Re: [Cryptography] encoding formats should not be committee'ized

2013-10-03 Thread Stephan Neuhaus
On 2013-10-03 09:49, Peter Gutmann wrote: Jerry Leichter writes: My favorite more recent example of the pitfalls is TL1, a language and protocol used to managed high-end telecom equipment. TL1 has a completely rigorous syntax definition, but is supposed to be readable.

Re: [Cryptography] The paranoid approach to crypto-plumbing

2013-09-17 Thread Stephan Neuhaus
On 2013-09-17 07:37, Peter Gutmann wrote: Tony Arcieri writes: On Mon, Sep 16, 2013 at 9:44 AM, Bill Frantz wrote: After Rijndael was selected as AES, someone suggested the really paranoid should super encrypt with all 5 finalests [...]. I wish there

Re: [Cryptography] Hashes into Ciphers (was Re: FIPS, NIST and ITAR questions)

2013-09-04 Thread Stephan Neuhaus
On 2013-09-04 16:37, Perry E. Metzger wrote: Phil Karn described a construction for turning any hash function into the core of a Feistel cipher in 1991. So far as I can tell, such ciphers are actually quite secure, though impractically slow. Pointers to his original sci.crypt posting would be

Re: A slight modification of my comments on PKI.

2010-07-30 Thread Stephan Neuhaus
On Jul 29, 2010, at 22:23, Anne Lynn Wheeler wrote: On 07/28/2010 10:34 PM, wrote: The design goal for any security system is that the number of failures is small but non-zero, i.e., N0. If the number of failures is zero, there is no way to disambiguate good luck from

Re: Against Rekeying

2010-03-25 Thread Stephan Neuhaus
On Mar 23, 2010, at 22:42, Jon Callas wrote: If you need to rekey, tear down the SSL connection and make a new one. There should be a higher level construct in the application that abstracts the two connections into one session. ... which will have its own subtleties and hence probability

Re: Possibly questionable security decisions in DNS root management

2009-10-23 Thread Stephan Neuhaus
On Oct 22, 2009, at 16:12, Perry E. Metzger wrote: I don't think anyone is smart enough to understand all the implications of this across all the systems that depend on the DNS, especially as we start to trust the DNS because of the authentication. We trust the DNS already. As far as I

Re: [Barker, Elaine B.] NIST Publication Announcements

2009-10-02 Thread Stephan Neuhaus
On Oct 1, 2009, at 16:46, Perry E. Metzger wrote: It is also completely impossible to prove you've deleted a record. Someone who can read the record can always make a copy of it. Cryptography can't fix the DRM problem. Sorry, I should have clarified that. We don't want to verify that Bob

Re: [Barker, Elaine B.] NIST Publication Announcements

2009-10-01 Thread Stephan Neuhaus
On Sep 30, 2009, at 06:25, Peter Gutmann wrote: Stephan Neuhaus writes: Is there something that could be done that would *not* require a TTA? (I have almost given up on this, but it doesn't hurt to ask.) I think you've abstracted away too much information

Re: [Barker, Elaine B.] NIST Publication Announcements

2009-09-29 Thread Stephan Neuhaus
On Sep 26, 2009, at 18:31, Perry E. Metzger wrote: SP 800-102 is intended to address the timeliness of the digital signatures generated using the techniques specified in Federal Information Processing Standard (FIPS) 186-3. [...] SP 800-102 provides methods of obtaining assurance of the

Re: Source for Skype Trojan released

2009-09-04 Thread Stephan Neuhaus
On Aug 31, 2009, at 13:20, Jerry Leichter wrote: It can “...intercept all audio data coming and going to the Skype process.” Interesting, but is this a novel idea? As far as I can see, the process intercepts the audio before it reaches Skype and after it has left Skype. Isn't that the

Re: combining entropy

2008-10-24 Thread Stephan Neuhaus
On Oct 24, 2008, at 14:29, John Denker wrote: On 09/29/2008 05:13 AM, IanG wrote: My assumptions are: * I trust no single source of Random Numbers. * I trust at least one source of all the sources. * no particular difficulty with lossy combination. If I have N pools of entropy (all same

Re: combining entropy

2008-10-24 Thread Stephan Neuhaus
On Oct 24, 2008, at 15:37, Stephan Neuhaus wrote: Ah, but for this to hold, you will also have to assume that the N pools are all independent. Slight correction: You will have to assume that one of the trusted pools is independent from the others. Best, Stephan

Re: Randomness testing Was: On the randomness of DNS

2008-08-04 Thread Stephan Neuhaus
On Aug 3, 2008, at 13:54, Alexander Klimov wrote: If your p-value is smaller than the significance level (say, 1%) you should repeat the test with different data and see if the test persistently fails or it was just a fluke. Or better still, make many tests and see if your p-values are

German banks liable for phishing (really: keylogging) attacks

2008-07-04 Thread Stephan Neuhaus
This article:,1518,563606,00.html (sorry, German only) describes a judgment made by a German district court which says that banks are liable for damages due to phishing attacks. In the case in question, a customer was the victim of a keylogger even

Re: The wisdom of the ill informed

2008-07-01 Thread Stephan Neuhaus
On Jul 1, 2008, at 17:39, Perry E. Metzger wrote: Ed, there is a reason no one in the US, not even Wells Fargo which you falsely cited, does what you suggest. None of them use 4 digit PINs, none of them use customer account numbers as account names. (It is possible SOMEONE out there does this,

Re: defending against evil in all layers of hardware and software

2008-04-29 Thread Stephan Neuhaus
On Apr 28, 2008, at 23:56, Perry E. Metzger wrote: If you have a rotten apple engineer, he will be able to hide what he's trying to do and make it look completely legit. If he's really good, it may not be possible to catch what he's done EVEN IN PRINCIPLE. Fred Cohen proved in 1984 in his

Re: crypto class design

2007-12-19 Thread Stephan Neuhaus
On Dec 17, 2007, at 17:38, [EMAIL PROTECTED] wrote: So... supposing I was going to design a crypto library for use within a financial organization, which mostly deals with credit card numbers and bank accounts, and wanted to create an API for use by developers, does anyone have any advice

Re: The bank fraud blame game

2007-07-02 Thread Stephan Neuhaus
Peter Gutmann wrote: Given that all you need for this is a glorified pocket calculator, you could (in large enough quantities) probably get it made for $10, provided you shot anyone who tried to introduce product-deployment DoS mechanisms like smart cards and EMV into the picture. That seems

Re: Free Rootkit with Every New Intel Machine

2007-06-21 Thread Stephan Neuhaus
Peter Gutmann wrote: -- Snip -- This is very scary. I bet that our Minister of the Interior would love it, though, since he has been pushing a scheme for stealth examination of suspects' computers (called Federal Trojan). Technology like this would be a large first step towards making

Re: US Banks: Training the next generation of phishing victims

2005-10-13 Thread Stephan Neuhaus
Peter Gutmann wrote: Banks like Bank of America have taken some flak in the past for their awful online banking security practices. [...] For an example of how you can do it well and still have a well-designed user interface, consider SaarLB ( The homepage is

German CA TrustCenter insolvent

2005-09-26 Thread Stephan Neuhaus
Original article at It seems that the German TC TrustCenter GmbH (formerly TC TrustCenter AG) is now insolvent. TrustCenter was accredited to issue qualified signatures, which is what you need in Germany if you want your digital signature to be

Re: Another entry in the internet security hall of shame....

2005-09-07 Thread Stephan Neuhaus
Peter Gutmann wrote: Alaric Dailey [EMAIL PROTECTED] writes: In my opinion, PSK has the same problems as all symmetric encryption, its great if you can share the secret securely, but distribution to the masses makes it infeasible. Exactly, PSK's are infeasible, and all those thousands of web

Re: Another entry in the internet security hall of shame....

2005-09-01 Thread Stephan Neuhaus
James A. Donald wrote: But does not, in fact, prevent. Let me rephrase that. Are we now at a point where we must admit that PKI isn't going to happen for the Web and that we therefore must face the rewriting of an unknown (but presumably large) number of lines of code to accomodate PSKs?

Re: Another entry in the internet security hall of shame....

2005-08-30 Thread Stephan Neuhaus
Peter Gutmann wrote: And that's it's killer feature: Although you can still be duped into handing out your password to a fake site, you simply cannot connect securely without prior mutual authentication of client and server if TLS-PSK is used. If I have understood the draft correctly, using

Re: AES cache timing attack

2005-06-20 Thread Stephan Neuhaus
Peter Gutmann wrote: Stephan Neuhaus [EMAIL PROTECTED] writes: Concerning the practical use of AES, you may be right (even though it would be nice to have some advice on what one *should* do instead). Definitely. Maybe time for a BCP, not just for AES but for general block ciphers? I