Re: Circle Bank plays with two-factor authentication

2006-10-03 Thread leichter_jerrold
| Have you seen the technique used at ? Sounds | a lot like your original idea. Nah - more clever than what I had (which was meant for an age when you couldn't carry any computation with you, and things you interacted with on a day by day basis didn't have

Recovering data from encrypted disks, broken CD's

2006-07-29 Thread leichter_jerrold
From a Computerworld blog. --Jerry When encryption doesn't work By Robert L. Mitchell on Wed, 07/26/2006 - 12:00pm In my interview with Ontrack Data Recovery this week (see Recovery specialists bring data back from the dead:

Re: Interesting bit of a quote

2006-07-13 Thread leichter_jerrold
On Thu, 13 Jul 2006, John Kelsey wrote: | From: Anne Lynn Wheeler [EMAIL PROTECTED] | ... | my slightly different perspective is that audits in the past have | somewhat been looking for inconsistencies from independent sources. this | worked in the days of paper books from multiple different

Re: Interesting bit of a quote

2006-07-12 Thread leichter_jerrold
On Tue, 11 Jul 2006, Anne Lynn Wheeler wrote: | ...independent operation/sources/entities have been used for a variety of | different purposes. however, my claim has been then auditing has been used to | look for inconsistencies. this has worked better in situations where there was | independent

Interesting bit of a quote

2006-07-11 Thread leichter_jerrold
...from a round-table discussion on identity theft in the current Computerworld: IDGNS: What are the new threats that people aren't thinking about? CEO Dean Drako, Sana Security Inc.: There has been a market change over the last five-to-six years, primarily due to

Re: Use of TPM chip for RNG?

2006-07-04 Thread leichter_jerrold
| On 7/3/06, Leichter, Jerry [EMAIL PROTECTED] wrote: | You're damned if you do and damned if you don't. Would you want to use a | hardware RNG that was *not* inside a tamper-proof package - i.e., inside | of a package that allows someone to tamper with it? | | Yes. If someone has physical

Re: Chinese WAPI protocol?

2006-06-14 Thread leichter_jerrold
| The specification is secret and confidential. It uses the SMS4 | block cipher, which is secret and patented. [*] | | Secret and patented are mutually exclusive. Actually, they are not. There is a special provision in the law under which something submitted to the patent office can be

Re: complexity classes and crypto algorithms

2006-06-13 Thread leichter_jerrold
| What kind of problems do people run into when they try to make | cryptographic algorithms that reduce to problems of known complexity? | I'm expecting that the literature is full of such attempts, and one | could probably spend a lifetime reading up on them, but I have other | plans and would

Re: Trusted path (was: status of SRP)

2006-06-06 Thread leichter_jerrold
| ...This is the trusted-path problem. Some examples of proposed | solutions to trusted-path are: | | - Dim the entire screen. | - Use special window borders. | - Use flashing window borders. | - Use specially shaped windows. | - Attach a warning label to all untrusted

Re: statistical inferences and PRNG characterization

2006-05-22 Thread leichter_jerrold
| Hi, | | I've been wondering about the proper application of statistics with | regard to comparing PRNGs and encrypted text to truly random sources. | | As I understand it, when looking at output, one can take a | hypothetical source model (e.g. P(0) = 0.3, P(1) = 0.7, all bits | independent)

Re: Piercing network anonymity in real time

2006-05-15 Thread leichter_jerrold
|The Locate appliance sits passively on the network and |analyzes packets in real time to garner ID info from sources |like Active Directory, IM and e-mail traffic, then associates |this data with network information. | | This is really nothing new -- I've been

Re: the meaning of linearity, was Re: picking a hash function to be encrypted

2006-05-15 Thread leichter_jerrold
| - Stream ciphers (additive) | | This reminds me, when people talk about linearity with regard to a | function, for example CRCs, exactly what sense of the word do they | mean? I can understand f(x) = ax + b being linear, but how exactly | does XOR get involved, and are there +-linear

Consumers Losing Trust in Internet Banking

2006-05-13 Thread leichter_jerrold
Summary: The deluge of reports of problems at on-line banks is having an effect. Customer attitudes are increasing negative, and customers mention concerns about security as worrying them. The adoption rate for internet banking has dropped to only 3.1% for the last quarter of 2005, about

Piercing network anonymity in real time

2006-05-09 Thread leichter_jerrold
eTelemetry Locate [Image] Locate dynamically discovers, correlates and archives the person behind the IP address--the people layer--to expedite forensic investigations and help comply with SOX. It approaches the issue of how to match a

Re: Get a boarding pass, steal someone's identity

2006-05-08 Thread leichter_jerrold
| I got this pointer off of Paul Hoffman's blog. Basically, a reporter | uses information on a discarded boarding pass to find out far too much | about the person who threw it away | |,,1766266,00.html | | The story may be exaggerated but it feels

Re: Linux RNG paper

2006-05-05 Thread leichter_jerrold
| I guess perhaps the reason they don't do integrity checking is that it | involves redundant data, so the encrypted volume would be smaller, or | the block offsets don't line up, and perhaps that's trickier to handle | than a 1:1 correspondence. | | Exactly, many file systems rely on block

Re: PGP master keys

2006-05-01 Thread leichter_jerrold
| issues did start showing up in the mid-90s in the corporate world ... | there were a large number of former gov. employees starting to show up | in different corporate security-related positions (apparently after | being turfed from the gov). their interests appeared to possibly reflect

VoIP and phishing

2006-04-27 Thread leichter_jerrold
From Computerworld: New phishing scam model leverages VoIP Novelty of dialing a phone number lures in the unwary News Story by Cara Garretson APRIL 26, 2006 (NETWORK WORLD) - Small businesses and consumers aren't the only ones enjoying the cost savings of switching to voice over IP

Re: VoIP and phishing

2006-04-27 Thread leichter_jerrold
| the other point that should be made about voip is that callerid is | trivial to spoof. | | so if you are counting on the calling party being who they say the | are, or even within your company, based on callerid, don't. | | i predict a round of targeted attacks on help desks and customer |

Re: webcam encryption beats quasar encryption

2006-03-31 Thread leichter_jerrold
| I think the Rip Van Winkle cipher was mentioned in Schneier's Applied | Cryptography. Also, I vaguely recall another news story (1999?) that | reported on an encryption technique that hypothesized a stream of random | bits generated by an orbiting satellite. Probably Rabin's work on beacons.

Re: Linux RNG paper

2006-03-24 Thread leichter_jerrold
| Min-entropy of a probability distribution is | | -lg ( P[max] ), | | minus the base-two log of the maximum probability. | | The nice thing about min-entropy in the PRNG world is that it leads to | a really clean relationship between how many bits of entropy we need | to seed the PRNG, and

Re: Creativity and security

2006-03-24 Thread leichter_jerrold
| If all that information's printed on the outside of the card, then | isn't this battle kind of lost the moment you hand the card to them? | | 1- I don't hand it to them. I put it in the chip-and-pin card reader | myself. In any case, even if I hand it to a cashier, it is within my sight

Re: passphrases with more than 160 bits of entropy

2006-03-22 Thread leichter_jerrold
| Let me rephrase my sequence. Create a sequence of 256 consecutive | bytes, with the first byte having the value of 0, the second byte the | value of 1, ... and the last byte the value of 255. If you measure | the entropy (according to Shannon) of that sequence of 256 bytes, you | have


2006-03-22 Thread leichter_jerrold
PayPad ( is an initiative that seems to have JPMorganChase Chase behind it to provide an alternative method for paying transactions on line. You buy a PayPad device, a small card reader with integrated keypad. It connects to your PC using USB. To pay using PayPad at a merchant

Re: pipad, was Re: bounded storage model - why is R organized as 2-d array?

2006-03-21 Thread leichter_jerrold
| Anyone see a reason why the digits of Pi wouldn't form an excellent | public large (infinite, actually) string of random bits? | | There's even an efficient digit-extraction (a/k/a random access to | fractional bits) formula, conveniently base 16: |

Creativity and security

2006-03-20 Thread leichter_jerrold
I was tearing up some old credit card receipts recently - after all these years, enough vendors continue to print full CC numbers on receipts that I'm hesitant to just toss them as is, though I doubt there are many dumpster divers looking for this stuff any more - when I found a great example of

Study shows how photonic decoys can foil hackers

2006-03-01 Thread leichter_jerrold
Does anyone have an idea of what this is about? (From Computerworld): -- Jerry FEBRUARY 23, 2006 (NETWORK WORLD) - A University of Toronto professor and researcher has demonstrated for the first time a new technique for safeguarding data

DHS: Sony rootkit may lead to regulation

2006-02-28 Thread leichter_jerrold
DHS: Sony rootkit may lead to regulation U.S. officials aim to avoid future security threats caused by copy protection software News Story by Robert McMillan FEBRUARY 16, 2006 (IDG NEWS SERVICE) - A U.S. Department of Homeland Security official warned today that if software distributors

Re: GnuTLS (libgrypt really) and Postfix

2006-02-14 Thread leichter_jerrold
| I disagree strongly here. Any code which detects an impossible state | or an error clearly due to a programming error by the caller should | die as soon as possible. | | That is a remarkably unprofessional suggestion. I hope the people | who write software for autopilots, pacemakers,

Nonrepudiation - in some sense

2006-02-10 Thread leichter_jerrold
From a description of the Imperva SecureSphere technology. Imperva makes firewalls that can look inside SSL sessions: SSL Security that Maintains Non-Repudiation SecureSphere can inspect the contents of both HTTP and HTTPS (SSL) traffic. SecureSphere delivers higher

Re: Nonrepudiation - in some sense

2006-02-10 Thread leichter_jerrold
| From a description of the Imperva SecureSphere technology. Imperva makes | firewalls that can look inside SSL sessions: | | SSL Security that Maintains Non-Repudiation | | SecureSphere can inspect the contents of both HTTP and HTTPS | (SSL) traffic. SecureSphere delivers

RE: thoughts on one time pads

2006-01-31 Thread leichter_jerrold
[CD destruction] | You missed the old standby - the microwave oven. | | The disk remains physically intact (at least after the | 5 seconds or so I've tried), but a great deal of pretty | arcing occurs in the conductive data layer. Where the | arcs travel, the data layer is vapourized. | | The

Re: quantum chip built

2006-01-19 Thread leichter_jerrold
| I'm fairly ignorant of quantum computers, I'm no expert myself. I can say a few things, but take them with a grain of salt. | having had the opportunity | to see Schor lecture at a local university but unfortunately finding | myself quickly out of my

Re: long-term GPG signing key

2006-01-18 Thread leichter_jerrold
| Even though triple-DES is still considered to have avoided that | trap, its relatively small block size means you can now put the | entire decrypt table on a dvd (or somesuch, I forget the maths). | | | This would need 8 x 2^{64} bytes of storage which is approximately | 2,000,000,000

Re: quantum chip built

2006-01-18 Thread leichter_jerrold
| From what I understand simple quantum computers can easily brute-force | attack RSA keys or other | types of PK keys. | | My understanding is that quantum computers cannot easily do anything. | | | Au contraire, quantum computers can easily perform prime factoring or | perform

Re: phone records for sale.

2006-01-09 Thread leichter_jerrold
| 18 USC 2702(c) says | | A provider described in subsection (a) may divulge a record or | other information pertaining to a subscriber to or customer of | such service (not including the contents of communications | covered by subsection (a)(1) or (a)(2)) ... | |

Re: browser vendors and CAs agreeing on high-assurance certificat es

2005-12-23 Thread leichter_jerrold
| | But is what they are doing wrong? | | | | The users? No, not really, in that given the extensive conditioning that | | they've been subject to, they're doing the logical thing, which is not paying | | any attention to certificates. That's why I've been taking the (apparently | | somewhat

Re: browser vendors and CAs agreeing on high-assurance certificat es

2005-12-21 Thread leichter_jerrold
| Imagine a E-commerce front end: Instead of buying a cert | which you are supposed to trust, they go to and pay for a | link. Everyone trusts and its cert. e-commerce provides a | guarantee of some sort to customers who go through it, and

Re: browser vendors and CAs agreeing on high-assurance certificat es

2005-12-18 Thread leichter_jerrold
| 2) the vast majority of e-commerce sites did very few number of | transactions each. this was the market segment involving e-commerce | sites that aren't widely known and/or represents first time business. it | is this market segment that is in the most need of trust establishment; | however, it

Re: crypto for the average programmer

2005-12-12 Thread leichter_jerrold
On Mon, 12 Dec 2005, Steve Furlong wrote: | My question is, what is the layperson supposed to do, if they must use | crypto and can't use an off-the-shelf product? | | When would that be the case? | | The only defensible situations I can think of in which a | non-crypto-specialist programmer

Malicious chat bots

2005-12-08 Thread leichter_jerrold
[From Computerworld - see,10801,106832,00 .html?source=NLT_PMnid=106832 ] Security firm detects IM bot that chats with you Bot replies with messages such as 'lol no its not its a virus'

Re: Proving the randomness of a random number generator?

2005-12-05 Thread leichter_jerrold
| There's another definition of randomness I'm aware of, namely that the | bits are derived from independent samples taken from some sample space | based on some fixed probability distribution, but that doesn't seem | relevant unless you're talking about a HWRNG. As another poster | pointed out,

Re: [Clips] Banks Seek Better Online-Security Tools

2005-12-04 Thread leichter_jerrold
| You know, I'd wonder how many people on this | list use or have used online banking. | | To start the ball rolling, I have not and won't. Until a couple of months ago, I avoided doing anything of this sort at all. Simple reasoning: If I know I never do any financial stuff on-line, I can

Re: Proving the randomness of a random number generator?

2005-12-03 Thread leichter_jerrold
| Hi, | Apologies if this has been asked before. | | The company I work for has been asked to prove the randomness of a random | number generator. I assume they mean an PRNG, but knowing my employer it | could be anything.. I've turned the work down on the basis of having another | gig that week.

Re: Broken SSL domain name trust model

2005-12-02 Thread leichter_jerrold
| ...basically, there was suppose to be a binding between the URL the user | typed in, the domain name in the URL, the domain name in the digital | certificate, the public key in the digital certificate and something | that certification authorities do. this has gotten terribly obfuscated | and

Re: timing attack countermeasures (nonrandom but unpredictable de lays)

2005-11-30 Thread leichter_jerrold
| Why do you need to separate f from f+d? The attack is based on a timing | variation that is a function of k and x, that's all. Think of it this way: | Your implementation with the new d(k,x) added in is indistinguishable, in | externally visible behavior, from a *different* implementation

Re: timing attack countermeasures (nonrandom but unpredictable de lays)

2005-11-17 Thread leichter_jerrold
| In many cases, the observed time depends both on the input and on some | other random noise. In such cases, averaging attacks that use the same | input over and over again will continue to work, despite the use of | a pseudorandom input-dependent delay. For instance, think of a timing |

Re: the effects of a spy

2005-11-16 Thread leichter_jerrold
On Tue, 15 Nov 2005, Perry E. Metzger wrote: | Does the tension between securing one's own communications and | breaking an opponents communications sometimes drive the use of COMSEC | gear that may be too close to the edge for comfort, for fear of | revealing too much about more secure methods?

Re: [fc-discuss] Financial Cryptography Update: On Digital Cash-l ike Payment Systems

2005-10-25 Thread leichter_jerrold
| U.S. law generally requires that stolen goods be returned to the | original owner without compensation to the current holder, even if | they had been purchased legitimately (from the thief or his agent) by | an innocent third party. This is incorrect. The law draws a distinction between

Re: semi-preditcable OTPs

2005-10-25 Thread leichter_jerrold
| I recall reading somewhere that the NSA got ahold of some KGB numeric | OTPs (in the standard five-digit groups). They found that they | contained corrections, typos, and showed definite non-random | characteristics. Specifically, they had a definite left-hand | right-hand alternation, and