Re: [Cryptography] Petnames Zooko's triangle -- theory v. practice (was Email and IM are...)

2013-08-28 Thread Steve Furlong
On Wed, Aug 28, 2013 at 5:33 AM, ianG i...@iang.org wrote:
 Yes.  I was never scared of the NSA.  But the NSA and the FBI and the DEA
 and every local police force ... that's terrifying.  That's a purer
essence of
 terror, far worse than terrorism.  We need a new word.
It's a boot stamping on a human face, forever.
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

Re: [Cryptography] Today's XKCD is on password strength.

2011-08-10 Thread Steve Furlong
On Wed, Aug 10, 2011 at 10:12 AM, Perry E. Metzger pe...@piermont.com wrote:
 Today's XKCD is on password strength. The advice it gives is pretty
 good in principle...

 http://xkcd.com/936/

For a single password on a system with flexible rules, it's good advice.

Real world, with a dozen non-reused passwords needed on systems with
limited password lengths, not so much. correct stable horse battery?

-- 
Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography


Re: Anyone make any sense out of this skype hack announcement?

2010-07-12 Thread Steve Furlong
 I don't know if the new crack reveals anything new. We have
 a writeup about the Skype protection techniques in
 Surreptitious Software, our book on security-through-obscurity.
 (Sorry for the blatant self-promotion).

I appreciate the self-promotion. My only request is that you include
ISBN, link to your home page, and so on.

Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing
for Software Protection
Christian Collberg, Jasvir Nagra
Paperback, 792 pages
Addison-Wesley Professional; August 3, 2009
ISBN-10: 0321549252
ISBN-13: 978-0321549259

-- 
Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: From Ivory Tower to Iron Bars: Scientists Risk Jail Time for Violating Export Laws

2009-09-18 Thread Steve Furlong
On Fri, Sep 18, 2009 at 4:32 AM, Alec Muffett alec.muff...@gmail.com wrote:
 Perry: plasma physics is wildly OT but I believe the relevance will be
 obvious to those who remember the crypto wars, especially when they hit the
 fifth paragraph:

 It’s a difficult subject: many people I interviewed felt Roth showed
 blatant disregard for the law — he was warned  his work fell under the State
 Department’s munitions list — but they expressed deep frustration with the
 ambiguity of the laws.

Hypothetically, if I were to write an open source library or
application involving crypto, I'd send the source and docn through an
anonymizing remailer to someone overseas who could then put it on
appropriate websites. Or I'd go through a web anonymizer and post on
appropriate sites myself. Time was, hypothetically, that I'd
anonymously put source on alt.* Usenet groups, but they're dead in the
US.

Even with relaxed interpretation of the crypto export laws, anyone in
the US would be a fool to rely on that interpretation. Never never
never put your name on publicly available crypto unless you've jumped
through all the hoops written into the law. (And I wouldn't do so even
then.)


Regards,
SRF

--
Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: SHA-3 Round 1: Buffer Overflows

2009-02-23 Thread Steve Furlong
 This just emphasizes what we already knew about C, even the most
 careful, security conscious developer messes up memory management.

 However I think it is not really efficient at this stage to insist on secure
 programming for submission implementations.  For the simple reason that
 there are 42 submissions, and 41 of those will be thrown away, more or less.
  There isn't much point in making the 41 secure; better off to save the
 energy until the one is found.  Then concentrate the energy, no?

Or stop using languages which encourage little oopsies like that. At
the least, make it a standard practice to mock those who use C but
don't use memory-safe libraries and diagnostic tools.

Regards,
SRF

-- 
Neca eos omnes. Deus suos agnoscet. -- Arnaud-Amaury, 1209

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: [EMAIL PROTECTED]: Re: [EMAIL PROTECTED]: [IP] more on AP Story Justice Dept. Probing Domestic Spyin]

2006-01-05 Thread Steve Furlong
 And long before Quantum Computers become strong enough to crack
 2048-bit public key algorithms at a price that makes the
 KGB want to waste its resources on you, there'll be
 more convenient ways to blackbag machines, whether it's
 including extra features in the OS through the audio CD player
 or putting a video camera in your ceiling.

Or rubber hoses, or indefinite detetion until you voluntarily comply
with requests for keys, or seizure of business assets resulting in
business failure even if no charges are ever filed, or ...

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: crypto for the average programmer

2005-12-12 Thread Steve Furlong
 My question is, what is the layperson supposed to do, if they must use
 crypto and can't use an off-the-shelf product?

When would that be the case?

The only defensible situations I can think of in which a
non-crypto-specialist programmer would need to write crypto routines
would be an uncommon OS or hardware, or a new or rare programming
language which doesn't have libraries available from SourceForge etc.
Or maybe implementing an algorithm that's new enough it doesn't have a
decent free implementation, but I'm not sure such an algorithm should
be used in production code.

Indefensible situations include the programmer wanting to write his
own crypto because it's cool or because he just knows he can do better
than all the specialists (in which case he's too arrogant or ignorant
to benefit from a common gotchas list) or the manager telling the
programmer to implement it himself for some bad reason (in which case
the programmer should explain why that's a bad idea).


--
Oooh, so Mother Nature needs a favor?! Well maybe she should have
thought of that when she was besetting us with droughts and floods and
poison monkeys! Nature started the fight for survival, and now she
wants to quit because she's losing. Well I say, hard cheese. --
Montgomery Burns

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: [Clips] Can writing software be a crime?

2005-10-05 Thread Steve Furlong
On 10/5/05, R.A. Hettinga [EMAIL PROTECTED] wrote:

  Can writing software be a crime?
...
  The Perez-Melara case, in comparison, represents the first time the
  government has attempted to prosecute the developer of a software that can
  be used for both lawful purposes (surreptitiously monitoring conversations
  with the consent of one party, or with the implied consent of an employee
  or a minor) or for unlawful purposes (eavesdropping without the consent of
  either party).
...
  What exactly did Perez-Melara do that was illegal? Was it writing the
  software? Selling it? Advertising it?

Some years ago, when Clinton was still Prez, I skirted the US's crypto
(munitions) export rules by writing crypto code as a literate
program (http://www-cs-faculty.stanford.edu/~knuth/lp.html). Because
the digital file was a document rather than source code, it
skirted the then laws concerning export.

That's wouldn't help here. Nowadays any source code I write which
might meet with official disapproval resides encrypted on my hard
drive. I distribute it pseudonymously. (crypto sign the tgz and the
email cover letter, then email it through an anonymizer.) It won't do
me much good for job hunting or other reputation-based benefits, but
it should keep me out of legal trouble.

For now. But, as has been asked before by people I used to consider
paranoid, how long before the US government considers a PGP keyring or
an encrypted partition to be prima facie evidence of criminalty?

(YMMV for non-US residents.)

--
There are no bad teachers, only defective children.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Java: Helping the world build bigger idiots

2005-09-21 Thread Steve Furlong
On 9/20/05, Rich Salz [EMAIL PROTECTED] wrote:
 This is wandering way far afield of the list charter.  In an effort
 to maintain some relevance, I'll point out that code reviews, and
 crypto programming, are rarely done, and arguably shouldn't, by
 programming wizards.

If by that you mean, Program dumb: avoid tricky code, avoid odd
usage, stick to the basics, I agree. Save your clever tricks for
hobby code and the snippets you use to score hot chicks. Critical
code, potentially dangerous code, and professional code should be
written simply and with the idioms standard to the language.

On a related note, I've worked a bit with avionics and embedded
medical software. The certification requirements for those bits of
critical code might be helpful for crypto programming.

--
There are no bad teachers, only defective children.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Clearing sensitive in-memory data in perl

2005-09-13 Thread Steve Furlong
On 9/11/05, Jason Holt [EMAIL PROTECTED] wrote:
 Securely deleting secrets is hard enough in C, much less high level languages.

But, but..Java is the be-all end-all!

Three years ago I advised a business/tech guy to avoid Java for crypto
and related purposes. I'll revise that somewhat in light of greater
experience and developments: Java is ok if you control the platform
it's running on and if the programmers were very careful. In practice,
that means I'd be willing to do the server-side programming in Java if
I (or my employer or client) controlled the server. I'm not happy
about doing client-side programming in Java for arbitrary users, but
users in a controlled business environment is ok. From a user's
perspective, I'd be _really_ cautious about using a crypto app written
in Java.

FWIW, lately I've been earning my daily bread with Java server-side
programming. Fortunately for me, it's been mostly crap work, where it
doesn't really matter if data leaks or someone cracks in. Considering
that I don't control any of the J2EE or database servers and for the
most part they're administered by poorly-trained monkeys, I'd have a
really tough ethical call if my clients wanted me to do some work
where security really mattered.

-- 
There are no bad teachers, only defective children.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Clearing sensitive in-memory data in perl

2005-09-13 Thread Steve Furlong
On 9/13/05, Steven M. Bellovin [EMAIL PROTECTED] wrote:
 There's an interesting tradeoff here: which is a bigger threat, crypto
 secrets lying around memory or buffer overflows?  What's your threat
 model?  For the average server, I suspect you're better off with Java,
 especially if you use some of its client-side security mechanisms to
 lock down the server.  Under some circumstances, you could do a
 call-out to a C module just for the crypto, but it's by no means
 obvious that that's a major improvement.
 
 Again -- what is your threat model?

Other important questions for programmers are, how good are you? How
good does the process allow you to be?

My answers are, I'm quite a good programmer. (Pardon the ego.) I'm
careful and methodical and very seldom have buffer overruns or unfreed
memory even in my first drafts. For me, my expected code quality in C
and C++ is balanced against the black box behaviour of Java's runtime
engine. (To be clear: I don't suspect Sun of putting back doors in
their engine.) And I'm experienced enough and old enough that I can
hold my own in pissing contests with project managers who want to cut
corners in order to ship a day earlier.

Implementation quality could be considered in the threat model. I've
generally taken the programmers into account when designing a system,
but I hadn't explicitly thought of well-meaning-but-incompetent
programmers as part of the threat. Guess I should.

-- 
There are no bad teachers, only defective children.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Another entry in the internet security hall of shame....

2005-08-25 Thread Steve Furlong
On 8/25/05, Trei, Peter [EMAIL PROTECTED] wrote:

 Self-signed certs are only useful for showing that a given
 set of messages are from the same source - they don't provide
 any trustworthy information as to the binding of that source
 to anything.

Which is just fine. Pseudonymity is good.

If, hypothetically, I were interested in writing and distributing
cypto source code which skated right at the edge of current US export
regs, I might want to let users verify that the updates came from the
same source as the original, without giving them or any gov't
busybodies the ability to trace the code back to me.

-- 
There are no bad teachers, only defective children.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: online MD5 crack database

2005-08-22 Thread Steve Furlong
On 8/22/05, Steven M. Bellovin [EMAIL PROTECTED] wrote:
 In message [EMAIL PROTECTED], [EMAIL PROTECTED] writes
 :
 
 ...the folks at Fort Meade had every
 possible BSD password indexed by its /etc/passwd
 representation.

 I'm sorry, I flat-out don't believe that.

snip calculations

Probably some details were left out in the telling. Such as all
possible alphanumeric passwords of length 1-16 characters.

-- 
There are no bad teachers, only defective children.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Cross logins

2005-08-04 Thread Steve Furlong
On 8/3/05, James A. Donald [EMAIL PROTECTED] wrote:
--
 Is it possible for two web sites to arrange for cross
 logins?

snippety-do-dah

Does this question have a practical end in mind? If so, can you
simplify matters by running both web sites on the same host?


(cc-ing JAD because I never see any responses to messages sent from my
GMail acct. I don't know if the GMail traffic is making it to the
list.)

-- 
There are no bad teachers, only defective children.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: draft paper: Deploying a New Hash Algorithm

2005-08-04 Thread Steve Furlong
 [Moderator's note: ... attackers are often cleverer than protocol
 designers. ...

Is that true? Or is it a combination of

(a) a hundred attackers for every designer, and
(b) vastly disparate rewards: continued employment and maybe some
kudos for a designer or implementer, access to $1,000,000,000 of bank
accounts for an attacker


SRF

-- 
There are no bad teachers, only defective children.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Some companies are just asking for it.

2005-06-25 Thread Steve Furlong
On 6/24/05, Perry E. Metzger [EMAIL PROTECTED] wrote:
 For the record, the guys at Fidelity Investments have always seemed to
 me to have their act together on security, unlike lots of other

A few years ago I did some consulting at Fidelity Investments, writing
code to spider their own websites for, among other things, security.
The fact that they were willing to pay for a few months of my time,
plus the obscene markup for the company I billed through and putting
me up in Boston, suggests they were serious about it.

-- 
There are no bad teachers, only defective children

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Papers about Algorithm hiding ?

2005-06-03 Thread Steve Furlong
On 6/3/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
 Another alternative is the cyphersaber type of thing, where you could just
 implement your crypto-code on the fly, as needed.

Yes, I could, and have. Presumably you could. Ben Laurie probably
could blindfolded with both hands tied behind his back. But Alice
Philanderer, Bob Pedophile, Charlie Terrorist, and Generic Joe User
can't. Your alternative is more practical than if everybody would
xxx (sorry, Ian) but still not good enough. If only techies are able
to protect themselves from the JBTs, then merely being a techie will
be grounds for suspicion. (As well as throwing our non-programming 
brethren to the wolves.)

The only realistic solutions are those which allow the concerned but
non-technical user to take measures to protect himself against the
perceived threat, without requiring major changes to human nature or
to society.

As it happens, I have really good test cases to refine my solutions:
my extended family is a bunch of mountain hicks with internet access.
They're not especially educated and certainly not technically adept,
and are concerned about the gummint grabbing their computers or
snooping their traffic. Once I've got an acceptable suite of tools and
a training package put together, I'll post it somewhere. (Don't hold
your collective breath; making a living takes most of my time.)


Regards,
SRF

-- 
There are no bad teachers, only defective children.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Papers about Algorithm hiding ?

2005-06-02 Thread Steve Furlong
On 5/31/05, Ian G [EMAIL PROTECTED] wrote:
 I don't agree with your conclusion that hiding algorithms
 is a requirement.  I think there is a much better direction:
 spread more algorithms.  If everyone is using crypto then
 how can that be relevant to the case?

This is so, in the ideal. But if everyone would only... never seems
to work out in practice. Better to rely on what you can on your own or
with a small group.

In response to Hadmut's question, for instance, I'd hide the crypto
app by renaming the executable. This wouldn't work for a complex app
like PGP Suite but would suffice for a simple app. Rename the
encrypted files as well and you're fairly safe. (I've consulted with
firms that do disk drive analysis. From what I've seen, unless the
application name or the data file extensions are in a known list, they
won't be seen. But my work has been in the realm of civil suits,
contract disputes, SEC claims, and the like; the investigators might
be more thorough when trying to nail someone for kiddie porn.)

Or use another app which by the way has crypto. Winzip apparently has
some implementation flaws
(http://www.cse.ucsd.edu/users/tkohno/papers/WinZip/ ) but a quick
google doesn't show anything but brute force and dictionary attacks
against WinRar.

-- 
There are no bad teachers, only defective children.

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Quantum cryptography gets practical

2004-10-08 Thread Steve Furlong
On Wed, 2004-10-06 at 06:27, Dave Howe wrote:
 I have yet to see an advantage to QKE that even mildly justifies the
 limitations and cost over anything more than a trivial link (two
 buildings within easy walking distance, sending high volumes of
 extremely sensitive material between them)

But it's cool!

More seriously, it has no advantage now, but maybe something will come
up. The early telephones were about useless, too, remember. In the mean
time, the coolness factor will keep people playing with it and
researching it.



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Al Qaeda crypto reportedly fails the test

2004-08-03 Thread Steve Furlong
On Mon, 2004-08-02 at 15:03, John Denker wrote:
 News article
http://news.bbc.co.uk/2/hi/americas/3528502.stm
 says in part:
 
  The BBC's Zaffar Abbas, in Islamabad, says it appears that US
  investigators were able to unscramble information on the computers
  after Pakistan passed on suspicious encrypted documents.

Bah. They were probably Word documents with the password required
option turned on.


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Question on the state of the security industry

2004-07-01 Thread Steve Furlong
On Wed, 2004-06-30 at 06:49, Ian Grigg wrote:

 Here's my question - is anyone in the security
 field of any sort of repute being asked about
 phishing, consulted about solutions, contracted
 to build?  Anything?

Nothing here. Spam is the main concern on people's minds, so far as I
can tell. Please note, though, that I'm not specifically a computer
security consultant but rather a broad-spectrum computer consultant who
does some security work and a private security guy who does some
computer work.

Topical anecdote: my last full-time but short-term consulting* gig was
at a bank. You know, money and stuff. Computer security in the
development shop consisted of telling the programmers to run NAV daily.
They used Outlook for email, with no filters on incoming mail that I
could track down. I did some minor testing from my home system. Didn't
send myself any viruses, but I did send a few executable attachments.
They all made it through.

* Not really consulting. They wanted a warm-body programmer, and not
only ignored the process improvement suggestions I was putatively hired
to provide, but seemed offended that I had suggestions to make at all.


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]