Re: "PGP Encryption Proves Powerful"
At 08:17 AM 06/03/2003 -0700, bear wrote: what he said was "with cryptanalysis alone." Rubber-hose methods are not cryptanalysis, and neither is password guessing. Eh? Password guessing certainly is. >I'm not aware of a PGP port to the Psion, but at least the >Psion 3/3a/3c generation were 8086-like processors, >and there was a C compiler ported to them, >so perhaps somebody ported one of the earlier PGPs. IIRC, there was/is a psion linux port, with gcc. Looks like it's still in active development, mainly for the Psion 5 series - they've even got X Windows running on them, as well as PGP. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: "PGP Encryption Proves Powerful"
At 11:18 AM 6/1/03 -0400, Ian Grigg wrote: ... This sounds workable in theory, but in practice, one has to work with the skills base of the users and the stress of the work. Terrorists are generally not adept at technical work. They are not really chosen for their skills; more their loyalty, their anger, and often their simplistic belief in "some other bad guy" stories. Terrorists are like soldiers, mostly drawn from the lower echelons of society, with a small smattering of bright sparks who rise to the top (if they survive at all). If they could master technically challenging tools like crypto then they'd not be terrorists, they'd be out there making a living. Yeah, I suspect you're right. And the big problem with these threshhold schemes is that non-cryptographers end up unable to figure out what the heck is going on with them. Once you get past 2/n schemes, most peoples' eyes glaze over. ... iang --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: "PGP Encryption Proves Powerful"
At 11:38 AM 05/30/2003 -0700, John Young wrote: If the FBI cannot crack PGP that does not mean other agencies with greater prowess cannot. It is unlikely that the capability to crack PGP would be publicly revealed for that would close an invaluable source of information. . Still, it is impressive that PRZ valiantly argues that PGP is algorithmically impregnable. That should satisfy its users as well as its crackers. And Phil was quoted as saying > "Does PGP have a back door? The answer is no, it does not," > he said. "If the device is running PGP it will not be possible > to break it with cryptanalysis alone." But in fact that's incorrect. PGP doesn't have back doors, but it has two major weaknesses, which are weak user-chosen passphrases, combined with a secret key file format that makes it easy to verify whether a key has been guessed correctly, and human-rememberable passphrases, combined with rubber-hose cryptanalysis and a captured agent. If you're doing good operational security, and the Red Brigades probably are, your passphrases have good enough entropy that they're hard to crack, but if they got sloppy, and someone wants to feed all the information that's known about them to pgpcrack, it's possible that they'll find something. It's less likely than VENONA succeeding, because the importance of good passphrases was known, and unlike one-time pads there's no operational need to occasionally get sloppy under time pressure. I'm not aware of a PGP port to the Psion, but at least the Psion 3/3a/3c generation were 8086-like processors, and there was a C compiler ported to them, so perhaps somebody ported one of the earlier PGPs. (There was an old HP palmtop that ran genuine MS-DOS, unlike the Psion's more interesting operating system, and you could probably run PGP on that directly.) - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: "PGP Encryption Proves Powerful"
John Kelsey wrote: > At 01:22 PM 5/29/03 -0400, Ian Grigg wrote: > >> The following appears to be a bone fide case of a >> threat model in action against the PGP program. > > > ... > > Two comments: > > a. It sure seems like it would be a pain to enter a long passphrase on > one of these things, so that seems like the most plausible attack. But > I agree that it would be nice to know more about actual fielded > attacks. (The problem is that if you're actually using them to gather > information, you won't want to disclose your methods.) Errr... it was a Psion, and they have keyboards. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: "PGP Encryption Proves Powerful"
Actually, I _am_ the proud posessor of a Psion Series 5mx, and I have had PGP for EPOC installed on it for a few years now. It's not the original, obviously, but it claims to be a port to the EPOC operating system of PGP 2.6.3ia. The About page says "International version - not for use in the USA. Does not use RSAREF". It is copyright PanSoftware, and there are two URLs - www.PanSoftware.com and www.sgsoftware.com. I don't have source code - which is a bit of a security problem, obviously - but it produces .pgp files which are compatible with other versions of PGP 2.6.3i, and if you examine the packets of said .pgp files then you find nothing unexpected. In summary, I'm reasonably convinced that it really is PGP ... although personally if my information were REALLY sensitive then I'd probably do my encryption on some other platform (where I had the source code). Jill -Original Message- From: Dean, James [mailto:[EMAIL PROTECTED] Sent: Friday, May 30, 2003 2:30 PM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: RE: "PGP Encryption Proves Powerful" The article hedges on whether or not PGP was used on the Psion mentioned. The Psion might have been using one of the other programs listed at http://www.ericlindsay.com/epoc/sicrypt5.htm. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: "PGP Encryption Proves Powerful"
John Kelsey wrote: > > At 10:29 AM 5/30/03 -0400, Anton Stiglic wrote: > > >So what happened to passphrase guessing? That's got to be > >one of the weakest links. Unless their private key wasn't > >stored on the device? > > One thought: How hard would it be to write a Palm app to use the > interaction between several devices to derive a key or password, using the > IR ports? The whole thing could easily be encrypted under a common > key. Require the attacker to get a device from each member of the cell (or > 3/5 or some such) Certainly, if all the cell members had a PDA, with IR, then that would allow a much more robust multi-factor system. But... > before recovering the actual encrypted secrets. I wouldn't be surprised if > technologically sophisticated terrorists and spies were doing stuff like > that. (You could easily do this with pen and paper, too, for simple > control structures. Each member of the cell holds some parts of the > password written down, and 4/5 of them have to get togther to reconstruct > the full password.) This sounds workable in theory, but in practice, one has to work with the skills base of the users and the stress of the work. Terrorists are generally not adept at technical work. They are not really chosen for their skills; more their loyalty, their anger, and often their simplistic belief in "some other bad guy" stories. Terrorists are like soldiers, mostly drawn from the lower echelons of society, with a small smattering of bright sparks who rise to the top (if they survive at all). If they could master technically challenging tools like crypto then they'd not be terrorists, they'd be out there making a living. Giving them a complex technical tool means an awful lot of training. Which means: they may be able to master this, as they are not totally dumb, but, this means they are not training in some other thing. There is a reason that the AK47 is the weapon of choice: it is an extraordinarily simple weapon. Training is probably about half the requirements of say the M16. That makes a difference, much more so than, say, the increased accuracy of the M16! There is a huge premium in a simple tool. In practice, I'd suspect that a single factor crypto system would win out in the end, as anything more complex would bog down under fire. (In fact, I am surprised they are using crypto *at* *all*, I'd be very nervous about the amount of data that could end up being compromised by a lost PDA and a tortured terrorist!) There is this pervasive image that terrorists are technologically adept. I don't think I've ever seen much real evidence of that. I think there are two factors in this unrealistic belief. 1. The media love to portray terrorists as a wiley enemy. I can only put that down to a need to explain how they managed to do this terrible thing to us: mentally, we feel better if the enemy is really smart, a challenge to us, as it's ok for him to win once or twice. (As long as we are smarter, and can rise and win in the end...) Recall, we all love and admire the Germans because they were a smart adept enemy in the first half of the 20th century. We have almost as much admiration for the Japanese, but pretty much no admiration for the Chinese and the Koreans, who resort too quickly to human wave tactics. (The Vietnamese, and Russians, we feel quixotic about...) Phsycologically, it makes us unhappy to realise that the 911 attackers were actually quite simple, so we don't. We build up Osama bin Laden to be a mastermind, a sort of James Bond-qualified evil guy who constructs plans of insidious cunning. 2. Also, the counter-terrorist forces have a vested interest in presenting the terrorists as more capable than they really are (hence, that article, as many have observed). This is a simple and pervasive technique to get more support for their activities. For example, it's now pretty much clear that a lot of the threat assessments of the Soviet Union were routinely exaggerated dramatically by money-seeking companies and generals. Also, you can't really be "wrong" and embarressed if you over-exaggerate the threat. All this is a long winded way of saying your average terrorist is much more like your grandma when it comes to tech. Highly competant in the kitchen, but can't send an email to save herself. -- iang - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: "PGP Encryption Proves Powerful"
At 10:29 AM 5/30/03 -0400, Anton Stiglic wrote: So what happened to passphrase guessing? That's got to be one of the weakest links. Unless their private key wasn't stored on the device? One thought: How hard would it be to write a Palm app to use the interaction between several devices to derive a key or password, using the IR ports? The whole thing could easily be encrypted under a common key. Require the attacker to get a device from each member of the cell (or 3/5 or some such) before recovering the actual encrypted secrets. I wouldn't be surprised if technologically sophisticated terrorists and spies were doing stuff like that. (You could easily do this with pen and paper, too, for simple control structures. Each member of the cell holds some parts of the password written down, and 4/5 of them have to get togther to reconstruct the full password.) --Anton --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: "PGP Encryption Proves Powerful"
At 01:22 PM 5/29/03 -0400, Ian Grigg wrote: The following appears to be a bone fide case of a threat model in action against the PGP program. ... Two comments: a. It sure seems like it would be a pain to enter a long passphrase on one of these things, so that seems like the most plausible attack. But I agree that it would be nice to know more about actual fielded attacks. (The problem is that if you're actually using them to gather information, you won't want to disclose your methods.) b. A nasty (likely to backfire) trick would be to generate a long random password, use it to encrypt a bunch of data, and then forget the password. Something as simple as the MD5 of the results of typing into a buffer for a couple minutes would do fine. No attacker will ever guess it. Of course, the judge may not believe you when you explain why you don't know those passwords, and the cops may try to beat the answers out of you if they're convinced enough that you're a bad guy --John Kelsey, [EMAIL PROTECTED] PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: "PGP Encryption Proves Powerful"
- Original Message - From: "Ian Grigg" <[EMAIL PROTECTED]> Subject: "PGP Encryption Proves Powerful" > http://www.pcworld.com/news/article/0,aid,110841,00.asp The article appears to use PGP simply as the most prominent example, and is clearly undereducated in the realities of cryptography. It not only says that there is little chance that it is actually PGP in use, but goes on to indicate that hackers are a magic bullet. As far as real reporting goes here, this is laughable. The article is titled "PGP Encryption Proves Powerful" then says that there's little likelihood that PGP was used. It flatly says that there are no backdoors, and that it would take millions of years to break, then hints that hiring hackers to break it would work. While the sentences individually make sense, the whole is somewhat lacking in anything resembling English. Joe - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: "PGP Encryption Proves Powerful"
At 1:22 PM -0400 5/29/03, Ian Grigg wrote: The following appears to be a bone fide case of a threat model in action against the PGP program. Leaving aside commentary on the pros and cons within this example, there is a desparate lack of real experience in how crypto systems are attacked. IMHO, this leads to some rather poorly chosen engineering decisions that have shown themselves to stymie or halt the success of otherwise good crypto systems. Does anyone know of a repository for real life attacks on crypto systems? Or are we stuck with theoretical and academic threats when building new systems? iang There is a lot of material from the World War II era (e.g Silk and Cyanide by Leo Marks) and the early cold war (e.g. http://www.nsa.gov/docs/venona/). Government cryptographic successes are usually highly classified and kept that way for decades. There was one recent story about the FBI's apparent use of a keyboard logger to get a accused organized criminal's password. The latest U.S. Government wiretap report http://www.uscourts.gov/wiretap02/contents.html (they are now required to report on encryption incidents) says: "Encryption was reported to have been encountered in 16 wiretaps terminated in 2002 and in 18 wiretaps terminated in calendar year 2001 or earlier but reported for the first time in 2002; however in none of these case was encryption reported to have prevented law enforcement officials from obtaining the plain text of the communications intercepted." By comparison they reported 1358 intercepts authorized in 2002. Arnold Reinhold - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: "PGP Encryption Proves Powerful"
If the FBI cannot crack PGP that does not mean other agencies with greater prowess cannot. It is unlikely that the capability to crack PGP would be publicly revealed for that would close an invaluable source of information. Intel crackers hardly ever reveal their most essential tools, though there are orchestrated releases of capability to mislead. In the case of the VENONA decrypts, there have been only partial public releases, along with misleading stories about how the decrypts were done -- the official story they were done only by dedicated cryptanalysts without help of code books or other assists, that Russian carelessness of OTP preparation provided the crib. Unofficial stories are that Russian codebooks were used, at least for some of the decrypts -- Thomas Powers, for one, recounts this version in several reprinted essays in "The Intelligence Wars." That cover stories have been arranged for how the deciphering was actually done, some not privy to the hardworking NSA crackers. An undisclosed amount of the VENONA messages remain undeciphered, or at least not made public. Speculation is that NSA and whomever do not want to tell the full story of the decrypt capability, again, as with most intelligence agencies it is more beneficial to never reveal full capabilities, in particular not to temporary allies with the understanding that allies always spy on each other, whether those are US TLAs or foreign friends. Ther recent opening of domestic cooperation among the intel agencies and law enforcement will not likely get any of them to share fully. Still, it is impressive that PRZ valiantly argues that PGP is algorithmically impregnable. That should satisfy its users as well as its crackers. An uncracked code is the perfect spying tool. Based on a mulitude of accounts of sophisticated espionage deceptions it might be suspected that is the origin of PK crypto, and why it was leaked, and leaked again, and crypto export was eased, then greased again. Presumably there will be periodic reports of cryptographic impregnability to foster wider if not wiser use. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: "PGP Encryption Proves Powerful"
Aside from the whole governments-and-people-and-terrorists thing, I will say that there was an event last year at my former employers' that made us very glad we were using PGP. An engineer's laptop got stolen. With the entire source tree of an enterprise application that licensed for $25K a seat on it. Fortunately, since it was in an encrypted archive, we didn't need to worry too much. I don't know how many "incidents" like this happen every year. I don't think governments care that much about the kind of risk companies not using crypto to protect their livelihoods take. They don't become aware of crypto when it averts trouble. They become aware of crypto when it causes trouble. Bear - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: "PGP Encryption Proves Powerful"
At 01:22 PM 5/29/03 -0400, Ian Grigg wrote: >The following appears to be a bone fide case of a >threat model in action against the PGP program. > >Leaving aside commentary on the pros and cons >within this example, there is a desparate lack of >real experience in how crypto systems are attacked. There's also the possibility of disinfo. For instance, we all know that more competent agencies than the FBI were involved. The real test of TLA abilities will be to see how many Red Brigaders are captured in coming months. Assuming that those captures are reported --which they might not, to conceal TLA abilities. (Remember Coventry?) On the other hand, continued R.B. activities would be evidence that their hardware, software, and opsec were strong. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: "PGP Encryption Proves Powerful"
So what happened to passphrase guessing? That's got to be one of the weakest links. Unless their private key wasn't stored on the device? --Anton - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: "PGP Encryption Proves Powerful"
hi ( 03.05.29 13:22 -0400 ) Ian Grigg: > Does anyone know of a repository for real life > attacks on crypto systems? bugtraq archives? perhaps due to the sensitive nature of encrypted data, many attacks may not be reported. and even if so, the reports may be incomplete, or misleading. -- \js - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: "PGP Encryption Proves Powerful"
The article hedges on whether or not PGP was used on the Psion mentioned. The Psion might have been using one of the other programs listed at http://www.ericlindsay.com/epoc/sicrypt5.htm. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
"PGP Encryption Proves Powerful"
The following appears to be a bone fide case of a threat model in action against the PGP program. Leaving aside commentary on the pros and cons within this example, there is a desparate lack of real experience in how crypto systems are attacked. IMHO, this leads to some rather poorly chosen engineering decisions that have shown themselves to stymie or halt the success of otherwise good crypto systems. Does anyone know of a repository for real life attacks on crypto systems? Or are we stuck with theoretical and academic threats when building new systems? iang PS: for the archives: === http://www.pcworld.com/news/article/0,aid,110841,00.asp PGP Encryption Proves Powerful If the police and FBI can't crack the code, is the technology too strong? Philip Willan, IDG News Service Monday, May 26, 2003 ROME -- Italian police have seized at least two Psion personal digital assistants from members of the Red Brigades terrorist organization. But the major investigative breakthrough they were hoping for as a result of the information contained on the devices has failed to materialize--thwarted by encryption software used by the left-wing revolutionaries. Failure to crack the code, despite the reported assistance of U.S. Federal Bureau of Investigation computer experts, puts a spotlight on the controversy over the wide availability of powerful encryption tools. The Psion devices were seized on March 2 after a shootout on a train traveling between Rome and Florence, Italian media and sources close to the investigation said. The devices, believed to number two or three, were seized from Nadia Desdemona Lioce and her Red Brigades comrade Mario Galesi, who was killed in the shootout. An Italian police officer was also killed. At least one of the devices contains information protected by encryption software and has been sent for analysis to the FBI facility in Quantico, Virginia, news reports and sources said. The FBI declined to comment on ongoing investigations, and Italian authorities would not reveal details about the information or equipment seized during the shootout. Pretty Good Privacy The software separating the investigators from a potentially invaluable mine of information about the shadowy terrorist group, which destabilized Italy during the 1970s and 1980s and revived its practice of political assassination four years ago after a decade of quiescence, was PGP (Pretty Good Privacy), the Rome daily La Repubblica reported. So far the system has defied all efforts to penetrate it, the paper said. Palm-top devices can only run PGP if they use the Palm OS or Windows CE operating systems, said Phil Zimmermann, who developed the encryption software in the early 1990s. Psion uses its own operating system known as Epoc, but it might still be possible to use PGP as a third party add-on, a spokesperson for the British company said. There is no way that the investigators will succeed in breaking the code with the collaboration of the current manufacturers of PGP, the Palo Alto, California-based PGP, Zimmermann said in a telephone interview. "Does PGP have a back door? The answer is no, it does not," he said. "If the device is running PGP it will not be possible to break it with cryptanalysis alone." Investigators would need to employ alternative techniques, such as looking at the unused area of memory to see if it contained remnants of plain text that existed before encryption, Zimmermann said. Privacy vs. Security The investigators' failure to penetrate the PDA's encryption provides a good example of what is at stake in the privacy-versus-security debate, which has been given a whole new dimension by the September 11 terrorist attacks in the U.S. Zimmermann remains convinced that the advantages of PGP, which was originally developed as a human rights project to protect individuals against oppressive governments, outweigh the disadvantages. "I'm sorry that cryptology is such a problematic technology, but there is nothing we can do that will give this technology to everyone without also giving it to the criminals," he said. "PGP is used by every human rights organization in the world. It's something that's used for good. It saves lives." Nazi Germany and Stalin's Soviet Union are examples of governments that had killed far more people than all the world's criminals and terrorists combined, Zimmermann said. It was probably technically impossible, Zimmermann said, to develop a system with a back door without running the risk that the key could fall into the hands of a Saddam Hussein or a Slobodan Milosevic, the former heads of Iraq and Yugoslavia, respectively. "A lot of cryptographers wracked their brains in the 1990s trying to devise strategies that would make everyone happy and we just couldn't come up with a scheme for doing it," h