Re: [Cryptography] Snowden fabricated digital keys to get access to NSA servers?

2013-06-28 Thread Udhay Shankar N
On Sat, Jun 29, 2013 at 4:30 AM, John Gilmore g...@toad.com wrote:

 [John here.  Let's try some speculation about what this phrase,
 fabricating digital keys, might mean.]

Perhaps something conceptually similar to PGP's Additional Decryption
Key [1]? If the infrastructure is in place for this, perhaps one might
be able to generate a key on demand, with the appropriate access
permissions.

Udhay

[1] http://www.symantec.com/business/support/index?page=contentid=TECH149500

-- 
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))
___
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography


1024 bit RSA cracked?

2010-03-16 Thread Udhay Shankar N
Anyone know more?

http://news.techworld.com/security/3214360/rsa-1024-bit-private-key-encryption-cracked/

RSA 1024-bit private key encryption cracked
Researchers find weakness in security system

By Network World Staff | Network World US
Published: 13:26 GMT, 05 March 10

Three University of Michigan computer scientists say they have found a
way to exploit a weakness in RSA security technology used to protect
everything from media players to smartphones and ecommerce servers.

RSA authentication is susceptible, they say, to changes in the voltage
supply to a private key holder. The researchers – Andrea Pellegrini,
Valeria Bertacco and Todd Austin - outline their findings in a paper
titled “Fault-based attack of RSA authentication”  to be presented 10
March at the Design, Automation and Test in Europe conference.

The RSA algorithm gives security under the assumption that as long as
the private key is private, you can't break in unless you guess it.
We've shown that that's not true, said Valeria Bertacco, an associate
professor in the Department of Electrical Engineering and Computer
Science, in a statement.

The RSA algorithm was introduced in a 1978 paper outlining the
public-key cryptosystem. The annual RSA security conference is being
held this week in San Francisco.

While guessing the 1,000-plus digits of binary code in a private key
would take unfathomable hours, the researchers say that by varying
electric current to a secured computer using an inexpensive
purpose-built device they were able to stress out the computer and
figure out the 1,024-bit private key in about 100 hours – all without
leaving a trace.

The researchers in their paper outline how they made the attack on a
SPARC system running Linux. They also say they have come up with a
solution, which involves a cryptographic technique called salting that
involves randomly juggling a private key's digits.

The research is funded by the National Science Foundation and the
Gigascale Systems Research Center.

-- 
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: What will happen to your crypto keys when you die?

2009-07-01 Thread Udhay Shankar N
Udhay Shankar N wrote, [on 5/29/2009 9:02 AM]:
 Fascinating discussion at boing boing that will probably be of interest
 to this list.
 
 http://www.boingboing.net/2009/05/27/what-will-happen-to.html

Followup article by Cory Doctorow:

http://www.guardian.co.uk/technology/2009/jun/30/data-protection-internet

Udhay
-- 
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Popular explanation of fully homomorphic encryption wanted

2009-06-16 Thread Udhay Shankar N
from http://en.wikipedia.org/wiki/Homomorphic_encryption :

 The utility of fully homomorphic encryption has been long
 recognized. The problem of constructing such a scheme was first
 proposed within a year of the development of RSA.[1] A solution proved
 more elusive; for more than 30 years, it was unclear whether fully
 homomorphic encryption was even possible. During this period, the best
 result was the Boneh-Goh-Nissim cryptosystem which supports evaluation
 of an unlimited number of addition operations but at most one
 multiplication.
 
 The question was finally resolved in 2009 with the development of the
 first true fully homomorphic cryptosystem. The scheme, constructed by
 Craig Gentry, employs lattice based encryption and allows evaluation
 of both addition and multiplication operations without restriction.[2]
 
 References
 
1. ^ R. L. Rivest, L. Adleman, and M. L. Dertouzos. On data banks
   and privacy homomorphisms. In Foundations of Secure Computation,
   1978. 
2. ^ Craig Gentry. On homomorphic encryption over circuits of
   arbitrary depth. In the 41st ACM Symposium on Theory of Computing
   (STOC), 2009. 

I was wondering if anyone on this list could recommend a good,
entry-level piece on the Gentry paper referenced above, and its
implications. Failing which, anyone wants to take a stab at it?

Udhay

-- 
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


What will happen to your crypto keys when you die?

2009-05-29 Thread Udhay Shankar N
Fascinating discussion at boing boing that will probably be of interest
to this list.

http://www.boingboing.net/2009/05/27/what-will-happen-to.html

Udhay
-- 
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com


Re: privacy in public places

2008-08-30 Thread Udhay Shankar N

Perry E. Metzger wrote, [on 8/28/2008 10:09 PM]:


Given this, I think the time for focusing on the privacy implications
of payment transponders and fare cars is over. Not carrying a cell
phone will not help you avoid tracking when your environment is
saturated with cameras. Digital cash toll collection systems will not
avoid records being kept of your car's movements when cameras are
reading and recording license plates anyway.

Unfortunately, I don't see anything technological that people can
reasonably do here to provide more privacy, at least short of everyone
going everywhere on foot while wearing a burqa and periodically
attempting to confuse the cameras. The solutions, if any exist at all,
appear to be non-technical.


Isn't this essentially what David Brin has been saying for several years 
 now? [1] [2]


Udhay

[1] http://en.wikipedia.org/wiki/The_Transparent_Society
[2] http://www.davidbrin.com/privacyarticles.html

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Kaminsky finds DNS exploit

2008-07-09 Thread Udhay Shankar N
I think Dan Kaminsky is on this list. Any other tidbits you can add 
prior to Black Hat?


Udhay

http://www.liquidmatrix.org/blog/2008/07/08/kaminsky-breaks-dns/

Kaminsky Breaks DNS

Author: Dave Lewis
July 8, 2008 at 2:21 pm · Filed under Patches, Vulnerability

Well, sort of.

Today Dan Kaminsky released a first, as far as I can recall. A 
coordinated patch was released today by Dan Kaminsky of IO Active that 
fixes a vulnerability that apparently exists in all DNS servers.


Unlike other researchers who give up the gory details, Kaminsky took a 
wiser path by smiling and nodding. He’ll give up the goods at Black Hat 
in August. That should give folks enough time to patch their systems.


snip
--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Traffic analysis reveals spy satellite details

2008-02-06 Thread Udhay Shankar N

http://www.nytimes.com/2008/02/05/science/space/05spotters.html

When the government announced last month that a top-secret spy satellite 
would, in the next few months, come falling out of the sky, American 
officials said there was little risk to people because satellites fall 
out of orbit fairly frequently and much of the planet is covered by oceans.


But they said precious little about the satellite itself.

Such information came instead from Ted Molczan, a hobbyist who tracks 
satellites from his apartment balcony in Toronto, and fellow satellite 
spotters around the world. They have grudgingly become accustomed to 
being seen as “propeller-headed geeks” who “poke their finger in the 
eye” of the government’s satellite spymasters, Mr. Molczan said, taking 
no offense. “I have a sense of humor,” he said.


Mr. Molczan, a private energy conservation consultant, is the best known 
of the satellite spotters who, needing little more than a pair of 
binoculars, a stop watch and star charts, uncover some of the deepest of 
the government’s expensive secrets and share them on the Internet.


snip
--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Interesting editorial comment on security vs. privacy

2008-02-03 Thread Udhay Shankar N

http://www.claybennett.com/pages/security_fence.html

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Hackers target C-level execs and their families

2007-07-05 Thread Udhay Shankar N
Hasn't this already been going on a while? I'm only surprised there 
hasn't been a big public incident yet.


Udhay


http://www.computerworld.com/action/article.do?command=viewArticleBasictaxonomyName=securityarticleId=9026048http://www.computerworld.com/action/article.do?command=viewArticleBasictaxonomyName=securityarticleId=9026048

By Jeremy Kirk
July 02, 2007
IDG News Service

Hackers appear to have stepped up their efforts over the past year to
trick corporate executives into downloading malicious software that can
steal company data, according to new data released today.

MessageLabs Ltd., a security vendor that offers e-mail filtering
services to catch spam and malicious attachments, caught an average of
10 e-mails per day in May targeted at people in senior management
positions, up from just one a day during the previous year, said Mark
Sunner, chief security analyst.

Those 10 e-mails are a tiny percentage of the 200 million e-mails that
MessageLabs scans every day, but the composition of those messages is
alarming, Sunner said.

Many of the e-mails contained the name and title of the executive in the
subject line, as well as a malicious Microsoft Word document containing
executable code. The hackers are trying to trick the victims into
thinking the messages come from someone they know, in the hope that the
victim will willingly install, for example, a program that can record
keystrokes.

MessageLabs won't reveal what companies have been targeted, but it has
contacted executives who have been names in the e-mails and discovered
that the family members of the executives have also received messages on
their own, noncorporate e-mail accounts, Sunner said.

Those methods suggests that hackers may be researching victims and
culling data from social networking sites such as Linked In, MySpace or
Facebook, Sunner said.

If you really want to work out somebody's background ... you can
actually find out a lot, Sunner said.

Tricking a relative into installing malicious code would offer the
hacker another way to collect sensitive data if an executive decides to
do some work on a home computer, Sunner said.

In June, MessageLabs picked up more than 500 of these targeted messages,
with some 30% aimed at chief investment officers, a position that can
include handling mergers and acquisitions. Other positions targeted
include directors of research and development, company presidents, CEOs,
chief information officers and chief financial officers.

Another danger is that the e-mails are often single messages sent to a
single person, rather than a mass spam run. When hackers send out
millions of messages, security companies often either update their
software or change their spam filters to trap the bad messages.

But single messages have a higher chance of slipping through, although
Sunner said MessageLabs' filtering service catches the messages by
analyzing the e-mail's attachment and determining whether it is
potentially harmful. Other security companies catch malware by updating
their software with indicators, or signatures, to detect harmful code or
block code from running based on what it does on a computer, a
technology called behavioral detection.

Tracing where the messages come from is difficult because the sender's
name is always fake, Sunner said. The IP addresses from which the
messages were sent indicate that the computers are located around the
world. Hackers often use networks of computers they already control,
called botnets, to send e-mails.

Certainly, people need to raise the level of vigilance, Sunner said.




--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: A crazy thought?

2007-06-09 Thread Udhay Shankar N

At 06:28 AM 5/27/2007, Allen wrote:

Validating a digital signature requires getting the public key from 
some source, like a CA, or a publicly accessible database and 
decrypting the signature to validate that the private key associated 
with the public key created the digital signature, or open message.


Which lead me to the thought of trust in the repository for the 
public key. Here in the USA, there is a long history of behind the 
scenes cooperation by various large companies with the forces of 
the law, like the wiretap in the ATT wire room, etc.


What is to prevent this from happening at a CA and it not being 
known for a lengthy period of time? Jurors have been suborned for 
political reasons, why not CAs? Would you, could you trust a CA 
based in a country with a low ethics standard or a low regard for human rights?


Which lead me to the thought that if it is possible, what could be 
done to reduce the risk of it happening?


This (if I'm understanding you correctly) is exactly the thing that 
the web of trust [1] is intended to address. One issue with the web 
of trust is how to bootstrap it. My understanding is that in the case 
of PGP, this was handled by Zimmermann publishing his public key in 
the (dead-trees) version of his book.


Udhay

[1] http://en.wikipedia.org/wiki/Web_of_trust

--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: The best riddle you wil hear today...

2007-05-02 Thread Udhay Shankar N

At 10:27 AM 5/2/2007, Aram Perez wrote:


http://farm1.static.flickr.com/191/480556169_6d731d2416_o.jpg


From another list:


This was one of my faves bits of html from last night

tr
td bgcolor=#09f911/td
td bgcolor=#029d74/td
/tr
tr
td bgcolor=#e35bd8/td
td bgcolor=#4156c5/td
/tr
tr
td bgcolor=#635688/td
td bgcolor=#c0/td
/tr
/table

Makes a nice flag..fly it


--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Startup to launch new random number generator from space

2006-12-21 Thread Udhay Shankar N

http://news.zdnet.com/2100-1009_22-6142935.html

British start-up Yuzoz has announced that it will be launching its 
beta service in the next two weeks--an online random-number generator 
driven by astronomical events.


Working with data from satellites and observatories, Yuzoz will use 
the solar wind, the clouds of Venus, the Northern Lights, Jupiter's 
shortwave emissions and other cosmic events to generate 200 choices 
per second.


While the beta service will use only a single source--the solar 
wind--to deliver a selection of numbers, the full service, due at the 
end of January, will have many more options, including the ability to 
give the site a list of choices and have it pick one.


snip
--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Are laptop search seizures increasing use of disk crypto?

2006-10-26 Thread Udhay Shankar N
Like the subject says - I'm curious whether the current regime of 
inspection and forensic analysis of laptops, primarily in the US, 
has affected corporate policies regarding disk crypto.


Is there anybody studying this? Any resources available online?

Thanks,
Udhay

--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


U. Washington Crypto Course Available Online For Free

2006-06-06 Thread Udhay Shankar N
http://it.slashdot.org/article.pl?sid=06/06/04/1311243


-- 
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


time reversal acoustics

2006-04-22 Thread Udhay Shankar N
I found this off a link from Schneier's newsletter. Can anybody 
comment on this?


Udhay

http://www.physorg.com/news12093.html

For every burst of sound, there must exist a sound that bursts in 
reverse, according to the theory of time reversal acoustics. From 
their discoveries of some surprising characteristics of mediums and 
frequencies, scientists have gained insight into acoustic time 
reversal, which could impact applications such as sending 
confidential messages in cryptography.



--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NPR : E-Mail Encryption Rare in Everyday Use

2006-03-01 Thread Udhay Shankar N

At 04:52 PM 2/26/2006, Ben Laurie wrote:


Don't forget that the ability to decrypt is just as good as a signature
to prove association of the key.


All it needs is for one successful trojan that steals your private 
key/passphrase and plausible deniability is available again. :)


Does anybody know if there were followups to the Caligula virus, 
which was a proof-of-concept that stole PGP keyrings?


Udhay

--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


no visas for Chinese cryptologists

2005-08-17 Thread Udhay Shankar N



http://nytimes.com/2005/08/17/business/worldbusiness/17code.html

Chinese Cryptologists Get Invitations to a U.S. Conference, but No Visas

By JOHN MARKOFF
Published: August 17, 2005

SAN FRANCISCO, Aug. 16 - Last year a Chinese mathematician, Xiaoyun Wang, 
shook up the insular world of code breakers by exposing a new vulnerability 
in a crucial American standard for data encryption. On Monday, she was 
scheduled to explain her discovery in a keynote address to an international 
group of researchers meeting in California.


But a stand-in had to take her place, because she was not able to enter the 
country. Indeed, only one of nine Chinese researchers who sought to enter 
the country for the conference received a visa in time to attend.


Although none of the scientists were officially denied visas by the United 
States Consulate, officials at the State Department and National Academy of 
Sciences said this week that the situation was not uncommon.


Lengthy delays in issuing visas are now routine, they said, particularly 
for those involved in sensitive scientific and technical fields.


The visa snag angered organizers of the annual meeting of the International 
Cryptology Conference, who argued that restrictions originally created to 
prevent the transfer of advanced technologies from the United States are 
now having the opposite effect.


snip


--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Ostiary

2005-08-02 Thread Udhay Shankar N

Sounds interesting. Has anybody used this, and are there any comments?

Udhay

http://ingles.homeunix.org/software/ost/


Tools like ssh and lsh are great for allowing secure remote access to your 
system. They offer essentially full, flexible remote control of a machine, 
in an ecrypted and authenticated manner. But they are complex pieces of 
software; there's no way to do what they do without being complex. And with 
complexity comes bugs. Tools like ssh and lsh, and VPNs like CIPE, PPTP, 
and more have all had serious flaws that would allow an attacker to get 
full control over your system.


If you leave such programs running all the time, you take the risk that 
someone is going to use an exploit on you before you have a chance to apply 
a patch. For some purposes, this is an acceptable - even necessary - 
tradeoff, but it would be nice to enable them only when actually needed, to 
minimize the risk. And for other purposes, ssh et. al. are overkill. 
Perhaps you only really need to remotely initiate a limited set of 
operations. In this case, you don't need a shell prompt, just a way to 
securely kick off scripts from elsewhere.


Enter 'Ostiary'. It is designed to allow you to run a fixed set of commands 
remotely, without giving everyone else access to the same commands. It is 
designed to do exactly and only what is necessary for this, and no more. 
The only argument given to the command is the IP address of the client, and 
only if the authentication is successful. The following are the key design 
goals:


   * First, do no harm. It should not be possible to use the Ostiary 
system itself to damage the host it's running on. In particular, it's 
willing to accept false negatives (denying access to legitimate users) in 
order to prevent false positives (allowing access to invalid users).
   * Insofar as possible, eliminate any possibility of bugs causing 
undesired operations. Buffer overflows, timing attacks, etc. should be 
impossible for an external attacker to execute. There's no point in 
installing security software if it makes you less secure.
   * Be extremely modest in memory and CPU requirements. I want to be able 
to fire off commands on my webserver (running on a Mac SE/30, a 16MHz 68030 
machine) from my Palm Pilot (a 16MHz 68000 machine). Things like ssh 
already take 30 seconds or more to start up - I can't afford anything too 
fancy.
   * Keep things simple. I'm no crypto expert; I know I'm not capable of 
coming up with an ssh replacement. So I need to keep things so utterly 
simple that I can be sure I'm not missing anything important.





--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Last WWII Comanche code talker dies in Oklahoma

2005-08-02 Thread Udhay Shankar N

At 04:55 AM 8/2/2005, Andreas Hasenack wrote:


 Last WWII Comanche code talker dies in Oklahoma

Wasn't that navajo instead?


From the article:

Chibitty joined the Army in 1941 at Ft. Sill, Oklahoma, when he and other 
Comanches heard the Army wanted them. Navajo Indians were used for the 
same purpose in the Pacific theater.


By the time the code talkers got to England, the Allies had amassed the 
largest invasion force in history.


Chibitty's unit landed on June 6, 1944, with Brig. Gen. Theodore Roosevelt 
Jr. on Utah beach, but in the wrong place. One of the code talkers sent 
the first message of D-Day: Right beach, wrong place.



--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Last WWII Comanche code talker dies in Oklahoma

2005-08-01 Thread Udhay Shankar N
[resending this, after it didn't reach the list first time. I seem to have 
fallen off the list, and am back on now. I hope this isn't a repeat. /udhay]


http://aolsvc.news.aol.com/news/article.adp?id=20050721170009990017

Last WWII Comanche code talker dies in Oklahoma
By Ben Fenwick, Reuters

OKLAHOMA CITY, Oklahoma (Reuters) - The last surviving Comanche code 
talker from World War Two, Charles Chibitty, has died at a nursing home in 
Tulsa, Oklahoma, a tribal spokeswoman said Thursday.


Chibitty, who died Wednesday at age 83, was one of the 14 Comanche 
tribesmen who transmitted radio messages in their native language during 
the D-Day invasion of Normandy in 1944.


In a 2002 speech Chibitty said: I wonder what the hell Hitler thought when 
he heard those strange voices over there, when we hit D-Day at Utah Beach. 
Now old Hitler, he's probably scratching his head yet down in his grave.


He said they called Nazi dictator Adolph Hitler posah tai vo which means 
crazy white man.


The Germans could not understand them, thus the Comanches were called code 
talkers.


snip

--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Conspiracy Theory O' The Day

2005-01-04 Thread Udhay Shankar N
I just got a batch of spam: perfectly justified blocks of random-looking 
characters. Makes me wonder if somebody is trying to train Bayesian filters 
to reject PGP messages.

Udhay
--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


QotD

2004-11-30 Thread Udhay Shankar N
found at http://webpages.charter.net/allanms/2004/07/instant-immortality.html
Amateurs study cryptography; professionals study economics.
(Bob Hettinga, this is your cue. :)
Udhay
--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Electonic Voting

2004-11-06 Thread Udhay Shankar N
Very timely.
Udhay
http://www.infosecwriters.com/hhworld/hh9/voting.txt
 Hitchhiker's World (Issue #9)
 http://www.infosecwriters.com/hhworld/
Observable Elections

Vipul Ved Prakash mail @ vipul.net
November 2004
This is an interesting time for electronic voting. India,
the largest democracy in the world, went completely paper-
free for its general elections earlier this year. For the
first time, some 387 million people expressed their
electoral right electronically. Despite initial concerns
about security and correctness of the system, the election
process was a smashing success. Over a million electronic
voting machines (EVMs) were deployed, 8000 metric tonnes of
paper saved[1] and the results made public within few hours
of the final vote. Given the quarrelsome and heavily
litigated nature of Indian democracy, a lot of us were
expecting post-election drama, but only a few, if any,
fingers were found pointing.
Things didn't fare so well in the United States.
SNIP, rest at URL
--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Public FTP Space (was looking for sites to host my crypto...)

2004-07-15 Thread Udhay Shankar N
At 04:56 AM 7/14/2004, J.A. Terranson wrote:
Recently a list member requested public ftp/web space for the hosting of
various crypto files.
Also see: http://munitions.vipul.net/
For Linux-based crypto software only, AFAIK. Multi-homed, hosted outside 
the US.

Udhay
--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: ADMIN: 'subscribers only' posting

2004-05-27 Thread Udhay Shankar N

Perry E. Metzger said:

 Those of you who habitually post from an address other than the one
 you are subscribed under can ask me to put you on a special list of
 people who can post but are not subscribed.

I sympathise. However, some non-zero amount of the traffic on this
list is being sent through remailers. What happens to that?

Udhay
-- 
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Seth Schoen posts paper on trusted computing

2003-10-06 Thread Udhay Shankar N
via boingboing:

http://boingboing.net/2003_10_01_archive.html#106512302120071226

EFF's Trusted Computing white-paper

My colleague Seth Schoen has finished his long-awaited, brilliant 
white-paper on Trusted Computing. Seth has been briefed as an outside 
technical analyst by all the companies working of Trusted Computing 
architecture, and has had his paper vetted by some of the leading security 
experts in the field. This is the most exhaustive, well-reasoned, balanced 
analysis of Trusted Computing you can read today. Don't miss it.

Remote attestation is the most significant and the most revolutionary of 
the four major feature groups described by Microsoft. Broadly, it aims to 
allow unauthorized changes to software to be detected. If an attacker has 
replaced one of your applications, or a part of your operating system with 
a maliciously altered version, you should be able to tell. Because the 
attestation is remote, others with whom you interact should be able to 
tell, too. Thus, they can avoid sending sensitive data to a compromised 
system. If your computer should be broken into, other computers can refrain 
from sending private information to it, at least until it has been fixed. 
While remote attestation is obviously useful, the current TCG approach to 
attestation is flawed. TCG attestation conspicuously fails to distinguish 
between applications that protect computer owners against attack and 
applications that protect a computer against its owner. In effect, the 
computer's owner is sometimes treated as just another attacker or adversary 
who must be prevented from breaking in and altering the computer's software.

link: http://www.eff.org/Infra/trusted_computing/20031001_tc.php

--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]