Re: [Cryptography] An NSA mathematician shares his from-the-trenches view of the agency's surveillance activities

2013-09-18 Thread Pat Farrell
On 9/18/13 10:44 AM, Phillip Hallam-Baker wrote:
The enterprise bridge control center certainly does not seem to be Hayden's 
style either. Hayden is not the type to build a showboat like that.
Moving abit OT:

On the PBS Newshour coverage of this story, the showed the website of DBI 
Architects who designed the facility and it listed the other design firms. One 
of them was KTA Group my brother John was the signing engineer at KTA at that 
time. He says the design and construction was done at least ten years ago. It 
was not a secret facility, but access was restricted. Even though he signed and 
stamped all the design drawings for the HVAC, plumbing and electrical work, he 
was never allowed on site. So if you could find the design drawings for that 
facility (which is about 5 stories and all underground at Ft Belvoir (just 
across the river from Washington DC0)) you would see John Farrell's signature 
and stamp.

The usual point of a showboat facility like that is to impress the 
Congressmen who visit so the budget can get bigger.

___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography


Re: A mighty fortress is our PKI, Part II

2010-07-29 Thread Pat Farrell
On 07/28/2010 08:44 PM, Steven Bellovin wrote:
 When I look at this, though, little of the problem is inherent to
 PKI.  Rather, there are faulty communications paths.
 
 You note that at t+2-3 days, the CA read the news.  Apart from the
 question of whether or not 2-3 days is shortly after -- the time
 you suggest the next step takes place -- how should the CA or Realtek
 know about the problem? 
 [snip]
 The point about the communications delay is that it's inherent to
 anything involving the source company canceling anything -- whether
 it's a PKI cert, a pki cert, a self-validating URL, a KDC, or magic
 fairies who warn sysadmins not to trust certain software.

While I'm quoting Steve, his comment really drives me to a bigger break.

I'd like to build on this and make a more fundamental change. The
concept of a revocation cert/message was based on the standard practices
for things like stolen credit cards in the early 1990s. At the time, the
credit card companies published telephone book sized listings of stolen
and canceled credit cards. Merchant's had the choice of looking up each
card, or accepting a potential for loss.

A lot of the smart card development in the mid-90s and beyond was based
on the idea that the smart card, in itself, was the sole authorization
token/algorithm/implementation.

How about we posit that there is networking everywhere? People carry
cell phones that are serious computers and are connected to serious
networks.

When was the last time you used a paper Yellow Pages?

How about thinking of a solution that addresses 98% of all transactions
for 98% of all people in the places where 98% of business is done. At
some point, the perfect is the enemy of the good. If you have a selling
hut in the middle of nowhere, well, you probably don't have a lot of
computer power either. So calculating to do an RSA signature is out of
the question anyway.

A risk based approach would have an algorithm that looks at the value of
the transaction. Buying a meal at a fast food place is not worth a lot
of effort, so the definition of shortly after can be a second or so.
Buying new 3D TV can have a longer time, with the time allowance, and
expected/acceptable response time, perhaps time for automated actuarial
analysis. When you are signing a contract to buy a house, you can take a
day to verify that everything is proper.

We have fast computers and ubiquitous networking. Why are we still
thinking about systems based on 3 inch think paper books?

We seem to be solving a problem that no longer exists when you look at
it from first principals.

Pat

-- 
Pat Farrell
http://www.pfarrell.com

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: A mighty fortress is our PKI

2010-07-27 Thread Pat Farrell
  On 07/27/2010 11:04 AM, Anne  Lynn Wheeler wrote:

   long ago and far away. they had also invented this technology
   called SSL that they wanted to use. As part of applying the
   technology to the business payment process ... we also had to go
   around and investigate how some of these new businesses, calling
   themselves Certification Authorities, operated.

In that same time, I was at CyberCash, we invented what is now
sometimes called electronic commerce.  and that and $5 will get
you a cup of coffee. We predated SSL by a few years. Used RSA768 to
protect DES sessions, etc. Usual stuff.

One complaint that we got a lot was that we did not use certs or
CAs. CyberCash was the only trusted source.



   There were lots of issues with deficiencies and vulnerabilities

Most of which we avoided by skipping the cert concept. Still, better
technology has nothing to do with business success.

Public Key Crypto with out all the cruft of PKI. Its still a good
idea.

Pat

-- 
Pat Farrell
http://www.pfarrell.com/

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: Strength in Complexity?

2008-07-03 Thread Pat Farrell
Peter Gutmann wrote:
 Pat Farrell [EMAIL PROTECTED] writes:
 At CyberCash, where we had real RSA/DES in the system, we found that users
 want convenience, not security
 
 I think that's phrasing it a bit badly, it'd be better put as without
 usability, you won't have users (see the Tor paper Challenges in deploying
 low-latency anonymity for more thoughts on this). 


I don't think we are disagreeing much, but the essence of the CyberCash
law is that user's only focus is on convenience. If you give them a
choice, any and all bumps in the road to ease of use cause rejection.

I'm not trying to argue that 12+ years ago we had great usability. The
world's expectations have evolved a lot since then. But we put a lot of
engineering into usability. And it was not enough.

I believe that its not users will accept some glitches to get security
Rather, users only care about usability/convenience. It has to be
trivial to use first. Cite Twitter, blogs, etc.

The key message to take away is that when we pros design systems, at
least for mass markets, the users will tolerate nothing except convenience.

Pat

-- 
Pat Farrell
http://www.pfarrell.com/

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Strength in Complexity?

2008-07-02 Thread Pat Farrell
Perry E. Metzger wrote:
 Jack Lloyd [EMAIL PROTECTED] writes:
 Out of curiosity, was this other spec Photuris?
 
 Sadly. That situation was long and complicated and I'd prefer not to
 go into it -- and I'd prefer actually if others didn't either, as it
 is much more about humans and non-security politics than it is about
 security or cryptography.

Isn't this true in general about nearly all security or cryptography?

At CyberCash, where we had real RSA/DES in the system, we found that
users want convenience, not security

We built a paypal equivalent on top of our real security. Paypal made it
look like they had security, but were convenient.

Which company was sold for over a Billion? and which went bankrupt?

Most attacks are more social engineering than breaking crypto.

-- 
Pat Farrell
http://www.pfarrell.com/

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Toshiba shows 2Mbps hardware RNG

2008-02-13 Thread Pat Farrell

Perry E. Metzger wrote:

[EMAIL PROTECTED] (Peter Gutmann) writes:

I've always wondered why RNG speed is such a big deal for anything but a few
highly specialised applications.


Perhaps it isn't, but any hardware RNG is probably better than none
for many apps, and they've managed to put the whole thing in a quite
small bit of silicon. The speed is probably icing on the cake.


One of the benefits of speed is that you can use cleanup code to control 
bias. Carl Ellison put some out on his website last century.



--
Pat Farrell
http://www.pfarrell.com/

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Proving the randomness of a random number generator?

2005-12-03 Thread Pat Farrell
On Fri, 2005-12-02 at 11:54 +0100, Lee Parkes wrote:
 So, the question is, how can the randomness of a PRNG be proved within 
 reasonable limits of time, processing availability and skill?

Cryptographic randomness? None.

Any one who considers arithmetical methods of producing random digits
is, of course, in a state of sin.
John von Neumann, 1951, quoted by Knuth

Depending on the language you are using, it is as simple as calling
the appropriate random number generator.

Of have someone read Knuth's Art of Computer Programming
for background on it.


-- 
Pat Farrell
http://www.pfarrell.com



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel needed)

2003-12-18 Thread Pat Farrell
At 07:02 PM 12/15/2003 -0500, Jerrold Leichter wrote:
However, this advantage is there only because there are so few smart cards,
and so few smart card enabled applications, around.
A software only, networked smart card would solve the
chicken and egg problem. One such solution is
Tamper resistant method and apparatus, [Ellison], USPTO 6,073,237
(Do a patent number search at http://www.uspto.gov/patft/index.html)
Carl invented this as an alternative to Smartcards back in the SET
development days.
Pat

Pat Farrell [EMAIL PROTECTED]
http://www.pfarrell.com
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


RE: Keyservers and Spam

2003-06-13 Thread Pat Farrell
At 11:56 AM 6/13/2003 -0400, John Kelsey wrote:
At 10:27 AM 6/11/03 -0700, bear wrote:
That is the theory.  In practice, as long as the PGP web of trust
The thing that strikes me is that the PGP web of trust idea is appropriate 
for very close-knit communities, where reputations matter and people 
mostly know one another.  A key signed by Carl Ellison or Jon Callas 
actually means something to me, because I know those people.  But 
transitive trust is just always a slippery and unsatisfactory sort of thing--
I may have missed it, but I thought that the web-o-trust model of PGP has
generally been dismissed by the crypto community
precisely because trust is not transitive.
Similarly, the tree structured, hierarchical trust model has failed,
we currently have a one level, not very trusted model with Verisign
or Thawte or yourself at the top.
I know from discussions with some of the SPKI folks that encouraging
self defined trust trees was one of the goals.
Of course, if the size of the tree is small enough, you can just
use shared secrets.
Pat

Pat Farrell [EMAIL PROTECTED]
http://www.pfarrell.com
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]