Re: Another entry in the internet security hall of shame....

2005-08-29 Thread James A. Donald
-- From: Dave Howe [EMAIL PROTECTED] 2) Google got into the CA business; namely, all GoogleMail owners suddenly found they could send and receive S/Mime messages from their googlemail accounts, using a certificate that just appeared and was signed by the GoogleMail

Re: Another entry in the internet security hall of shame....

2005-08-29 Thread Peter Gutmann
Dave Howe [EMAIL PROTECTED] writes: Nicolas Williams wrote: Yes, a challenge-response password authentication protocol, normally subject to off-line dictionary attacks by passive and active attackers can be strengthened by throwing in channel binding to, say, a TLS channel, such that: a)

Re: Another entry in the internet security hall of shame....

2005-08-29 Thread Dave Howe
Peter Gutmann wrote: TLS-PSK fixes this problem by providing mutual authentication of client and server as part of the key exchange. Both sides demonstrate proof-of- possession of the password (without actually communicating the password), if either side fails to do this then the TLS handshake

Re: Fwd: Tor security advisory: DH handshake flaw

2005-08-29 Thread Simon Josefsson
Ben Laurie [EMAIL PROTECTED] writes: Simon Josefsson wrote: Ben Laurie [EMAIL PROTECTED] writes: [EMAIL PROTECTED] wrote: So Miller-Rabin is good for testing random candidates, but it is easy to maliciously construct an n that passes several rounds of Miller-Rabin. Interesting! So how

Re: Another entry in the internet security hall of shame....

2005-08-29 Thread Gilles DEMARTY
2005/8/29, Dave Howe [EMAIL PROTECTED]: So, the solution to nobody using the existing (but adequate) solution is another existing (but barely implimented and also unused) solution? I think the good solution is the one chosen by some bank ... :

Re: Another entry in the internet security hall of shame....

2005-08-29 Thread james hughes
In listening to this thread hearing all the hyperbole on both sides, I would suggest that we may need more fuel to the fire. There was a rump presentation at the recent Crypto on the use of Ceremonies (which, pardon my misstatement in advance, is claimed to be computer protocols with the

Re: Another entry in the internet security hall of shame....

2005-08-29 Thread Dave Howe
James A. Donald wrote: SSL works in practice, X509 with CA certs does not work in practice. People have been bullied into using it by their browsers, but it does not give the protection intended, because people do what is necessary to avoid being nagged by browsers, not what is necessary to

Re: Fwd: Tor security advisory: DH handshake flaw

2005-08-29 Thread Simon Josefsson
Ben Laurie [EMAIL PROTECTED] writes: [EMAIL PROTECTED] wrote: So Miller-Rabin is good for testing random candidates, but it is easy to maliciously construct an n that passes several rounds of Miller-Rabin. Interesting! So how does one go about constructing such an n? I wonder if the

Re: Fwd: Tor security advisory: DH handshake flaw

2005-08-29 Thread astiglic
Don’t be concerned about secrecy of prime generated with Maurer’s method, the method generates primes that are almost uniformly distributed over the set of all numbers (this is different from another algorithm called Shawe-Taylor, which is similar in functioning but only reaches 10% of all

Re: Fwd: Tor security advisory: DH handshake flaw

2005-08-29 Thread astiglic
One algorithm that results in a polynomially verifiable witness is: Almost All Primes Can be Quickly Certified http://theory.lcs.mit.edu/~cis/pubs/shafi/1986-stoc-gk.pdf That's a very old algorithm. It was an intersting result at the time (1986) because it is a primality proving algorithm

Re: Another entry in the internet security hall of shame....

2005-08-29 Thread Anne Lynn Wheeler
Dave Howe wrote: Indeed so - however, if Google makes it just work then there will be a large swathe of people out there wondering what does this DIGITAL SIGNATURE button do in gmail? plus a smaller subset who have google talk and can perform secure e2e voip using x509 certs that they don't

Re: Another entry in the internet security hall of shame....

2005-08-29 Thread Ian G
Anne Lynn Wheeler wrote: the major ISPs are already starting to provide a lot of security software to their customers. a very straight forward one would be if they provided public key software ... to (generate if necessary) and register a public key in lieu of password ... and also support the

Re: Another entry in the internet security hall of shame....

2005-08-29 Thread Nick Owen
I would appreciate your thoughts on WiKID. We use asymmetric keys to encrypt PINs and one-time passcodes between a client and the server. The server talks to various network clients using protocols such as LDAP, Radius, or using our own SSL-tunneled wAuth protocol. We believe that replacing

Re: Another entry in the internet security hall of shame....

2005-08-29 Thread James A. Donald
-- From: [EMAIL PROTECTED] (Peter Gutmann) TLS-PSK fixes this problem by providing mutual authentication of client and server as part of the key exchange. Both sides demonstrate proof-of- possession of the password (without actually communicating the password), if