Re: TPM disk crypto

2006-10-13 Thread cyphrpunk
On 10/10/06, Adam Back [EMAIL PROTECTED] wrote: I think the current CPUs / memory managers do not have the ring -1 / curtained memory features, but already a year ago or more Intel and AMD were talking about these features. So its possible the for example hypervisor extra virtualization

Re: TPM disk crypto

2006-10-13 Thread cyphrpunk
Here is a posting from the cypherpunks mailing list describing the capabilities of Intel's new virtualization/TPM technology. Gets a bit ranty but still good information. CP -- Forwarded message -- From: Anonymous Remailer (austria) [EMAIL PROTECTED] Date: Fri, 29 Sep 2006

Re: TPM disk crypto

2006-10-13 Thread cyphrpunk
On 10/13/06, Kuehn, Ulrich [EMAIL PROTECTED] wrote: With reliably stopping the boot process I mean the following: Given that stage i of the process is running, it takes the hash of the next stage, compares that to an expected value. If they match, the current stage extends the TPM register (when

Re: TPM disk crypto

2006-10-12 Thread cyphrpunk
On 10/10/06, Brian Gladman [EMAIL PROTECTED] wrote: I haven't been keeping up to date with this trusted computing stuff over the last two years but when I was last involved it was accepted that it was vital that the owner of a machine (not necessarily the user) should be able to do the sort of

Re: [Clips] Feds mull regulation of quantum computers

2005-11-13 Thread cyphrpunk
WASHINGTON--Quantum computers don't exist outside the laboratory. But the U.S. government appears to be exploring whether it should be illegal to ship them overseas. A federal advisory committee met Wednesday to hear an IBM presentation about just how advanced quantum computers have

Re: Symmetric ciphers as hash functions

2005-11-07 Thread cyphrpunk
On 10/30/05, Arash Partow [EMAIL PROTECTED] wrote: How does one properly use a symmetric cipher as a cryptographic hash function? I seem to be going around in circles. The usual method is to feed the data into the key slot of the cipher, and to use a fixed IV in the plaintext slot. Then, add

Re: HTTPS mutual authentication alpha release - please test

2005-11-07 Thread cyphrpunk
On 10/31/05, Nick Owen [EMAIL PROTECTED] wrote: The system works this way: Each WiKID domain now can include a 'registered URL' field and a hash that website's SSL certificate. When a user wants to log onto a secure web site, they start the WiKID token and enter their PIN. The PIN is

Re: On the orthogonality of anonymity to current market demand

2005-11-07 Thread cyphrpunk
On 11/6/05, Travis H. [EMAIL PROTECTED] wrote: Personally, I'm less suprised by my own software (and, presumably, key-handling) than vendor software, most of the time. I think TCPA is about control, and call me paranoid, but ultimate control isn't something I'm willing to concede to any

Re: On Digital Cash-like Payment Systems

2005-11-07 Thread cyphrpunk
On 11/4/05, Travis H. [EMAIL PROTECTED] wrote: By my calculations, it looks like you could take a keypair n,e,d and some integer x and let e'=e^x and d'=d^x, and RSA would still work, albeit slowly. Reminds me of blinding, to some extent, except we're working with key material and not

Re: [EMAIL PROTECTED]: Skype security evaluation]

2005-11-04 Thread cyphrpunk
On 10/31/05, Kuehn, Ulrich [EMAIL PROTECTED] wrote: There are results available on this issue: First, a paper by Boneh, Joux, and Nguyen Why Textbook ElGamal and RSA Encryption are Insecure, showing that you can essentially half the number of bits in the message, i.e. in this case the

Re: HTTPS mutual authentication alpha release - please test

2005-11-04 Thread cyphrpunk
On 11/3/05, Nick Owen [EMAIL PROTECTED] wrote: The token client pulls down a hash of the certificate from the WiKID server. It pulls the certificate from the website and performs a hash on it. It compares the two hashes and if they match, presents the user with the OTP and the message: This

Re: HTTPS mutual authentication alpha release - please test

2005-11-04 Thread cyphrpunk
On 11/3/05, Nick Owen [EMAIL PROTECTED] wrote: cyphrpunk wrote: On 10/31/05, Nick Owen [EMAIL PROTECTED] wrote: The system works this way: Each WiKID domain now can include a 'registered URL' field and a hash that website's SSL certificate. When a user wants to log onto a secure web site

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-31 Thread cyphrpunk
On 10/25/05, Travis H. [EMAIL PROTECTED] wrote: More on topic, I recently heard about a scam involving differential reversibility between two remote payment systems. The fraudster sends you an email asking you to make a Western Union payment to a third party, and deposits the requested amount

Re: [EMAIL PROTECTED]: Skype security evaluation]

2005-10-31 Thread cyphrpunk
Wasn't there a rumor last year that Skype didn't do any encryption padding, it just did a straight exponentiation of the plaintext? Would that be safe, if as the report suggests, the data being encrypted is 128 random bits (and assuming the encryption exponent is considerably bigger than 3)?

Re: On Digital Cash-like Payment Systems

2005-10-31 Thread cyphrpunk
On 10/26/05, James A. Donald [EMAIL PROTECTED] wrote: How does one inflate a key? Just make it bigger by adding redundancy and padding, before you encrypt it and store it on your disk. That way the attacker who wants to steal your keyring sees a 4 GB encrypted file which actually holds about a

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-31 Thread cyphrpunk
One other point with regard to Daniel Nagy's paper at http://www.epointsystem.org/~nagydani/ICETE2005.pdf A good way to organize papers like this is to first present the desired properties of systems like yours (and optionally show that other systems fail to meet one or more of these properties);

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-31 Thread cyphrpunk
On 10/28/05, Daniel A. Nagy [EMAIL PROTECTED] wrote: Irreversibility of transactions hinges on two features of the proposed systetm: the fundamentally irreversible nature of publishing information in the public records and the fact that in order to invalidate a secret, one needs to know it;

Re: [EMAIL PROTECTED]: Skype security evaluation]

2005-10-25 Thread cyphrpunk
On 10/23/05, Travis H. [EMAIL PROTECTED] wrote: My understanding of the peer-to-peer key agreement protocol (hereafter p2pka) is based on section 3.3 and 3.4.2 and is something like this: A - B: N_ab B - A: N_ba B - A: Sign{f(N_ab)}_a A - B: Sign{f(N_ba)}_b A - B: Sign{A, K_a}_SKYPE B -

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-25 Thread cyphrpunk
On 10/22/05, Ian G [EMAIL PROTECTED] wrote: R. Hirschfeld wrote: This is not strictly correct. The payer can reveal the blinding factor, making the payment traceable. I believe Chaum deliberately chose for one-way untraceability (untraceable by the payee but not by the payer) in order

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-25 Thread cyphrpunk
On 10/24/05, Steve Schear [EMAIL PROTECTED] wrote: I don't think E-gold ever held out its system as non-reversible with proper court order. All reverses I am aware happened either due to some technical problem with their system or an order from a court of competence in the matter at hand.

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-25 Thread cyphrpunk
On 10/24/05, John Kelsey [EMAIL PROTECTED] wrote: More to the point, an irreversible payment system raises big practical problems in a world full of very hard-to-secure PCs running the relevant software. One exploitable software bug, properly used, can steal an enormous amount of money in an

Re: [PracticalSecurity] Anonymity - great technology but hardly used

2005-10-25 Thread cyphrpunk
http://www.hbarel.com/Blog/entry0006.html I believe that for anonymity and pseudonymity technologies to survive they have to be applied to applications that require them by design, rather than to mass-market applications that can also do (cheaper) without. If anonymity mechanisms are

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-like Payment Systems

2005-10-21 Thread cyphrpunk
As far as the issue of receipts in Chaumian ecash, there have been a couple of approaches discussed. The simplest goes like this. If Alice will pay Bob, Bob supplies Alice with a blinded proto-coin, along with a signed statement, I will perform service X if Alice supplies me with a mint signature

Re: Hooking nym to wikipedia

2005-10-04 Thread cyphrpunk
On 10/3/05, Jason Holt [EMAIL PROTECTED] wrote: More thoughts regarding the tokens vs. certs decision, and also multi-use: This is a good summary of the issues. With regard to turning client certs on and off: from many years of experience with anonymous and pseudonymous communication, the big

Re: nym-0.2 released (fwd)

2005-10-02 Thread cyphrpunk
A few comments on the implementation details of http://www.lunkwill.org/src/nym/: 1. Limting token requests by IP doesn't work in today's internet. Most customers have dynamic IPs. Either they won't be able to get tokens, because someone else has already gotten one using their temporary IP, or

Re: nym-0.2 released (fwd)

2005-10-02 Thread cyphrpunk
On 10/1/05, Jason Holt [EMAIL PROTECTED] wrote: The reason I have separate token and cert servers is that I want to end up with a client cert that can be used in unmodified browsers and servers. The certs don't have to have personal information in them, but with indirection we cheaply get the

Re: nym-0.2 released (fwd)

2005-10-01 Thread cyphrpunk
On 9/30/05, Jason Holt [EMAIL PROTECTED] wrote: http://www.lunkwill.org/src/nym/ ... My proposal for using this to enable tor users to play at Wikipedia is as follows: 1. Install a token server on a public IP. The token server can optionally be provided Wikipedia's blocked-IP list and