Re: Client Certificate UI for Chrome?

2009-09-09 Thread Steven M. Bellovin
On Wed, 09 Sep 2009 15:42:34 +1000 James A. Donald jam...@echeque.com wrote: Steven Bellovin wrote: Several other people made similar suggestions. They all boil down to the same thing, IMO -- assume that the user will recognize something distinctive or know to do something special for

spyware on Blackberries

2009-07-16 Thread Steven M. Bellovin
http://feeds.wired.com/~r/wired27b/~3/CFV8MEwH_rM/ A BlackBerry update that a United Arab Emirates service provider pushed out to its customers contains U.S.-made spyware that would allow the company or others to siphon and read their e-mail and text messages, according to a researcher who

Re: MD6 withdrawn from SHA-3 competition

2009-07-04 Thread Steven M. Bellovin
On Thu, 2 Jul 2009 20:51:47 -0700 Joseph Ashwood ashw...@msn.com wrote: -- Sent: Wednesday, July 01, 2009 4:05 PM Subject: MD6 withdrawn from SHA-3 competition Also from Bruce Schneier, a report that MD6 was withdrawn from the SHA-3

visualizing modes of operation

2009-05-21 Thread Steven M. Bellovin
http://www.cryptosmith.com/archives/621 --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

80-bit security? (Was: Re: SHA-1 collisions now at 2^{52}?)

2009-05-07 Thread Steven M. Bellovin
On Thu, 30 Apr 2009 17:44:53 -0700 Jon Callas j...@callas.org wrote: The accepted wisdom on 80-bit security (which includes SHA-1, 1024-bit RSA and DSA keys, and other things) is that it is to be retired by the end of 2010. That's an interesting statement from a historical perspective -- is

Some old works

2009-04-30 Thread Steven M. Bellovin
While poking around Google Books, I stumbled on the following two references that might be of interest to this list. The first is cited by Kahn. \emph{The Military Telegraph During the Civil War in the United States: With an Exposition of Ancient and Modern Means of Communication, and of the

A reunion at Bletchley Park

2009-04-30 Thread Steven M. Bellovin
http://www.google.com/hostednews/ap/article/ALeqM5jFmxwZmt8V4URihSIugJroZE4yKgD974J72O0 --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe

Legalities: NSA outsourcing spying on Americans?

2009-04-30 Thread Steven M. Bellovin
The assertion occasionally comes up that since the NSA cannot legally eavesdrop on Americans, it outsources to the UK or one of the other Echelon countries. It turns out that that's forbidden, too -- see Section 2.12 of Executive Order 12333

Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-04 Thread Steven M. Bellovin
On Tue, 03 Mar 2009 17:05:32 -0800 John Gilmore g...@toad.com wrote: I would not read too much into this ruling -- I think that this is a special situation, and does not address the more important general issue. In other cases, where alternative evidence is not available to the

Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Steven M. Bellovin
On Tue, 03 Mar 2009 12:26:32 -0500 Perry E. Metzger pe...@piermont.com wrote: Quoting: A federal judge has ordered a criminal defendant to decrypt his hard drive by typing in his PGP passphrase so prosecutors can view the unencrypted files, a ruling that raises serious concerns

Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Steven M. Bellovin
On Tue, 03 Mar 2009 13:53:50 -0500 Perry E. Metzger pe...@piermont.com wrote: Adam Fields cryptography23094...@aquick.org writes: Well, it should be clear that any such scheme necessarily will produce encrypted partitions with less storage capacity than one with only one set of

Re: Solving password problems one at a time, Re: The password-reset paradox

2009-03-02 Thread Steven M. Bellovin
On Sat, 21 Feb 2009 11:33:32 -0800 Ed Gerck edge...@nma.com wrote: I submit that the most important password problem is not that someone may find it written somewhere. The most important password problem is that people forget it. So, writing it down and taking the easy precaution of not

Re: Security through kittens, was Solving password problems

2009-02-25 Thread Steven M. Bellovin
On Wed, 25 Feb 2009 10:04:40 -0800 Ray Dillinger b...@sonic.net wrote: On Wed, 2009-02-25 at 14:53 +, John Levine wrote: You're right, but it's not obvious to me how a site can tell an evil MITM proxy from a benign shared web cache. The sequence of page accesses would be pretty

stripping https from pages

2009-02-20 Thread Steven M. Bellovin
http://www.theregister.co.uk/2009/02/19/ssl_busting_demo/ -- we've talked about this attack for quite a while; someone has now implemented it. --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography

Re: The password-reset paradox

2009-02-20 Thread Steven M. Bellovin
On Fri, 20 Feb 2009 02:36:17 +1300 pgut...@cs.auckland.ac.nz (Peter Gutmann) wrote: There are a variety of password cost-estimation surveys floating around that put the cost of password resets at $100-200 per user per year, depending on which survey you use (Gartner says so, it must be true).

NSA offering 'billions' for Skype eavesdrop solution

2009-02-13 Thread Steven M. Bellovin
Counter Terror Expo: News of a possible viable business model for P2P VoIP network Skype emerged today, at the Counter Terror Expo in London. An industry source disclosed that America's supersecret National Security Agency (NSA) is offering billions to any firm which can offer reliable

Property RIghts in Keys

2009-02-12 Thread Steven M. Bellovin
I was reading a CPS from GeoTrust -- 91 pages of legalese! -- and came across the following statement: Without limiting the generality of the foregoing, GeoTrust's root public keys and the root Certificates containing them, including all self-signed certificates, are the

Re: Proof of Work - atmospheric carbon

2009-01-31 Thread Steven M. Bellovin
On Fri, 30 Jan 2009 11:40:12 -0700 Thomas Coppi thisnuke...@gmail.com wrote: On Wed, Jan 28, 2009 at 2:19 PM, John Levine jo...@iecc.com wrote: Indeed. And don't forget that through the magic of botnets, the bad guys have vastly more compute power available than the good guys. Just out

full-disk encryption standards released

2009-01-28 Thread Steven M. Bellovin
http://www.computerworld.com/action/article.do?command=viewArticleBasicarticleId=9126869intsrc=hm_ts_head --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending

Re: Obama's secure PDA

2009-01-27 Thread Steven M. Bellovin
On Mon, 26 Jan 2009 02:49:31 -0500 Ivan Krstić krs...@solarsail.hcs.harvard.edu wrote: Finally, any idea why the Sectéra is certified up to Top Secret for voice but only up to Secret for e-mail? (That is, what are the differing requirements?) I actually explained (my take on) that

Re: MD5 considered harmful today, SHA-1 considered harmful tomorrow

2009-01-20 Thread Steven M. Bellovin
On Mon, 19 Jan 2009 10:45:55 +0100 Bodo Moeller bmoel...@acm.org wrote: On Sat, Jan 17, 2009 at 5:24 PM, Steven M. Bellovin s...@cs.columbia.edu wrote: I've mentioned it before, but I'll point to the paper Eric Rescorla wrote a few years ago: http://www.cs.columbia.edu/~smb/papers/new

Re: MD5 considered harmful today, SHA-1 considered harmful tomorrow

2009-01-17 Thread Steven M. Bellovin
On Mon, 12 Jan 2009 16:05:08 +1300 pgut...@cs.auckland.ac.nz (Peter Gutmann) wrote: Weger, B.M.M. de b.m.m.d.we...@tue.nl writes: Bottom line, anyone fielding a SHA-2 cert today is not going=20 to be happy with their costly pile of bits. Will this situation have changed by the end of

Re: feds try to argue touch tone content needs no wiretap order

2009-01-11 Thread Steven M. Bellovin
On Fri, 09 Jan 2009 20:12:16 -0500 Perry E. Metzger pe...@piermont.com wrote: Just about everyone knows that the FBI must obtain a formal wiretap order from a judge to listen in on your phone calls legally. But the U.S. Department of Justice believes that police don't need

FBI code-cracking contest

2008-12-30 Thread Steven M. Bellovin
http://www.networkworld.com/community/node/36704 --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Fw: [saag] Further MD5 breaks: Creating a rogue CA certificate

2008-12-30 Thread Steven M. Bellovin
Begin forwarded message: Date: Tue, 30 Dec 2008 11:05:28 -0500 From: Russ Housley hous...@vigilsec.com To: ietf-p...@imc.org, ietf-sm...@imc.org, s...@ietf.org, c...@irtf.org Subject: [saag] Further MD5 breaks: Creating a rogue CA certificate http://www.win.tue.nl/hashclash/rogue-ca/ MD5

Re: two bits of light holiday reading

2008-12-27 Thread Steven M. Bellovin
On Fri, 26 Dec 2008 01:35:43 -0500 Ivan Krsti__ krs...@solarsail.hcs.harvard.edu wrote: 2. The DC-based Center for Strategic and International Studies recently released a report titled 'Securing Cyberspace for the 44th Presidency' written by a number of influential authors:

Re: CPRNGs are still an issue.

2008-12-17 Thread Steven M. Bellovin
On Wed, 17 Dec 2008 13:02:58 -0500 Jerry Leichter leich...@lrw.com wrote: On Dec 16, 2008, at 4:22 PM, Charles Jackson wrote: I probably should not be commenting, not being a real device guy. But, variations in temperature and time could be expected to change SSD timing.

Re: CPRNGs are still an issue.

2008-12-15 Thread Steven M. Bellovin
On Sun, 14 Dec 2008 15:40:10 -0800 Bill Frantz fra...@pwpconsult.com wrote: Short of building special random number generation hardware, does anyone have any suggestions for additional sources? In my copious spare time, I've entertained thoughts of writing a FIPS 181 pronounceable password

HavenCo and Sealand

2008-11-26 Thread Steven M. Bellovin
Slightly off-topic, but a cause celebre on cypherpunks some years ago -- but HavenCo, which ran a datacenter on the nation of Sealand, is no longer operating there: http://www.theregister.co.uk/2008/11/25/havenco/ (pointer via Spaf's blog). --Steve Bellovin,

Comment Period for FIPS 186-3: Digital Signature Standard

2008-11-12 Thread Steven M. Bellovin
From: Sara Caswell [EMAIL PROTECTED] To: undisclosed-recipients:; Subject: Comment Period for FIPS 186-3: Digital Signature Standard Date: Wed, 12 Nov 2008 14:52:17 -0500 User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) As stated in the Federal Register of November 12, 2008, NIST requests

NIST Special Publication 800-108 Recommendation for Key Derivation Using Pseudorandom Functions

2008-11-08 Thread Steven M. Bellovin
From: Sara Caswell [EMAIL PROTECTED] To: undisclosed-recipients:; Subject: NIST Special Publication 800-108 Recommendation for Key Derivation Using Pseudorandom Functions Date: Fri, 07 Nov 2008 08:57:40-0500 Dear Colleagues: NIST Special Publication 800-108 Recommendation for Key Derivation

Rubber-hose cryptanalysis?

2008-10-27 Thread Steven M. Bellovin
http://news.cnet.com/8301-13739_3-10069776-46.html?tag=mncol --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Cryptologic History Symposium: Call for Papers

2008-10-27 Thread Steven M. Bellovin
Forwarded with permission. --- From: Sieg, Kent G [EMAIL PROTECTED] Subject: Symposium Call for Papers Date: Mon, 27 Oct 2008 10:23:50 -0400 Just sending notice of our upcoming Symposium, especially if you can present or know of a colleague who would like to do so. Dr. Kent Sieg The

unbreakable quantum crypto cracked by a laser

2008-10-24 Thread Steven M. Bellovin
http://technology.newscientist.com/channel/tech/dn14866-laser-cracks-unbreakable-quantum-communications.html?feedId=online-news_rss20 Not surprisingly, it's attacking the implementation, not the physics -- but of course we use implementations to communicate, rather than theories.

Using GPUs to crack crypto

2008-10-24 Thread Steven M. Bellovin
Elcomsoft has a product that uses GPUs to do password-cracking on a variety of media. They claim a speed-up of up to 67x, depending on the application being attacked. http://www.elcomsoft.com/edpr.html?r1=prr2=wpa (This has led to a variety of stories (see, for example,

Re: Fake popup study

2008-09-24 Thread Steven M. Bellovin
On Wed, 24 Sep 2008 20:43:53 -0400 Perry E. Metzger [EMAIL PROTECTED] wrote: Steven M. Bellovin [EMAIL PROTECTED] writes: Human factors haven't received nearly enough attention, and as long as human factors failings are dismissed as the fault of idiot users, they never will. Strong

Re: once more, with feeling.

2008-09-21 Thread Steven M. Bellovin
On Thu, 18 Sep 2008 17:18:00 +1200 [EMAIL PROTECTED] (Peter Gutmann) wrote: - Use TLS-PSK, which performs mutual auth of client and server without ever communicating the password. This vastly complicated phishing since the phisher has to prove advance knowledge of your credentials in order

Origin of the nomenclature red-black?

2008-08-30 Thread Steven M. Bellovin
Does anyone know where and when the use of red (inside networks) and black (outside, encrypted networks for crypto gear) started? I'm especially intrigued by the use of red, since in other military nomenclature (in the US) blue is the usual color for US and friendly forces and red is (for obvious

Re: road toll transponder hacked

2008-08-28 Thread Steven M. Bellovin
On Thu, 28 Aug 2008 10:49:20 +0200 Eugen Leitl [EMAIL PROTECTED] wrote: On Wed, Aug 27, 2008 at 12:16:23PM -0400, Steven M. Bellovin wrote: Finally, the transponders may not matter much longer; OCR on license plates is getting that good. As has already been mentioned, the 407 ETR road

Re: road toll transponder hacked

2008-08-28 Thread Steven M. Bellovin
On Thu, 28 Aug 2008 17:55:57 +0200 Stefan Kelm [EMAIL PROTECTED] wrote: http://en.wikipedia.org/wiki/Toll_Collect is in operation in entire Germany. It does OCR on all license plates (also used for police purposes in realtime, despite initial vigorous denial) but currently is only used

Re: Decimal encryption

2008-08-27 Thread Steven M. Bellovin
On Wed, 27 Aug 2008 17:05:44 +0200 Philipp G__hring [EMAIL PROTECTED] wrote: Hi, I am searching for symmetric encryption algorithms for decimal strings. Let's say we have various 40-digit decimal numbers: 2349823966232362361233845734628834823823 3250920019325023523623692235235728239462

Re: road toll transponder hacked

2008-08-27 Thread Steven M. Bellovin
On Wed, 27 Aug 2008 07:10:51 -0400 [EMAIL PROTECTED] wrote: Bill Frantz writes, in part: -+-- | In the San Francisco Bay Area, they are using the transponder codes | to measure how fast traffic is moving from place to place. They | post the times to various

Re: Decimal encryption

2008-08-27 Thread Steven M. Bellovin
On Wed, 27 Aug 2008 09:34:15 -0700 Greg Rose [EMAIL PROTECTED] wrote: So, you don't have a 133-bit block cipher lying around? No worries, I'll sell you one ;-). Also see Debra Cook's PhD dissertation on Elastic Block Ciphers at http://www1.cs.columbia.edu/~dcook/thesis_ab.shtml

Re: Cube cryptanalysis?

2008-08-19 Thread Steven M. Bellovin
Greg, assorted folks noted, way back when, that Skipjack looked a lot like a stream cipher. Might it be vulnerable? --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe

Fw: NIST Documents Available for Review

2008-08-18 Thread Steven M. Bellovin
Begin forwarded message: Date: Mon, 18 Aug 2008 10:56:16 -0400 From: Sara Caswell [EMAIL PROTECTED] To: undisclosed-recipients:; Subject: NIST Documents Available for Review NIST revised the first drafts of Special Publication(SP) 800-106, Randomized Hashing for Digital Signatures, and SP

Re: Judge approves TRO to stop DEFCON presentation

2008-08-10 Thread Steven M. Bellovin
On Sat, 09 Aug 2008 19:38:45 -0400 Ivan Krsti__ [EMAIL PROTECTED] wrote: On Sat, 09 Aug 2008 17:11:11 -0400, Perry E. Metzger [EMAIL PROTECTED] wrote: Las Vegas - Three students at the Massachusetts Institute of Technology (MIT) were ordered this morning by a federal court

Fw: FIPS 198-1 announcement

2008-07-30 Thread Steven M. Bellovin
Begin forwarded message: Date: Wed, 30 Jul 2008 12:36:36 -0400 From: Sara Caswell [EMAIL PROTECTED] To: undisclosed-recipients:; Subject: FIPS 198-1 announcement The National Institute of Standards and Technology (NIST) is pleased to announce approval of Federal Information Processing

Re: how to check if your ISP's DNS servers are safe

2008-07-23 Thread Steven M. Bellovin
On Tue, 22 Jul 2008 10:21:14 -0400 Perry E. Metzger [EMAIL PROTECTED] wrote: Niels Provos has a web page up with some javascript that automatically checks if your DNS caching server has been properly patched or not. http://www.provos.org/index.php?/pages/dnstest.html It is worth telling

Re: Kaminsky finds DNS exploit

2008-07-14 Thread Steven M. Bellovin
On Mon, 14 Jul 2008 16:27:58 +0200 Florian Weimer [EMAIL PROTECTED] wrote: On top of that, some operators decided not to offer TCP service at all. Right. There's a common misconception, on both security and network operator mailing lists, that DNS servers use TCP only for zone transfers, and

Re: Kaminsky finds DNS exploit

2008-07-09 Thread Steven M. Bellovin
On Wed, 09 Jul 2008 11:22:58 +0530 Udhay Shankar N [EMAIL PROTECTED] wrote: I think Dan Kaminsky is on this list. Any other tidbits you can add prior to Black Hat? Udhay http://www.liquidmatrix.org/blog/2008/07/08/kaminsky-breaks-dns/ I'm curious about the details of the attack. Paul

Re: Upper limit?

2008-07-05 Thread Steven M. Bellovin
On Fri, 04 Jul 2008 20:46:13 -0700 Allen [EMAIL PROTECTED] wrote: Is there an upper limit on the number of RSA Public/Private 1024 bit key pairs possible? If so what is the relationship of the number of 1024 bit to the number of 2048 and 4096 bit key pairs? There are limits, but they're

Re: Strength in Complexity?

2008-07-01 Thread Steven M. Bellovin
On Tue, 01 Jul 2008 12:12:26 -0700 Arshad Noor [EMAIL PROTECTED] wrote: The author of an article that appeared in InformationWeek this week (June 30, 2008) on Enterprise Key Management Infrastructure (EKMI): http://www.informationweek.com/shared/printableArticle.jhtml?articleID=208800937

Mystery on Fifth Avenue

2008-06-13 Thread Steven M. Bellovin
Off-topic, but (a) some crypto stuff, and (b) I think this group will appreciate it: http://www.nytimes.com/2008/06/12/garden/12puzzle.html --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography

Re: A call for aid in cracking a 1024-bit malware key

2008-06-11 Thread Steven M. Bellovin
On Wed, 11 Jun 2008 15:58:26 -0400 Jeffrey I. Schiller [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I bet the malware authors can change keys faster then we can factor them... To put it mildly. They can can even set up sophisticated structures to have lots of

A call for aid in cracking a 1024-bit malware key

2008-06-09 Thread Steven M. Bellovin
According to http://www.computerworld.com/action/article.do?command=viewArticleBasicarticleId=9094818intsrc=hm_list%3E%20articleId=9094818intsrc=hm_list some new malware is encrypting files with a 1024-bit RSA key. Victims are asked to pay a random to get their files decrypted. So -- can the key

Re: Protection mail at rest

2008-06-01 Thread Steven M. Bellovin
On Fri, 30 May 2008 15:04:34 -0400 (EDT) Leichter, Jerry [EMAIL PROTECTED] wrote: At one time, mail delivery was done to the end-user's system, and all mail was stored there. These days, most people find it convenient to leave their mail on a IMAP server: It can be accessed from anywhere,

Re: The perils of security tools

2008-05-25 Thread Steven M. Bellovin
On Sat, 24 May 2008 20:29:51 +0100 Ben Laurie [EMAIL PROTECTED] wrote: Of course, we have now persuaded even the most stubborn OS that randomness matters, and most of them make it available, so perhaps this concern is moot. Though I would be interested to know how well they do it! I did

Re: [ROS] The perils of security tools

2008-05-22 Thread Steven M. Bellovin
On Tue, 13 May 2008 12:10:16 -0400 Jonathan S. Shapiro [EMAIL PROTECTED] wrote: Ben's points are well taken, but there is one *small* piece of this where I have some sympathy for the Debian folks: What can we learn from this? Firstly, vendors should not be fixing problems (or, really,

Re: [ROS] The perils of security tools

2008-05-22 Thread Steven M. Bellovin
On Tue, 13 May 2008 23:00:57 +0100 Ben Laurie [EMAIL PROTECTED] wrote: Steven M. Bellovin wrote: On Tue, 13 May 2008 14:10:45 +0100 Ben Laurie [EMAIL PROTECTED] wrote: Debian have a stunning example of how blindly fixing problems pointed out by security tools can be disastrous

blacklisting the bad ssh keys?

2008-05-22 Thread Steven M. Bellovin
Given the published list of bad ssh keys due to the Debian mistake (see http://metasploit.com/users/hdm/tools/debian-openssl/), should sshd be updated to contain a blacklist of those keys? I suspect that a Bloom filter would be quite compact and efficient. --Steve Bellovin,

Re: User interface, security, and simplicity

2008-05-06 Thread Steven M. Bellovin
On Sun, 04 May 2008 11:22:51 +0100 Ben Laurie [EMAIL PROTECTED] wrote: Steven M. Bellovin wrote: On Sat, 03 May 2008 17:00:48 -0400 Perry E. Metzger [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] (Peter Gutmann) writes: I am left with the strong suspicion that SSL VPNs are easier

Re: User interface, security, and simplicity

2008-05-06 Thread Steven M. Bellovin
On Sat, 03 May 2008 19:50:01 -0400 Perry E. Metzger [EMAIL PROTECTED] wrote: Almost exclusively the use for such things is nailing up a tunnel to bring someone inside a private network. For that, there is no need for per user auth -- the general assumption is that the remote box is a single

Re: SSL and Malicious Hardware/Software

2008-05-03 Thread Steven M. Bellovin
On Fri, 2 May 2008 08:33:19 +0100 Arcane Jill [EMAIL PROTECTED] wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan Phillips Sent: 28 April 2008 23:13 To: Cryptography Subject: SSL and Malicious Hardware/Software I can't think of a great

Re: User interface, security, and simplicity

2008-05-03 Thread Steven M. Bellovin
On Sat, 03 May 2008 17:00:48 -0400 Perry E. Metzger [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] (Peter Gutmann) writes: I am left with the strong suspicion that SSL VPNs are easier to configure and use because a large percentage of their user population simply is not very sensitive to how

Re: privacy expectations Was: SSL and Malicious Hardware/Software

2008-04-30 Thread Steven M. Bellovin
On Wed, 30 Apr 2008 12:49:12 +0300 (IDT) Alexander Klimov [EMAIL PROTECTED] wrote: http://www.securityfocus.com/columnists/421/2: Lance Corporal Jennifer Long was issued a government computer to use on a government military network. When she was suspected of violations of the

Declassified NSA publications

2008-04-24 Thread Steven M. Bellovin
http://www.nsa.gov/public/crypt_spectrum.cfm --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: 2factor

2008-04-21 Thread Steven M. Bellovin
On Wed, 16 Apr 2008 14:07:49 -0400 [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Which seem to be aimed at a drop in replacement for SSL (with a working example using Firefox and Apache). They seem to rest on a key exchange or agreement based on a shared secret. As opposed to, say, RFC 4279,

Re: Still locked up Shannon crypto work?

2008-04-18 Thread Steven M. Bellovin
On Mon, 07 Apr 2008 08:53:44 -0700 Ed Gerck [EMAIL PROTECTED] wrote: Consider Shannon. He didn?t do just information theory. Several years before, he did some other good things and some which are still locked up in the security of cryptography. Shannon's crypto work that is still [1986]

Hagelin cipher machine for sale on Ebay

2008-03-30 Thread Steven M. Bellovin
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemih=005viewitem=item=150231089624rd=1 --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography

Re: How is DNSSEC

2008-03-27 Thread Steven M. Bellovin
On Fri, 21 Mar 2008 08:52:07 +1000 James A. Donald [EMAIL PROTECTED] wrote: From time to time I hear that DNSSEC is working fine, and on examining the matter I find it is working fine except that Seems to me that if DNSSEC is actually working fine, I should be able to provide an

Re: Protection for quasi-offline memory nabbing

2008-03-21 Thread Steven M. Bellovin
I've been thinking about similar issues. It seems to me that just destroying the key schedule is a big help -- enough bits will change in the key that data recovery using just the damaged key is hard, per comments in the paper itself.

NSA approves secure smart phone

2008-03-19 Thread Steven M. Bellovin
http://www.gcn.com/online/vol1_no1/45946-1.html --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: cold boot attacks on disk encryption

2008-03-15 Thread Steven M. Bellovin
On Thu, 21 Feb 2008 13:37:20 -0800 Ali, Saqib [EMAIL PROTECTED] wrote: Umm, pardon my bluntness, but what do you think the FDE stores the key in, if not DRAM? The encrypting device controller is a computer system with a CPU and memory. I can easily imagine what you'd need to build to do

Re: RNG for Padding

2008-03-15 Thread Steven M. Bellovin
On Fri, 7 Mar 2008 15:04:49 +0100 COMINT [EMAIL PROTECTED] wrote: Hi, This may be out of the remit of the list, if so a pointer to a more appropriate forum would be welcome. In Applied Crypto, the use of padding for CBC encryption is suggested to be met by ending the data block with a 1

Re: Toshiba shows 2Mbps hardware RNG

2008-02-15 Thread Steven M. Bellovin
On Wed, 13 Feb 2008 20:38:49 -0800 [EMAIL PROTECTED] wrote: - Original Message - From: Pat Farrell [EMAIL PROTECTED] To: Subject: Re: Toshiba shows 2Mbps hardware RNG Date: Sun, 10 Feb 2008 17:40:19 -0500 Perry E. Metzger wrote: [EMAIL PROTECTED] (Peter Gutmann)

Re: Dutch Transport Card Broken

2008-02-09 Thread Steven M. Bellovin
On Thu, 07 Feb 2008 17:37:02 +1300 [EMAIL PROTECTED] (Peter Gutmann) wrote: The real issues occur in two locations: 1. In the browser UI. 2. In the server processing, which no longer gets the password via an HTTP POST but as a side-effect of the TLS connect. (1) is a one-off cost for the

Re: Gutmann Soundwave Therapy

2008-02-06 Thread Steven M. Bellovin
On Mon, 4 Feb 2008 09:33:37 -0500 (EST) Leichter, Jerry [EMAIL PROTECTED] wrote: The NSA quote someone - Steve Bellovin? - has repeated comes to mind: Amateurs talk about algorithms. Professionals talk about economics. Using DTLS for VOIP provides you with an extremely high level of

Re: Dutch Transport Card Broken

2008-01-30 Thread Steven M. Bellovin
Why require contactless in the first place? Is swiping one's card, credit-card style too difficult for the average user? I'm thinking two parallel copper traces on the card could be used to power it for the duration of the swipe, with power provided by the reader. Why, in a

US reforming export controls

2008-01-29 Thread Steven M. Bellovin
The Bush administration is reforming the way export controls are administered; see http://www.fas.org/blog/ssp/2008/01/bush_administration_unveils_ne.php It's too soon to know if crypto will be affected; certainly, it's something to watch. --Steve Bellovin,

Typex

2008-01-24 Thread Steven M. Bellovin
A knowledgeable colleague (but who is nevertheless not a crypto expert) thinks he's seen something about Typex (the WW II British rotor machine) having been cracked. Does anyone know anything about that? A quick Google found nothing of the sort, but did find references showing that it was used

Re: SSL/TLS and port 587

2008-01-23 Thread Steven M. Bellovin
On Tue, 22 Jan 2008 10:38:24 -0800 Ed Gerck [EMAIL PROTECTED] wrote: List, I would like to address and request comments on the use of SSL/TLS and port 587 for email security. The often expressed idea that SSL/TLS and port 587 are somehow able to prevent warrantless wiretapping and so on,

Re: SSL/TLS and port 587

2008-01-23 Thread Steven M. Bellovin
On Tue, 22 Jan 2008 21:49:32 -0800 Ed Gerck [EMAIL PROTECTED] wrote: As I commented in the second paragraph, an attack at the ISP (where SSL/TLS is of no help) has been the dominant threat -- and that is why one of the main problems is called warrantless wiretapping. Further, because US law

Re: SSL/TLS and port 587

2008-01-23 Thread Steven M. Bellovin
On Wed, 23 Jan 2008 08:10:01 -0800 Ed Gerck [EMAIL PROTECTED] wrote: Steven M. Bellovin wrote: On Tue, 22 Jan 2008 21:49:32 -0800 Ed Gerck [EMAIL PROTECTED] wrote: As I commented in the second paragraph, an attack at the ISP (where SSL/TLS is of no help) has been the dominant threat

Emissions security

2008-01-18 Thread Steven M. Bellovin
http://www.technologynewsdaily.com/node/8965 (for those of you who don't take TEMPEST seriously) --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by sending

Re: US drafting plan to allow government access to any email or Web search

2008-01-15 Thread Steven M. Bellovin
On Tue, 15 Jan 2008 08:19:11 -0500 Perry E. Metzger [EMAIL PROTECTED] wrote: The PDF link points to: http://online.wsj.com/public/resources/documents/WashWire.pdf which I'm unable to access at the moment. I believe the proper URL is

Re: Death of antivirus software imminent

2008-01-14 Thread Steven M. Bellovin
On Fri, 11 Jan 2008 17:32:04 -0800 Alex Alten [EMAIL PROTECTED] wrote: Generally any standard encrypted protocols will probably eventually have to support some sort of CALEA capability. For example, using a Verisign ICA certificate to do MITM of SSL, or possibly requiring Ebay to provide

Fw: SHA-3 API

2008-01-06 Thread Steven M. Bellovin
Forwarded with permission. This is part of a discussion of the proposed SHA-3 API for the NIST competition. Those interested in discussing it should subscribe to the list; see http://csrc.nist.gov/groups/ST/hash/email_list.html for instructions. Begin forwarded message: Date: Fri, 4 Jan 2008

Re: DRM for batteries

2008-01-06 Thread Steven M. Bellovin
On Sat, 5 Jan 2008 15:28:50 -0800 Stephan Somogyi [EMAIL PROTECTED] wrote: At 16:38 +1300 04.01.2008, Peter Gutmann wrote: At $1.40 each (at least in sub-1K quantities) you wonder whether it's costing them more to add the DRM (spread over all battery sales) than any marginal gain in

Re: Death of antivirus software imminent

2008-01-03 Thread Steven M. Bellovin
On Thu, 03 Jan 2008 11:52:21 -0500 [EMAIL PROTECTED] wrote: The aspect of this that is directly relevant to this list is that while we have labored to make network comms safe in an unsafe transmission medium, the world has now reached the point where the odds favor the hypothesis that

Re: Flaws in OpenSSL FIPS Object Module

2007-12-11 Thread Steven M. Bellovin
On Mon, 10 Dec 2007 11:27:10 -0500 Vin McLellan [EMAIL PROTECTED] wrote: What does it say about the integrity of the FIPS program, and its CMTL evaluation process, when it is left to competitors to point out non-compliance of evaluated products -- proprietary or open source -- to basic

Re: Intercepting Microsoft wireless keyboard communications

2007-12-11 Thread Steven M. Bellovin
On Tue, 11 Dec 2007 13:49:19 +1000 James A. Donald [EMAIL PROTECTED] wrote: Steven M. Bellovin wrote: It's moderately complex if you're trying to conserve bandwidth (which translates to power) and preserve a datagram model. The latter constraint generally rules out stream ciphers

Re: Open-source PAL

2007-12-03 Thread Steven M. Bellovin
On Thu, 29 Nov 2007 16:05:00 -0500 Tim Dierks [EMAIL PROTECTED] wrote: A random thought that's been kicking around in my head: if someone were looking for a project, an open-source permissive action link ( http://www.cs.columbia.edu/~smb/nsam-160/pal.html is a good link, thank you Mr.

Fw: NIST announces approval of SP 800-38D specifying GCM

2007-11-28 Thread Steven M. Bellovin
Begin forwarded message: Date: Tue, 27 Nov 2007 16:22:51 -0500 From: Morris Dworkin [EMAIL PROTECTED] To: undisclosed-recipients:; Subject: NIST announces approval of SP 800-38D specifying GCM FYI, yesterday NIST announced the approval of Special Publication 800-38D, which specifies

Re: refactoring crypto handshakes (SSL in 3 easy steps)

2007-11-16 Thread Steven M. Bellovin
On Wed, 14 Nov 2007 13:45:37 -0600 [EMAIL PROTECTED] wrote: I wonder if we here could develop a handshake that was cryptographically secure, resistant to CPU DoS now, and would be possible to adjust as we get faster at doing crypto operations to reduce latency even further. Basically an

Re: refactoring crypto handshakes (SSL in 3 easy steps)

2007-11-15 Thread Steven M. Bellovin
There was a paper by Li Gong at an early CCS -- '93, I think, though it might have been '94 -- on the number of messages different types of authentication protocol took. It would be a good starting point. - The Cryptography

Re: Password hashing

2007-10-12 Thread Steven M. Bellovin
On Thu, 11 Oct 2007 22:19:18 -0700 james hughes [EMAIL PROTECTED] wrote: A proposal for a new password hashing based on SHA-256 or SHA-512 has been proposed by RedHat but to my knowledge has not had any rigorous analysis. The motivation for this is to replace MD-5 based password hashing at

Re: Seagate announces hardware FDE for laptop and desktop machines

2007-10-02 Thread Steven M. Bellovin
On Tue, 02 Oct 2007 15:50:27 +0200 Simon Josefsson [EMAIL PROTECTED] wrote: It sounds to me as if they are storing the AES key used for bulk encryption somewhere on the disk, and that it can be unlocked via the password. I'd say decrypted by the password, rather than unlocked, but that's

Re: OK, shall we savage another security solution?

2007-09-19 Thread Steven M. Bellovin
On Wed, 19 Sep 2007 09:29:53 +0100 Dave Korn [EMAIL PROTECTED] wrote: On 18 September 2007 23:22, Leichter, Jerry wrote: Anyone know anything about the Yoggie Pico (www.yoggie.com)? It claims to do much more than the Ironkey, though the language is a bit less marketing-speak. On the

open source digital cash packages

2007-09-17 Thread Steven M. Bellovin
Are there any open source digital cash packages available? I need one as part of another research project. --Steve Bellovin, http://www.cs.columbia.edu/~smb - The Cryptography Mailing List Unsubscribe by

Re: using SRAM state as a source of randomness

2007-09-17 Thread Steven M. Bellovin
On Mon, 17 Sep 2007 11:20:32 -0700 Netsecurity [EMAIL PROTECTED] wrote: Back in the late 60's I was playing with audio and a magazine I subscribed to had a circut for creating warble tones for standing wave and room resonance testing. The relevance of this is that they were using a random

  1   2   3   >