Re: [Cryptography] PRISM-Proofing and PRISM-Hardening
Salz, Rich writes: I would say this puts you in the sub 1% of the populace. Most people want to do things online because it is much easier and gets rid of paper. Those are the systems we need to secure. Perhaps another way to look at it: how can we make out-of-band verification simpler? There's probably a whole O'Reilly book waiting to be written on identity verification, but let me say it in one phrase: closing the loop. That means giving information electronically, and expecting to get it back via a different path. So, as an example, the institution prints are magic number (also in barcode or QRcode form so you can scan it) on a piece of paper, and mails it to your address of record. Or they call your phone number of record and ask you to enter a magic number. Or they ask for a time-proof-of-work. Let's say that you've been posting to an online forum for some time (e.g. this mailing list). They ask you to post a magic number to the mailing list in your signature block. Somebody like Lucky Green could use this. Or The Well members, presuming that The Well still exists in some form. Same idea for Facebook, Google+, a blog, your personal website (e.g. russnelson.com), your corporate website (e.g. http://crynwr.com/~nelson/), etc. Anything where only you can enter information just as you have been doing for years. -- --my blog is athttp://blog.russnelson.com Crynwr supports open source software 521 Pleasant Valley Rd. | +1 315-600-8815 Potsdam, NY 13676-3213 | Sheepdog ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: solving the wrong problem
Perry E. Metzger writes: Anyone have a good phrase in mind that has the right sort of flavor for describing this sort of thing? Well, I've always said that crypto without a threat model is like cookies without the milk. -- --My blog is at blog.russnelson.com | In a democracy the rulers Crynwr sells support for free software | PGPok | are older versions of the 521 Pleasant Valley Rd. | +1 315-323-1241 | popular kids from high Potsdam, NY 13676-3213 | | school. --Bryan Caplan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Security is the bits you disable before you ship
Steven M. Bellovin writes: That's not new, either. I believe it was Tony Hoare who likened this to sailors doing shore drills with life preservers, but leaving them home when they went to sea. I think he said that in the 1970s; he said this in his Turing Award lecture: The first principle was security... A consequence of this principle is that every occurrence of every subscript of every subscripted variable was on every occasion checked at run time... I note with fear and horror that even in 1980, language designers and users have not learned this lesson. This is true, however, I've seen Dan Bernstein (and you don't get much more careful or paranoid about security than Dan) write code like this: static char line[999]; len = 0; len += fmt_ulong(line + len,rp); len += fmt_str(line + len, , ); len += fmt_ulong(line + len,lp); len += fmt_str(line + len,\r\n); Of course, the number of characters that fmt_ulong will insert is limited by the number of bits in an unsigned long, and both strings are of constant length. -- --My blog is at blog.russnelson.com | The laws of physics cannot Crynwr sells support for free software | PGPok | be legislated. Neither can 521 Pleasant Valley Rd. | +1 315-323-1241 cell | the laws of countries. Potsdam, NY 13676-3213 | +1 212-202-2318 VOIP | - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: will spammers early adopt hashcash? (Re: Spam Spotlight on Reputation)
(everybody is on the mailing list; why all the CC's?) Adam Back writes: Will it be enough -- we don't know yet, but if widely deployed it would make spammers adapt. We just don't yet know how they will adapt. Cryptography is not about math; it's not about secrets; it's not about security. It's about economics. I'd really like to see people NOT talk about the security of cryptography, but instead of about the cost of it. If the cost of breaking a system exceeds the value of an identifiable message, nobody will bother breaking it. If the cost of using a system exceeds the value of the system, nobody will bother using it. So, in this context, Ben Richards paper is not so much that hashcash won't work but instead the value of using hashcash is exceeded by the cost of using it. -- --My blog is at angry-economist.russnelson.com | Violence never solves Crynwr sells support for free software | PGPok | problems, it just changes 521 Pleasant Valley Rd. | +1 212-202-2318 voice | them into more subtle Potsdam, NY 13676-3213 | FWD# 404529 via VOIP | problems. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Cryptography as a component of security
I listened to yet another talk on computer security, which incorporated security. It got me to thinking two things: o Pseudo-random implies pseudo security. If you're re-keying by running the old key through a pseudo-random function without adding any new entropy, then you're not re-keying at all. o Security is not an absolute value. It only makes sense as a relative value. You cannot say that a system is secure. You can only say that it is secure against a certain threat. It's quite reasonable to say that GPG using a 2048-bit key is secure against all known attacks today. You've defined the threat (all known attacks today) and the type of cryptography. Any kind of claim of security, without defining what the expected attacks the system will withstand, are *inherently* snake oil. Let me say this again in the strongest possible terms: even if you are using industry-standard cryptography (e.g. RSA, Triple-DES, AES, etc), and yet you do not define your threat, then any claims that your system is secure are claims about snake oil. Maybe I'm preaching to the converted, but apparently you can get a PhD and apply for funding without understanding these issues. -- --My blog is at angry-economist.russnelson.com | Can I recommend python? Crynwr sells support for free software | PGPok | Just a thought. 521 Pleasant Valley Rd. | +1 315 268 1925 voice | -Dr. Jamey Hicks Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Gresham's Law?
I wonder if the DMCA (why do those initials bring to mind a song by The Village People?) isn't invoking Gresham's Law? Gresham's Law says bad money drives out good, but it only applies when there is a legal tender law. Such a law requires that all money be treated equally -- as legal tender for all debts. Gresham's Law predicts that people will hoard good money and spend bad money, since it's all the same to them. The DMCA requires that all copyright protection systems be treated equally, since it says nothing about the efficacy of a copyright protection system. In that regard it is identical to a legal tender law because it does not distinguish between good and bad copyright protection. Any kind of cryptography, effective or not, seems to be presumptively copyright protection. Marketplace competition in the realm of DMCA-protected products will give people an interest in putting the least amount of resources into copyright protection. The DMCA is a recipe for ineffective copyright protection. `Sec. 1201. Circumvention of copyright protection systems `(2) No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that-- -- --My blog is at angry-economist.russnelson.com | Can I recommend python? Crynwr sells support for free software | PGPok | Just a thought. 521 Pleasant Valley Rd. | +1 315 268 1925 voice | -Dr. Jamey Hicks Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
