Re: combining entropy

2008-10-28 Thread Leichter, Jerry
On Sat, 25 Oct 2008, John Denker wrote: | On 10/25/2008 04:40 AM, IanG gave us some additional information. | | Even so, it appears there is still some uncertainty as to | interpretation, i.e. some uncertainty as to the requirements | and objectives. | | I hereby propose a new scenario. It is

Re: combining entropy

2008-10-28 Thread Leichter, Jerry
On Tue, 28 Oct 2008, John Denker wrote: | Date: Tue, 28 Oct 2008 12:09:04 -0700 | From: John Denker [EMAIL PROTECTED] | To: Leichter, Jerry [EMAIL PROTECTED], | Cryptography cryptography@metzdowd.com | Cc: IanG [EMAIL PROTECTED] | Subject: Re: combining entropy | | On 10/28/2008 09:43 AM

Re: once more, with feeling.

2008-09-22 Thread Leichter, Jerry
On Sun, 21 Sep 2008, Eric Rescorla wrote: | - Use TLS-PSK, which performs mutual auth of client and server | without ever communicating the password | Once upon a time, this would have been possible, I think. Today, | though, the problem is the user entering their key in a box that is |

Re: Cookie Monster

2008-09-19 Thread Leichter, Jerry
On Fri, 19 Sep 2008, Barney Wolff wrote: | Date: Fri, 19 Sep 2008 01:54:42 -0400 | From: Barney Wolff [EMAIL PROTECTED] | To: EMC IMAP [EMAIL PROTECTED] | Cc: Cryptography cryptography@metzdowd.com | Subject: Re: Cookie Monster | | On Wed, Sep 17, 2008 at 06:39:54PM -0400, EMC IMAP wrote: | Yet

Re: street prices for digital goods?

2008-09-11 Thread Leichter, Jerry
On Thu, 11 Sep 2008, Peter Gutmann wrote: | ...I've been (very informally) tracking it for awhile, and for generic | data (non-Platinum credit cards, PPal accounts, and so on) it's | essentially too cheap to meter, you often have to buy the stuff | in blocks (10, 20, 50 at a time) to make it worth

Re: security questions

2008-08-08 Thread Leichter, Jerry
| | My theory is that no actual security people have ever been involved, | | that it's just another one of those stupid design practices that are | | perpetuated because nobody has ever complained or that's what | | everybody is doing. | | Your theory is incorrect. There is considerable

RE: OpenID/Debian PRNG/DNS Cache poisoning advisory

2008-08-08 Thread Leichter, Jerry
On Fri, 8 Aug 2008, Dave Korn wrote: | Isn't this a good argument for blacklisting the keys on the client | side? | | Isn't that exactly what Browsers must check CRLs means in this | context anyway? What alternative client-side blacklisting mechanism | do you suggest? Since the list of bad

Re: OpenID/Debian PRNG/DNS Cache poisoning advisory

2008-08-08 Thread Leichter, Jerry
| Funnily enough I was just working on this -- and found that we'd | end up adding a couple megabytes to every browser. #DEFINE | NONSTARTER. I am curious about the feasibility of a large bloom | filter that fails back to online checking though. This has side | effects but perhaps

Re: OpenID/Debian PRNG/DNS Cache poisoning advisory

2008-08-08 Thread Leichter, Jerry
| You can get by with a lot less than 64 bits. People see problems | like this and immediately think birthday paradox, but there is no | birthday paradox here: You aren't look for pairs in an | ever-growing set, you're looking for matches against a fixed set. | If you use 30-bit hashes -

Re: security questions

2008-08-07 Thread Leichter, Jerry
On Thu, 7 Aug 2008, John Ioannidis wrote: | Does anyone know how this security questions disease started, and | why it is spreading the way it is? If your company does this, can you | find the people responsible and ask them what they were thinking? | | My theory is that no actual security

Re: security questions

2008-08-06 Thread Leichter, Jerry
On Wed, 6 Aug 2008, Peter Saint-Andre wrote: | Wells Fargo is requiring their online banking customers to provide | answers to security questions such as these: | | *** | | What is name of the hospital in which your first child was born? | What is your mother's birthday? (MMDD) | What is the

Re: how bad is IPETEE?

2008-07-15 Thread Leichter, Jerry
For an interesting discussion of IPETEE, see: www.educatedguesswork.org/moveabletype/archives/2008/07/ipetee.html Brief summary: This is an initial discussion - the results of a drinking session - that got leaked as an actual proposal. The guys behind it are involved with The Pirate Bay. The

Re: disks with hardware FDE

2008-07-09 Thread Leichter, Jerry
On Tue, 8 Jul 2008, Perry E. Metzger wrote: | Has anyone had any real-world experience with these yet? Are there | standards for how they get the keys from the BIOS or OS? (I'm | interested in how they deal with zeroization on sleep and such.) | | Most manufacturer (will) implement the TCG

Re: Permanent Privacy - Are Snake Oil Patents a threat?

2008-07-09 Thread Leichter, Jerry
| ...Obviously patents could be improved by searching further across | disciplines for prior art and by having more USPTO expertise. We're | also seeing a dumbing down of the 'Persons Having Ordinary Skill In | the Art' as the number of practitioners expand rapidly. Patent law and its

Securing the Network against Web-based Proxies

2008-07-09 Thread Leichter, Jerry
Ah, where the web is going. 8e6 Technologies sells a hardware box that it claims does signature analysis to detect HTTP proxies and blocks them. It can also block HTTPS proxies that do not have a valid certificate (whatever that means), as well as do such things as block IM, force Google and

Re: Strength in Complexity?

2008-07-02 Thread Leichter, Jerry
On Wed, 2 Jul 2008, Peter Gutmann wrote: | Date: Wed, 02 Jul 2008 12:08:18 +1200 | From: Peter Gutmann [EMAIL PROTECTED] | To: [EMAIL PROTECTED], [EMAIL PROTECTED] | Cc: cryptography@metzdowd.com, [EMAIL PROTECTED] | Subject: Re: Strength in Complexity? | | Perry E. Metzger [EMAIL PROTECTED]

Re: Ransomware

2008-06-11 Thread Leichter, Jerry
| The key size would imply PKI; that being true, then the ransom may | be for a session key (specific per machine) rather than the master | key it is unwrapped with. | | Per the computerworld.com article: | |Kaspersky has the public key in hand ? it is included in the |Trojan's code ?

RE: Ransomware

2008-06-11 Thread Leichter, Jerry
| Why are we wasting time even considering trying to break the public key? | | If this thing generates only a single session key (rather, a host key) | per machine, then why is it not trivial to break? The actual encryption | algorithm used is RC4, so if they're using a constant key without

Re: A slight defect in the truncated HMAC code...

2008-06-10 Thread Leichter, Jerry
| SNMPv3 Authentication Bypass Vulnerability | |Original release date: June 10, 2008 |Last revised: -- |Source: US-CERT | | Systems Affected | | * Multiple Implementations of SNMPv3 | | Overview | | A vulnerability in the way implementations of SNMPv3 handle specially |

Ransomware

2008-06-09 Thread Leichter, Jerry
Computerworld reports: http://www.computerworld.com/action/article.do?command=viewArticleBasicarticleId=9094818 on a call from Kaspersky Labs for help breaking encryption used by some ransomeware: Code that infects a system, uses a public key embedded in the code to encrypt your files, then

Re: Ransomware

2008-06-09 Thread Leichter, Jerry
On Mon, 9 Jun 2008, John Ioannidis wrote: | Date: Mon, 09 Jun 2008 15:08:03 -0400 | From: John Ioannidis [EMAIL PROTECTED] | To: Leichter, Jerry [EMAIL PROTECTED] | Cc: cryptography@metzdowd.com | Subject: Re: Ransomware | | Leichter, Jerry wrote: | Computerworld reports: | | http

Re: the joy of enhanced certs

2008-06-05 Thread Leichter, Jerry
On Wed, 4 Jun 2008, Perry E. Metzger wrote: | As some of you know, one can now buy Enhanced Security certificates, | and Firefox and other browsers will show the URL box at the top with a | special distinctive color when such a cert is in use. | | Many of us have long contended that such things

Re: Protection mail at rest

2008-06-02 Thread Leichter, Jerry
| There's an option 2b that might be even more practical: an S/MIME or | PGP/MIME forwarder. That is, have a trusted party receive your mail, | but rather than forwarding it intact encrypt it and then forward it to | your favorite IMAP provider. Excellent idea! I like it. Of course, it's

Protection mail at rest

2008-05-31 Thread Leichter, Jerry
At one time, mail delivery was done to the end-user's system, and all mail was stored there. These days, most people find it convenient to leave their mail on a IMAP server: It can be accessed from anywhere, it can be on a system kept under controlled conditions (unlike a laptop), and so on.

FBI Worried as DoD Sol Counterfeit Networking Gear

2008-05-11 Thread Leichter, Jerry
Note the reference to recent results on spiking hardware. (From some IDG journal - I forget which.) -- Jerry -- Forwarded message -- FBI Worried as DoD Sold Counterfeit Networking Gear Stephen Lawson and Robert McMillan,

Re: How far is the NSA ahead of the public crypto community?

2008-05-09 Thread Leichter, Jerry
An interesting datapoint I've always had on this question: Back in 1975 or so, a mathematician I knew (actually, he was a friend's PhD advisor) left academia to go work for the NSA. Obviously, he couldn't say anything at all about what he would be doing. The guy's specialty was algebraic

Re: It seems being in an explosion isn't enough...

2008-05-09 Thread Leichter, Jerry
On Thu, 8 May 2008, Perry E. Metzger wrote: | Quoting: | |It was one of the most iconic and heart-stopping movie images of |2003: the Columbia Space Shuttle ignited, burning and crashing to |earth in fragments. | |Now, amazingly, data from a hard drive recovered from the

Re: It seems being in an explosion isn't enough...

2008-05-09 Thread Leichter, Jerry
On Fri, 9 May 2008, Ali, Saqib wrote: | Edwards said the Seagate hard drive -- which was | about eight years old in 2003 -- featured much | greater fault tolerance and durability than current | hard drives of similar capacity. | | I am not so sure about this

Re: SSL and Malicious Hardware/Software

2008-04-29 Thread Leichter, Jerry
On Mon, 28 Apr 2008, Ryan Phillips wrote: | Matt's blog post [1] gets to the heart of the matter of what we can | trust. | | I may have missed the discussion, but I ran across Netronome's 'SSL | Inspector' appliance [2] today and with the recent discussion on this | list regarding malicious

Re: Designing and implementing malicious hardware

2008-04-28 Thread Leichter, Jerry
On Sat, 26 Apr 2008, Karsten Nohl wrote: | Assuming that hardware backdoors can be build, the interesting | question becomes how to defeat against them. Even after a particular | triggering string is identified, it is not clear whether software can | be used to detect malicious programs. It almost

Re: Designing and implementing malicious hardware

2008-04-28 Thread Leichter, Jerry
On Mon, 28 Apr 2008, Ed Gerck wrote: | Leichter, Jerry wrote: | I suspect the only heavy-weight defense is the same one we use against | the Trusting Trust hook-in-the-compiler attack: Cross-compile on | as many compilers from as many sources as you can, on the assumption | that not all

Re: Designing and implementing malicious hardware

2008-04-26 Thread Leichter, Jerry
On Thu, 24 Apr 2008, Jacob Appelbaum wrote: | Perry E. Metzger wrote: | A pretty scary paper from the Usenix LEET conference: | | http://www.usenix.org/event/leet08/tech/full_papers/king/king_html/ | | The paper describes how, by adding a very small number of gates to a | microprocessor

Re: Declassified NSA publications

2008-04-24 Thread Leichter, Jerry
| Date: Thu, 24 Apr 2008 16:22:34 + | From: Steven M. Bellovin [EMAIL PROTECTED] | To: cryptography@metzdowd.com | Subject: Declassified NSA publications | | http://www.nsa.gov/public/crypt_spectrum.cfm Interesting stuff. There's actually more there in some parallel directories - there's an

Re: no possible brute force Was: Cruising the stacks and finding stuff

2008-04-23 Thread Leichter, Jerry
On Wed, 23 Apr 2008, Alexander Klimov wrote: | Date: Wed, 23 Apr 2008 12:53:56 +0300 (IDT) | From: Alexander Klimov [EMAIL PROTECTED] | To: Cryptography cryptography@metzdowd.com | Subject: no possible brute force Was: Cruising the stacks and finding stuff | | On Tue, 22 Apr 2008, Leichter

Re: Cruising the stacks and finding stuff

2008-04-22 Thread Leichter, Jerry
| ...How bad is brute force here for AES? Say you have a chip that can do | ten billion test keys a second -- far beyond what we can do now. Say | you have a machine with 10,000 of them in it. That's 10^17 years worth | of machine time, or about 7 million times the lifetime of the universe | so

2factor

2008-04-16 Thread Leichter, Jerry
Anyone know anything about a company called 2factor (2factor.com)? They're pushing a system based on symmetric cryptography with, it appears, some kind of trusted authority. Factor of 100 faster than SSL. More secure, because it authenticates every message. No real technical data I can find on

Re: [p2p-hackers] convergent encryption reconsidered

2008-03-30 Thread Leichter, Jerry
| They extended the confirmation-of-a-file attack into the | learn-partial-information attack. In this new attack, the | attacker learns some information from the file. This is done by | trying possible values for unknown parts of a file and then | checking whether the result

Re: convergent encryption reconsidered

2008-03-21 Thread Leichter, Jerry
|...Convergent encryption renders user files vulnerable to a |confirmation-of-a-file attack. We already knew that. It also |renders user files vulnerable to a learn-partial-information |attack in subtle ways. We didn't think of this until now. My |search of the literature

Re: Firewire threat to FDE

2008-03-19 Thread Leichter, Jerry
| As if the latest research (which showed that RAM contents can be | recovered after power-down) was not enough, it seems as Firewire ports | can form yet an easier attack vector into FDE-locked laptops. | | Windows hacked in seconds via Firewire |

Re: delegating SSL certificates

2008-03-17 Thread Leichter, Jerry
| So at the company I work for, most of the internal systems have | expired SSL certs, or self-signed certs. Obviously this is bad. | | You only think this is bad because you believe CAs add some value. | | Presumably the value they add is that they keep browsers from popping | up scary

Re: RNG for Padding

2008-03-15 Thread Leichter, Jerry
| Hi, | | This may be out of the remit of the list, if so a pointer to a more | appropriate forum would be welcome. | | In Applied Crypto, the use of padding for CBC encryption is suggested | to be met by ending the data block with a 1 and then all 0s to the end | of the block size. | | Is this

Re: cold boot attacks on disk encryption

2008-02-22 Thread Leichter, Jerry
| ...I imagine this will eventually have a big impact on the way organizations | respond to stolen mobile device incidents. With the current technology, if a | laptop or mobile device is on when it's stolen, companies will need to assume | that the data is gone, regardless of whether or not

Re: cold boot attacks on disk encryption

2008-02-22 Thread Leichter, Jerry
| Their key recovery technique gets a lot of mileage from using the | computed key schedule for each round of AES or DES to provide | redundant copies of the bits of the key. If the computer cleared | the key schedule storage, while keeping the key itself when the | system is in sleep mode, or

RE: Toshiba shows 2Mbps hardware RNG

2008-02-14 Thread Leichter, Jerry
|SAN FRANCISCO -- Toshiba Corp. has claimed a major breakthrough in |the field of security technology: It has devised the world's |highest-performance physical random-number generator (RNG) |circuit. | |The device generates random numbers at a data rate of 2.0 megabits |a

Dilbert on security

2008-02-13 Thread Leichter, Jerry
Today's Dilbert - http://www.unitedmedia.com/comics/dilbert/archive/images/dilbert23667240080211.gif is right on point -- Jerry - The Cryptography Mailing List

Re: Fixing SSL (was Re: Dutch Transport Card Broken)

2008-02-10 Thread Leichter, Jerry
| By the way, it seems like one thing that might help with client certs | is if they were treated a bit like cookies. Today, a website can set | a cookie in your browser, and that cookie will be returned every time | you later visit that website. This all happens automatically. Imagine | if a

Re: Gutmann Soundwave Therapy

2008-02-09 Thread Leichter, Jerry
| - Truncate the MAC to, say, 4 bytes. Yes, a simple brute | force attack lets one forge so short a MAC - but | is such an attack practically mountable in real | time by attackers who concern you? | | In fact, 32-bit authentication tags are a feature

Re: Gutmann Soundwave Therapy

2008-02-09 Thread Leichter, Jerry
| So, this issue has been addressed in the broadcast signature context | where you do a two-stage hash-and-sign reduction (cf. [PG01]), but | when this only really works because hashes are a lot more efficient | than signatures. I don't see why it helps with MACs. Thanks for the reference. |

Re: Gutmann Soundwave Therapy

2008-02-09 Thread Leichter, Jerry
| All of this ignores a significant issue: Are keying and encryption | (and authentication) mechanisms really independent of each other? I'm | not aware of much work in this direction. | | Is there much work to be done here? If you view the keyex mechanism | as a producer of an authenticated

Re: Gutmann Soundwave Therapy

2008-02-06 Thread Leichter, Jerry
Commenting on just one portion: | 2. VoIP over DTLS | As Perry indicated in another message, you can certainly run VoIP | over DTLS, which removes the buffering and retransmit issues | James is alluding to. Similarly, you could run VoIP over IPsec | (AH/ESP). However, for performance reasons,

VaultID

2008-01-24 Thread Leichter, Jerry
Anyone know anything about these guys? (www.vaultid.com). They are trying to implement one-time credit card numbers on devices you take with you - initially cell phones and PDA's, eventually in a credit card form factor. The general idea seems good, but their heavy reliance on fingerprint

Re: patent of the day

2008-01-23 Thread Leichter, Jerry
| http://www.google.com/patents?vid=USPAT6993661 | | Gee, the inventor is Simson Garfinkel, who's written a bunch of books | including Database Nation, published in 2000 by O'Reilly, about all | the way the public and private actors are spying on us. | | I wonder whether this was research to see

Re: DRM for batteries

2008-01-04 Thread Leichter, Jerry
| Date: Fri, 04 Jan 2008 16:38:07 +1300 | From: Peter Gutmann [EMAIL PROTECTED] | To: cryptography@metzdowd.com | Subject: DRM for batteries | | http://www.intersil.com/cda/deviceinfo/0,1477,ISL6296,0.html | | At $1.40 each (at least in sub-1K quantities) you wonder whether it's | costing them

Re: Death of antivirus software imminent

2008-01-02 Thread Leichter, Jerry
Virtualization has become the magic pixie dust of the decade. When IBM originally developed VMM technology, security was not a primary goal. People expected the OS to provide security, and at the time it was believed that OS's would be able to solve the security problems. As far as I know, the

RE: Death of antivirus software imminent

2008-01-02 Thread Leichter, Jerry
| One virtualization approach that I have not see mentioned on this | thread is to run the virtual machine on a more secure OS than is used | by the applications of interest. | | For example, one could run VMware on SELinux and use VMware to host | Windows/Vista. Thus, even if a virus subverts

Re: crypto class design

2007-12-19 Thread Leichter, Jerry
| So... supposing I was going to design a crypto library for use within | a financial organization, which mostly deals with credit card numbers | and bank accounts, and wanted to create an API for use by developers, | does anyone have any advice on it? | | It doesn't have to be terribly complete,

RE: More on in-memory zeroisation

2007-12-14 Thread Leichter, Jerry
| I've been through the code. As far as I can see, there's nothing in | expand_builtin_memset_args that treats any value differently, so there | can't be anything special about memset(x, 0, y). Also as far as I can | tell, gcc doesn't optimise out calls to memset, not even thoroughly | dead

Re: PlayStation 3 predicts next US president

2007-12-13 Thread Leichter, Jerry
| The whole point of a notary is to bind a document to a person. That | the person submitted two or more different documents at different | times is readily observable. After all, the notary has the | document(s)! | | No, the notary does not have the documents *after* they are notarized, |

Re: Flaws in OpenSSL FIPS Object Module

2007-12-13 Thread Leichter, Jerry
| It is, of course, the height of irony that the bug was introduced in | the very process, and for the very purpose, of attaining FIPS | compliance! | | But also to be expected, because the feature in question is | unnatural: the software needs a testable PRNG to pass the compliance | tests,

RE: More on in-memory zeroisation

2007-12-13 Thread Leichter, Jerry
| Then the compiler can look at the implementation and prove that a | memset() to a dead variable can be elided | | One alternative is to create zero-ing functions that wrap memset() | calls with extra instructions that examine some of the memory, log a | message and exit the application if

Re: More on in-memory zeroisation

2007-12-13 Thread Leichter, Jerry
| However, that doesn't say anything about whether f is actually | invoked at run time. That comes under the acts as if rule: If | the compiler can prove that the state of the C (notional) virtual | machine is the same whether f is actually invoked or not, it can | elide the call. Nothing

Re: More on in-memory zeroisation

2007-12-13 Thread Leichter, Jerry
| If the function is defined as I suggested - as a static or inline - | you can, indeed, takes its address. (In the case of an inline, this | forces the compiler to materialize a copy somewhere that it might | not otherwise have produced, but not to actually *use* that copy, | except when

Re: More on in-memory zeroisation

2007-12-13 Thread Leichter, Jerry
On Wed, 12 Dec 2007, Thierry Moreau wrote: | Date: Wed, 12 Dec 2007 16:24:43 -0500 | From: Thierry Moreau [EMAIL PROTECTED] | To: Leichter, Jerry [EMAIL PROTECTED] | Cc: Peter Gutmann [EMAIL PROTECTED], cryptography@metzdowd.com | Subject: Re: More on in-memory zeroisation

Re: Intercepting Microsoft wireless keyboard communications

2007-12-11 Thread Leichter, Jerry
| Exactly what makes this problem so difficult eludes me, although one | suspects that the savage profit margins on consumables like | keyboards and mice might have something to do with it. | | It's moderately complex if you're trying to conserve bandwidth (which | translates to power) and

Re: More on in-memory zeroisation

2007-12-11 Thread Leichter, Jerry
| There was a discussion on this list a year or two back about | problems in using memset() to zeroise in-memory data, specifically | the fact that optimising compilers would remove a memset() on | (apparently) dead data in the belief that it wasn't serving any | purpose. | | Then,

Re: Flaws in OpenSSL FIPS Object Module

2007-12-11 Thread Leichter, Jerry
| What does it say about the integrity of the FIPS program, and its CMTL | evaluation process, when it is left to competitors to point out | non-compliance of evaluated products -- proprietary or open source -- | to basic architectural requirements of the standard? I was going to ask the same

State of the art in hardware reverse-engineering

2007-11-21 Thread Leichter, Jerry
Flylogic Engineering does some very interesting tampering with tamper- resistant parts. Most of those secure USB sticks you see around won't last more than a couple of minutes with these guys. See http://www.flylogic.net/blog -- Jerry

Government Smart Card Initiative

2007-11-15 Thread Leichter, Jerry
Little progress on government-wide smart card initiative, and little surprise November 14, 2007 (Computerworld) More than three years after a presidential directive requiring federal government agencies to issue new smart-card identity credentials to all employees and contractors, progress on

People side-effects of increased security for on-line banking

2007-11-13 Thread Leichter, Jerry
Sometimes the side-effects are as significant as the direct effects -- Jerry Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/7091206.stm Fears over online banking checks By Mark Ward Technology Correspondent,

Re: Intelligent Redaction

2007-10-22 Thread Leichter, Jerry
| Xerox Unveils Technology That Blocks Access to Sensitive Data in | Documents to Prevent Security Leaks | http://www.parc.com/about/pressroom/news/2007-10-15-redaction.html | | The Innovation: The technology includes a detection software tool that | uses content analysis and an intelligent user

Re: Quantum Crytography to be used for Swiss elections

2007-10-18 Thread Leichter, Jerry
| Date: Sat, 13 Oct 2007 03:20:48 -0400 | From: Victor Duchovni [EMAIL PROTECTED] | To: cryptography@metzdowd.com | Subject: Re: Quantum Crytography to be used for Swiss elections | | On Fri, Oct 12, 2007 at 11:04:15AM -0400, Leichter, Jerry wrote: | | No comment from me on the appropriateness

Re: Password hashing

2007-10-18 Thread Leichter, Jerry
| ... What's wrong with starting | with input SALT || PASSWORD and iterating N times, | | Shouldn't it be USERID || SALT || PASSWORD to guarantee that if | two users choose the same password they get different hashes? | It looks to me like this wold make dictionary attacks harder too. As

Quantum Crytography to be used for Swiss elections

2007-10-12 Thread Leichter, Jerry
No comment from me on the appropriateness. From Computerworld. -- Jerry Quantum cryptography to secure ballots in Swiss election Ellen Messmer October 11, 2007 (Network World) Swiss officials are using quantum cryptography technology

Re: Full Disk Encryption solutions selected for US Government use

2007-10-10 Thread Leichter, Jerry
| A slightly off-topic question: if we accept that current processes | (FIPS-140, CC, etc) are inadequate indicators of quality for OSS | products, is there something that can be done about it? Is there a | reasonable criteria / process that can be built that is more suitable? Well, if you

RE: Trillian Secure IM

2007-10-08 Thread Leichter, Jerry
| But, opportunistic cryptography is even more fun. It is | very encouraging to see projects implement cryptography in | limited forms. A system that uses a primitive form of | encryption is many orders of magnitude more secure than a | system that implements none. | | Primitive form -

Retailers try to push data responsibilities back to banks

2007-10-05 Thread Leichter, Jerry
Retail group takes a swipe at PCI, puts card companies 'on notice' Jaikumar Vijayan October 04, 2007 (Computerworld) Simmering discontent within the retail industry over the payment card industry (PCI) data security standards erupted into the open this week with the National Retail Federation

Re: Linus: Security is people wanking around with their opinions

2007-10-03 Thread Leichter, Jerry
| I often say, Rub a pair of cryptographers together, and you'll | get three opinions. Ask three, you'll get six opinions. :-) | | However, he's talking about security, which often isn't quantifiable! From what I see in the arguments, it's more complicated than that. On one side, we have

Goodby analogue hole, hello digital hole

2007-09-24 Thread Leichter, Jerry
The movie studios live in fear of people stealing their product as it all goes digital. There's, of course, always the analogue hole, the point where the data goes to the display. The industry defined an all-digital, all-licensed-hardware path through HDMI which blocks this path. As we know,

Re: OK, shall we savage another security solution?

2007-09-20 Thread Leichter, Jerry
| If you think about this in general terms, we're at the point where we | can avoid having to trust the CPU, memory, disks, programs, OS, etc., | in the borrowed box, except to the degree that they give us access to | the screen and keyboard. (The problem of securing connections that | go

Re: OK, shall we savage another security solution?

2007-09-19 Thread Leichter, Jerry
| Anyone know anything about the Yoggie Pico (www.yoggie.com)? It | claims to do much more than the Ironkey, though the language is a bit | less marketing-speak. On the other hand, once I got through the | marketing stuff to the technical discussions at Ironkey, I ended up | with much more in

OK, shall we savage another security solution?

2007-09-18 Thread Leichter, Jerry
Anyone know anything about the Yoggie Pico (www.yoggie.com)? It claims to do much more than the Ironkey, though the language is a bit less marketing-speak. On the other hand, once I got through the marketing stuff to the technical discussions at Ironkey, I ended up with much more in the way of

Re: Another Snake Oil Candidate

2007-09-11 Thread Leichter, Jerry
| The world's most secure USB Flash Drive: https://www.ironkey.com/demo. What makes you call it snake oil? At least the URL you point to says very reasonable things: It uses AES, not some home-brew encryption; the keys are stored internally; the case is physically protected, and has some kind of

Re: How the Greek cellphone network was tapped.

2007-07-19 Thread Leichter, Jerry
| Between encrypted VOIP over WIFI and eventually over broadband cell - | keeping people from running voice over their broadband connections is | a battle the telco's can't win in the long run - and just plain | encrypted cell phone calls, I think in a couple of years anyone who | wants secure

Re: How the Greek cellphone network was tapped.

2007-07-16 Thread Leichter, Jerry
| Crypto has been an IP minefield for some years. With the expiry of | certain patents, and the availability of other unencumbered crypto | primitives (eg. AES), we may see this change. But John's other | points are well made, and still valid. Downloadable MP3 ring tones | are a selling

Historical one-way hash functions

2007-07-16 Thread Leichter, Jerry
So, you want to be able to prove in the future that you have some piece of information today - without revealing that piece of information. We all know how to do that: Widely publish today the one-way hash of the information. Well ... it turns out this idea is old. Very old. In the 17th

What Banks Tell Online Customers About Their Security

2007-07-06 Thread Leichter, Jerry
From CIO magazine. For the record, I, like the author, am a Bank of America customer, but unlike her I've started using their on-line services. What got me to do it was descriptions of the increasing vulnerability of traditional paper-based mechanisms: If I pay a credit card by mail, I leave

Re: The bank fraud blame game

2007-07-02 Thread Leichter, Jerry
| | Given that all you need for this is a glorified pocket | | calculator, you could (in large enough quantities) probably get | | it made for $10, provided you shot anyone who tried to | | introduce product-deployment DoS mechanisms like smart cards and | | EMV into the picture. Now

TPM, part 2

2007-06-27 Thread Leichter, Jerry
All your data belong to us. From Computerworld. -- Jerry Trusted Computing Group turns attention to storage Chris Mellor June 24, 2007 (TechWorld.com) The Trusted Computing Group has announced a draft specification aimed at helping

The bank fraud blame game

2007-06-27 Thread Leichter, Jerry
As always, banks look for ways to shift the risk of fraud to someone - anyone - else. The New Zealand banks have come up with some interesting wrinkles oh this process. From Computerworld. -- Jerry NZ banks demand a peek at customer PCs

Re: anti-RF window film

2007-06-27 Thread Leichter, Jerry
| http://www.sciam.com/article.cfm?articleid=6670BF9B-E7F2-99DF-3EAC1C6DC382972F | | A company is selling a window film that blocks most RF signals. The | obvious application is TEMPEST-shielding. I'm skeptical that it will | be very popular -- most sites won't want to give up Blackberry and |

Re: The bank fraud blame game

2007-06-27 Thread Leichter, Jerry
| Leichter, Jerry writes: | -+--- | | As always, banks look for ways to shift the risk of | | fraud to someone - anyone - else. The New Zealand | | banks have come up with some interesting wrinkles on | | this process. | | | | This is *not* a power play by banks

RE: Free Rootkit with Every New Intel Machine

2007-06-25 Thread Leichter, Jerry
| ...Apple is one vendor who I gather does include a TPM chip on their | systems, I gather, but that wasn't useful for me. Apple included TPM chips on their first round of Intel-based Macs. Back in 2005, there were all sorts of stories floating around the net about how Apple would use TPM to

Re: Quantum Cryptography

2007-06-22 Thread Leichter, Jerry
| - Quantum Cryptography is fiction (strictly claims that it solves |an applied problem are fiction, indisputably interesting Physics). | | Well that is a broad (and maybe unfair) statement. | | Quantum Key Distribution (QKD) solves an applied problem of secure key |

Re: Why self describing data formats:

2007-06-21 Thread Leichter, Jerry
| Many protocols use some form of self describing data format, for | example ASN.1, XML, S expressions, and bencoding. | | Why? | | Presumably both ends of the conversation have negotiated what protocol | version they are using (and if they have not, you have big problems) | and when they

Inadvertent Disclosure

2007-06-21 Thread Leichter, Jerry
Interesting-looking article on how users of P2P networks end up sharing much more than they expected: http://weis2007.econinfosec.org/papers/43.pdf -- Jerry - The

Re: Inadvertent Disclosure

2007-06-21 Thread Leichter, Jerry
| Interesting-looking article on how users of P2P networks end up sharing | much more than they expected: http://weis2007.econinfosec.org/papers/43.pdf Earlier analysis by the USPTO: http://www.uspto.gov/web/offices/dcom/olia/copyright/oir_report_on_inadvertent_sharing_v1012.pdf

Re: More info in my AES128-CBC question

2007-05-14 Thread Leichter, Jerry
| Just being able to generate traffic over the link isn't enough to | carry out this attack. | | Well, it depends on if you key per-flow or just once for the link. If | the latter, and you have the ability to create traffic over the link, | and there's a 1-for-1 correspondence between

Re: More info in my AES128-CBC question

2007-05-12 Thread Leichter, Jerry
| | Frankly, for SSH this isn't a very plausible attack, since | | it's not clear how you could force chosen plaintext into an | | SSH session between messages. A later paper suggested that | | SSL is more vulnerable: A browser plugin can insert data into | | an SSL protected

Re: More info in my AES128-CBC question

2007-05-09 Thread Leichter, Jerry
| Frankly, for SSH this isn't a very plausible attack, since it's not | clear how you could force chosen plaintext into an SSH session between | messages. A later paper suggested that SSL is more vulnerable: | A browser plugin can insert data into an SSL protected session, so | might be

Re: More info in my AES128-CBC question

2007-05-09 Thread Leichter, Jerry
| Frankly, for SSH this isn't a very plausible attack, since it's not | clear how you could force chosen plaintext into an SSH session between | messages. A later paper suggested that SSL is more vulnerable: | A browser plugin can insert data into an SSL protected session, so | might be able

  1   2   >