they're loading.
When hobbyists who wanted to run their own alternative OS software on
their calculator calculated the corresponding private key and were
thus able to sign their
To: torva...@osdl.org, g...@toad.com
Subject: SHA1 is broken; be sure to parameterize your hash function
Date: Sat, 23 Apr 2005 15:21:07 -0700
From: John Gilmore g...@new.toad.com
It's interesting watching git evolve. I have one
[But we don't know who they are! --gnu]
Two convicted for refusal to decrypt data
Up to five years in jail after landmark prosecutions
By Chris Williams
Posted in Policing, 11th August 2009 13:17 GMT
Two people have been successfully
While I agree with the sentiment and the theory, I'm not sure that it
really works that way. How many actual implementations of typical
protocols are there?
For Adobe Flash, there are three separate implementations -- Adobe's
proprietary one, GNU Gnash, and Swfdec.
Gnash is focused on
2) If you throw TCP processing in there, unless you are consistantly going to
have packets on the order of at least 1000 bytes, your crypto algorithm is
This is my experience, too. And I would add and lots of packets.
The only crypto overhead that really mattered in a
PS: Our trade-show giveaway button one year was License Managers Suck;
it was very popular.
PPS: On a consulting job one time, I helped my customer patch out the
license check for some expensive Unix circuit simulation software they
were running. They had bought
It's a little hard to help without knowing more about the situation.
I.e. is this a software company? Hardware? Music? Movies?
Documents? E-Books? Is it trying to prevent access to something, or
the copying of something? What's the something? What's the threat
model? Why is the company
Chinese hackers crack iTunes Store gift codes, sell certificates
By Charles Starrett
Senior Editor, iLounge
Published: Tuesday, March 10, 2009
A group of Chinese hackers has
* Is there any standard cryptographic hash function with an output
of about 64 bits? It's OK for our scenario if finding a preimage for
a particular signature takes 5 days. Not if it takes 5 minutes.
This is a protocol designed for nasty guys who want to steal your car,
I would not read too much into this ruling -- I think that this is a
special situation, and does not address the more important general
In other cases, where alternative evidence is not available to the
government, and where government agents have not already had a look at
To: Jerrold Leichter jerrold.leich...@smarts.com
cc: email@example.com, gnu
Subject: Re: Difference between TCPA-Hardware and other forms of trust
Date: Tue, 16 Dec 2003 13:53:24 -0800
From: John Gilmore g...@toad.com
If it comes from the Trusted Computing Group, you can pretty much
assume that it will make your computer *less* trustworthy. Their idea
of a trusted computer is one that random unrelated third parties can
trust to subvert the will of the computer's owner.
If POW tokens do become useful, and especially if they become money,
machines will no longer sit idle. Users will expect their computers to
be earning them money (assuming the reward is greater than the cost to
Computers are already designed to consume much less electricity when
Usability research about how to track web users? How Google-like.
Can't you just dump a 25-year cookie on them from twelve different
directions, and be done with it?
Federated Login has been a holy grail in the identity community
for a long time. We have known how to do the technical part
[British shoppers were promised high security by switching from credit
cards to cards that have a chip in them and require that a PIN be entered
for each transaction. That was the reason for changing everything over,
at high cost in both money and inconvenience to shops and shoppers. Perhaps
[News report below.]
This highly classified little-publicized multi-billion dollar vague
program to secure Federal computers seems doomed to failure. People
like you and I, in the unclassified private sector, design and build
and program all those computers and networks.
But of course we've
or Verilog source code that implements crypto under an open
source license. And I'd be happy to point them at good lawyers who'd
be happy to be paid to render a more definitive opinion.
Grant code 'MDA904' - National Security Agency
The NSA has pushed tens or hundreds of millions into the academy
through research grants using one particular grant code. ...
Nacchio affects spy probe
His court filings point to government surveillance months before 9/11
By Andy Vuong
The Denver Post
Article Last Updated: 10/20/2007 11:38:08 PM MDT
Previously sealed documents filed by former
Mexico to boost tapping of phones and e-mail with U.S. aid
Calderon is seeking to expand monitoring of drug gangs; Washington also may
have access to the data.
By Sam Enriquez, Times Staff
Well, there's an idea: use different physical media formats for
entertainment and non-entertainment content (meaning, content created by
MPAA members vs. not) and don't sell writable media nor devices capable
of writing it for the former, not to the public, keeping very tight
controls on the
Forwarded-By: Brad Templeton [EMAIL PROTECTED]
The plaintiff is suing Microsoft (and already got a settlement from
Compaq and Circuit City) because in spite of the security tools they
sold him, the FBI forensic lab was
Page 7 of the PDF describes the POPCNT application-targeted accelerator.
PS: They don't give much detail, but they seem to be adding a grep
IBM donates new privacy tool to open-source
By Joris Evers
Staff Writer, CNET News.com
Published: January 25, 2007, 9:00 PM PST
IBM has developed software designed to let people keep personal
This comes from an interesting SIGINT and more blog from
the Augusta Metro Spirit, a local weekly newspaper. Excerpts:
... Augusta is about to get a $340-million taste of Sweet Tea.
The National Security Agency is building a massive
What we want is that a bank client can prove to the bank
it is the real client, and not trojaned. What the evil
guys at RIAA want is that their music player can prove
it is their real music player, and not hacked by the end
user. Having a system that will only boot up in a known
[The Memory Hole also publishes an interesting list of FOIA logs,
listing who asked NSA for what, across many years. I see a lot of
friends in there. http://www.thememoryhole.org/foi/caselogs/ -- gnu]
HUGE CACHE OF NATIONAL SECURITY AGENCY INDEXES PUBLISHED ONLINE
By Michael Ravnitzky ,
Date: Sun, 6 Aug 2006 23:37:30 -0700 (PDT)
From: [EMAIL PROTECTED]
Subject: SSL Cert Notes
Here is the latest quick update on SSL Certs. It's interesting that
generally prices have risen. Though ev1servers are still the best commercial
deal out there.
The good news is that
While testifying to a joint hearing of the House and Senate
intelligence committees a year after 9/11, Michael Hayden, as NSA
Director, testified about NSA's response to 9/11. In closing, he
38. When I spoke with our workforce shortly after the
Some alternative media groups have called for a national day of protests
against the telcos' latest sleazy activities, including their cooperation
in NSA's illegal surveillance of innocent citizens.
Events are already scheduled in Boston, Chicago, San Francisco, and
I guess perhaps the reason they don't do integrity checking is that it
involves redundant data, so the encrypted volume would be smaller, or
the block offsets don't line up, and perhaps that's trickier to handle
than a 1:1 correspondence.
Exactly, many file systems rely on block devices
I am aware of, Direct Anonymous Attestation proposed for the Trusted
Computing group, http://www.zurich.ibm.com/security/daa/ .
optionally unlinkable credential showing and relies on blacklisting to
counter credential sharing.
Hmm, why doesn't this blacklisting get mentioned in
HDCP is Intel-designed copy prevention that uses strong crypto to
encrypt the digital video signal on the cable between your video card
(or TV or DVD player) and your monitor. There is no need for it --
you are seeing the signal that
From: Simon Josefsson [EMAIL PROTECTED]
To: [EMAIL PROTECTED], firstname.lastname@example.org, email@example.com
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:21:060209:[EMAIL PROTECTED]::zaOuZtWmJFhp9CnX:7K5h
Paragraph 40, below, is about as bald a statement as an NSA director
could make, saying he needs help to decide what he should be allowed
to wiretap about US persons. We, the privacy community, did not
respond. We were a bit surprised, but that was about the extent of
the support we offered.
[See the details at EFF:
including the three court orders, and EFF's argument to the first court.
The real story is that for years prosecutors have been asking
magistrates to issue court orders to track cellphones in real time
...how many people on this list use or have used online banking?
To start the ball rolling, I have not and won't.
Dan, that makes two of us.
The Cryptography Mailing List
Unsubscribe by sending unsubscribe
Interspersed were discussions of various kinds of port blocking. The
Internet is too good for people who'd censor other peoples'
communications, whether by port number (application) or by IP address
(person). It saddens me to see many of my friends among that lot.
Perhaps the idea of automatically redirecting people to alternative
pages goes a bit too far:
1. TrustBar will automatically download from our own server,
periodically, a list of all of the unprotected login sites, including
any alternate protected login pages we are aware of. By default,
Interesting article, but despite the title, there seems to be no
mention of any of the actual security (or privacy) challenges involved
in deploying massive RFID payment systems. E.g. I can extract money
Generally speaking, I think software with a security impact should not
be written in C.
The C language is not the problem. The C library is not the problem.
Both of these things were fixed during ANSI standardization, so that
standard-conforming programs will not fail runtime checks
, kiddies, and
every totalitarian stste tells its citizens how they are the freest
country in the world. Get out and compare for yourself!
Then tell me what the basic tenets of modern society are.
John Gilmore (posting from Greece)
PS: Add in a lapdog press too. Try reading the foreign press
That cuts both ways though. Since so many systems *do* screw with data (in
insignificant ways, e.g. stripping trailing blanks), anyone who does massage
data in such a way that any trivial change will be detected is going to be
inundated with false positives. Just ask any OpenPGP implementor
Lexar Media has come up with a Compact Flash card that won't actually
work until you do a nonstandard, proprietary handshake with it. They
worked with a couple of camera makers (and built their own CF reader
and Windows software) to implement it. Amazingly, it doesn't actually
store the photos
First crypto, now space travel. The lunatics in Washington are
working hard to drive another industry that's critical to US interests
Did they think that after collecting $20M in prepayments from
passengers, Sir Richard Branson would
NETWORK WORLD NEWSLETTER: OPTICAL NETWORKING
Today's focus: Hooked on photonics
By Amy Schurr
CAMBRIDGE, MASS. - Chip Elliott is every hacker's worst
Elliott, principal scientist at BBN Technologies, leads a team
building the world's first continuously operating quantum
be considered Chinese
under these rules. The racist implications seem to be strongly
focused on denying access to high-tech equipment to people of Chinese
and Muslim descent when they're studying or working in the United
Electronic Frontier Foundation
[Here's where an unconstitutional National ID will get created by the
back door. Do we have anybody in this community who cares? I can't
participate, because I can't travel to Washington for meetings,
because I don't have the proper ID documents. I note that they did
not think to include a
For the privilege of being able to communicate securely using SSL and a
popular web browser, you can pay anything from $10 to $1500. Clif
Cox researched cert prices from various vendors:
NIST mulls new WLAN security guidelines
By Ellen Messmer
The National Institute of Standards and Technology, the federal
agency responsible for defining security standards and practices
for the government, plans to issue new guidelines pertaining to
wireless LANs in the near future.
... they can't really test how effective the system is ...
Effective at what? Preventing people from traveling?
The whole exercise ignores the question of whether the Executive Branch
has the power to make a list of citizens (or lawfully admitted non-citizens)
and refuse those people their
MCI Inc. will offer secure two-way messaging through its SkyTel
Communications subsidiary next month, encrypting wireless text
with the Advanced Encryption Algorithm.
Note that they don't say it's end to end encryption:
Messages are encrypted between the device and an encryption server
From EDRI-gram via Wendy Seltzer:
4. Dutch police report: traffic data seldom essential
Telephone traffic data are only necessary to solve crimes in a minority of
- sufficient documentation and really transparent provable details so that
users could trust and verify that the hardware and software were doing what
they claimed to be doing and weren't doing anything evil that they didn't
admit to, such as including backdoors or bad random number
It would be relatively easy to catch someone
doing this - just cross-correlate with other
information (address of home and work) and
then photograph the car at the on-ramp.
Am I missing something?
It seems to me that EZ Pass spoofing should become as popular as
cellphone cloning, until they
[By the way, [EMAIL PROTECTED] is being left out of this conversation,
by his own configuration, because his site censors all emails from me. --gnu]
Well, I am presuming that ... the EZ Pass does have an account
number, right? And then, the car does have a licence place? So,
and service. Their mission appears to be to ram their
secret policy down our throats. Their service is to take our tax
money, use it to label all of us like cattle with ear-tags, and deny
us our constitutional right to travel unless we submit to being
We protest. Do you?
Really, a red page needs to be red all the way through all levels of
virtualization. Very low level, or even hardware, support might even prove
useful - e.g., if for whatever reason the data in the physical page frame
needs to be copied (after a soft ECC error?), zero the previous page
Sarbanes-Oxley Act in the US. Section 1102 of that act:
(1) alters, destroys, mutilates, or conceals a
record, document, or other object, or attempts to
do so, with the intent to impair the object's
integrity or availability for use in an
actually do require it.
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
| means that some entity is supposed to trust the kernel (what else?). If
| two entities, who do not completely trust each other, are supposed to both
| trust such a kernel, something very very fishy is going on.
Why? If I'm going to use a time-shared machine, I have to trust that the
From: [EMAIL PROTECTED]
Sent: Wednesday, December 17, 2003 12:29 PM
To: [EMAIL PROTECTED]
Subject: [NEC] #2.12: The RIAA Succeeds Where the CypherPunks Failed
NEC @ Shirky.com, a mailing list about Networks, Economics, and Culture
Published periodically / #2.12 / December 17, 2003
No, it only makes it illegal to use false or misleading information to
send commercial e-mail. That's a rather important distinction.
So, I get non-commercial emails all the time, from topica mailing
lists and from people forwarding New York Times articles and such.
They come with embedded
This bill makes it a crime to use any false or misleading information
in a domain name or email account application, and then send an email.
That would make a large fraction of hotmail users instant criminals.
It also makes it a crime to remove or alter information in message
headers in ways that
I usually travel with zipper closed duffel bags. I fasten the zipper
closed with a screw link. Anyone can unscrew the link and get into the
bag, but it does effectively keep the zipper closed in transit.
That's a good idea for cheaply monkey-wrenching the whole illegal
search apparatus. For
... it does look very much from the outside that there is an
informal Cryptographers Guild in place...
The Guild, such as it is, is a meritocracy; many previously unknown
people have joined it since I started watching it in about 1990.
The way to tell who's in the Guild is that they can break
DirecTV Hacker Is First Person Convicted Under Digital Millennium Copyright Act
Man Faces 30 Years In Prison, Millions In Fines For Selling Illegal Hardware
UPDATED: 1:51 p.m. PDT September 22, 2003
Spertus said Whitehead -- also known as
The CAPPS-2 Privacy Act notice says:
System manager(s) and address:
Director, CAPPS II, TSA, P.O. Box 597, Annapolis Junction, MD 20701-0597.
Annapolis Junction PO boxes have a long history of being NSA addresses.
Is this one? That would be very interesting.
And this says nothing at all about the need for tactical
military wiretaps on GSM systems under battlefield conditions when
soldiers lives may depend on determining what the enemy is saying over
cellphones used to direct attacks against friendly forces.
Or when innocent civilians need
See their paper at CRYPTO 2003 for more details. I am disappointed that
you seem to be criticizing their work before even reading their paper.
I encourage you to read the paper -- it really is interesting.
OK, then, where is it? I looked on:
www.iacr.org under Crypto 2003 -- no papers
Mail list logo