Re: Maybe It's Snake Oil All the Way Down

2003-06-04 Thread Dave Howe
Bill Frantz wrote: I know of one system that takes credit cards over HTTPS, and then sends the credit card number, encrypted with GPG to a backend system for processing. For that matter, our system here discards the CC after use (the pre-auth step with the merchant bank agent gives us back a

Re: An attack on paypal

2003-06-08 Thread Dave Howe
in a world where there are repeated human mistakes/failures at some point it is recognized that people aren't perfect and the design is changed to accommodate peoples foibles. in some respects that is what helmets, seat belts, and air bags have been about. The problem is here, we are

Re: Pre-cursor to Non-Secret Encryption

2003-06-18 Thread Dave Howe
John Young wrote: James Ellis, GCHQ, in his account of the development of non-secret encryption credits a Bell Laboratories 1944 report on Project C-43 for stimulating his conception: However the concept seems familiar enough - unless I am missing something, a PRNG (n for noise rather than

Re: quantum hype

2003-09-21 Thread Dave Howe
no. its the underlieing hard problem for QC. If there is a solution to any of the Hard Problems, nobody knows about them. right, so it's no better than the arguable hard problem of factoring a 2048 bit number. Peter Fairbrother may well be in possession of a break for the QC hard problem - his

Re: why are CAs charging so much for certs anyway? (Re: End of the line for Ireland's dotcom star)

2003-09-25 Thread Dave Howe
Joel Sing wrote: Hi Adam, I believe they have, at least to a large degree. InstantSSL (www.instantssl.com) sell 128-bit certificates for $49USD/annum. Certainly far cheaper than the VeriSign or Thawte equivalent. This is their 'base' level service which comes with a $50USD warranty, email

Re: Monoculture

2003-10-01 Thread Dave Howe
Jill Ramonsky wrote: Is it possible for Bob to instruct his browser to (a) refuse to trust anything signed by Eve, and (b) to trust Alice's certificate (which she handed to him personally)? (And if so, how?) I am very much hoping that you can answer both (a) and (b) with a yes, ok then yes :)

Re: Monoculture

2003-10-02 Thread Dave Howe
slightly ranting, you might want to hit del now :) Ian Grigg wrote: What is written in these posts (not just the present one) does derive from that viewpoint and although one can quibble about the details, it does look very much from the outside that there is an informal Cryptographers Guild

Re: Monoculture

2003-10-02 Thread Dave Howe
Guus Sliepen [EMAIL PROTECTED] wrote: Thor Lancelot Simon wrote: In that case, I don't see why you don't bend your efforts towards producing an open-source implementation of TLS that doesn't suck. We don't want to program another TLS library, we want to create a VPN daemon. And RMS didn't

Re: Easy VPNs?

2003-10-11 Thread Dave Howe
Ian Grigg wrote: I'm curious - my understanding of a VPN was that it set up a network that all applications could transparently communicate over. spot on. Port forwarding appears not to be that, in practice each application has to be reconfigured to talk to the appropriate port, or, each

Re: Test of BIOS Spyware

2003-10-16 Thread Dave Howe
Ralf-P. Weinmann wrote: This is *NOT* the interesting part. The interesting part is the payload it is to deliver. The claim This enables the software to spy on the user and remain hidden to the operating system. rather interests me. How do they achieve this in an OS-agnostic fashion? They

Re: Cryptophone locks out snoopers

2003-11-26 Thread Dave Howe
Ian Grigg wrote: (link is very slow:) http://theregister.co.uk/content/68/34096.html Cryptophone locks out snoopers By electricnews.net Posted: 20/11/2003 at 10:16 GMT I see the source release has been put back... again.

Re: PKI root signing ceremony, etc.

2003-12-15 Thread Dave Howe
Peter Gutmann wrote: Dave Howe [EMAIL PROTECTED] writes: Key management and auditing is pretty much external to the actual software regardless of which solution you use I would have thought. Not necessarily. I looked at this in an ACSAC'2000 paper (available from http://www.acsac.org/2000

Re: Do Cryptographers burn?

2004-04-03 Thread Dave Howe
Do Cryptographers burn? Sometimes they blush hard enough to ignite, if that helps :) Cryptography is a lot about math, information theory, proofs, etc. But there's a certain level where all this is too complicated and time-consuming to follow all those theories and claims. At a certain point

Re: Do Cryptographers burn?

2004-04-04 Thread Dave Howe
Hadmut Danisch wrote: - He didn't find any single mistake. He just says that everything is already known and taken from literature. certainly possible - if he didn't know (or deliberately ignored) that it had been written in 1988 :) How much of it is *still* new or at least hard to find in the

Accoustic Cryptoanalysis for RSA?

2004-05-25 Thread Dave Howe
opinions? http://www.wisdom.weizmann.ac.il/~tromer/acoustic/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Vulnerability in the WinZip implimentation of AES?

2004-05-25 Thread Dave Howe
http://www.cse.ucsd.edu/users/tkohno/papers/WinZip/ Abstract: WinZip is a popular compression utility for Microsoft Windows computers, the latest version of which is advertised as having easy-to-use AES encryption to protect your sensitive data. We exhibit several attacks against WinZip's new

Re: Yahoo releases internet standard draft for using DNS as public key server

2004-06-01 Thread Dave Howe
Ed Gerck wrote: No -- DomainKeys has nothingf to do with 'email cryptography'. They are S/MIME and PGP/MIME. I wouldn't say PGP/MIME (as opposed to pgp inline) was a widely enough used standard to be considered one of two options - pgp (both methods) certainly, but not pgp/mime exclusively.

Re: Yahoo releases internet standard draft for using DNS as public key server

2004-06-01 Thread Dave Howe
Peter Gutmann wrote: It *is* happening, only it's now called STARTTLS (and if certain vendors (Micromumblemumble) didn't make it such a pain to set up certs for their MTAs but simply generated self-signed certs on install and turned it on by default, it'd be happening even more). TLS for SMTP is a

Re: A National ID

2004-06-01 Thread Dave Howe
R. A. Hettinga wrote: If we're going to move to a national identification card, we can't afford to do it badly. Now is the time to figure out how to create a card that helps identify people but doesn't rob them of a huge swath of their civil liberties in the process. Just watch how the british do

Re: Software Helps Rights Groups Protect Sensitive Information

2004-06-01 Thread Dave Howe
R. A. Hettinga wrote: To prevent loss or theft, the data is backed up automatically and redundantly on dedicated Martus servers in Manila, Toronto, Seattle and Budapest. Nobody can read the files without access to the original user's cryptography key and password -- with the exception of

Re: Yahoo releases internet standard draft for using DNS as public key server

2004-06-01 Thread Dave Howe
Ian Grigg wrote: Dave Howe wrote: No - it means you might want to consider a system that guarantees end-to-end encryption - not just first link, then maybe if it feels like it That doesn't mean TLS is worthless - on the contrary, it adds an additional layer of both user authentication

Re: Use cash machines as little as possible

2004-07-07 Thread Dave Howe
Anne Lynn Wheeler wrote: ONE of Britain's biggest banks is asking customers to use cash machines as little as possible to help combat soaring card fraud. That's odd - given a deliberate policy of encouraging Cash Machine use over the last few years, as Cash Machine costs+fraud still come to less

Re: How a Digital Signature Works

2004-08-12 Thread Dave Howe
R. A. Hettinga wrote: The publisher first has to obtain a digital certificate from a recognized certificate authority or CA (VeriSign (VRSN ) is the largest and best known CA in the U.S.). The publisher receives a private and a public key, each of which is a long number of about 300 digits. These

Re: They Said It Couldn't Be Done

2004-09-20 Thread Dave Howe
R. A. Hettinga wrote: Nevada has taken the lead on paper trails not only in its own elections, but also in Congress. Its senators - John Ensign, a Republican, and Harry Reid, a Democrat - have co-sponsored the bipartisan Voting Integrity and Verification Act, one of a number of pending bills that

Re: IBM's original S-Boxes for DES?

2004-10-05 Thread Dave Howe
Steven M. Bellovin wrote: It was only to protect against differential cryptanalysis; they did not know about linear cryptanalysis. More accurately, they didn't protect against linear cryptanalysis - there is no way to know if they knew about it and either didn't want to make changes to

Re: Quantum cryptography gets practical

2004-10-06 Thread Dave Howe
Dave Howe wrote: I think this is part of the purpose behind the following paper: http://eprint.iacr.org/2004/229.pdf which I am currently trying to understand and failing miserably at *sigh* Nope, finally strugged to the end to find a section pointing out that it does *not* prevent mitm attacks

Re: SHA1 broken?

2005-02-17 Thread Dave Howe
Joseph Ashwood wrote: I believe you are incorrect in this statement. It is a matter of public record that RSA Security's DES Challenge II was broken in 72 hours by $250,000 worth of semi-custom machine, for the sake of solidity let's assume they used 2^55 work to break it. Now moving to a

Re: aid worker stego

2005-05-20 Thread Dave Howe
Peter Fairbrother wrote: I don't think there is much danger of severe torture, but I don't think innocent-until-proven-guilty applies either, and suspicion should be minimised or avoided. Depends on what you want to avoid. Best solution for software is dual-use - 7-zip for file encryption,

Re: solving the wrong problem

2005-08-07 Thread Dave Howe
Ilya Levin wrote: John Denker [EMAIL PROTECTED] wrote: So, unless/until somebody comes up with a better metaphor, I'd vote for one-picket fence. Nonsense fence maybe less metaphoric but more clear. I disagree - one picket fence gives a clear impression of a protective device that is

Re: Another entry in the internet security hall of shame....

2005-08-26 Thread Dave Howe
Ian G wrote: none of the above. Using SSL is the wrong tool for the job. For the one task mentioned - transmitting the username/password pair to the server - TLS is completely appropriate. However, hash based verification would seem to be more secure, require no encryption overhead on the

Re: Another entry in the internet security hall of shame....

2005-08-28 Thread Dave Howe
Nicolas Williams wrote: Yes, a challenge-response password authentication protocol, normally subject to off-line dictionary attacks by passive and active attackers can be strengthened by throwing in channel binding to, say, a TLS channel, such that: a) passive attacks are not possible, b) MITMs

Re: Another entry in the internet security hall of shame....

2005-08-29 Thread Dave Howe
Peter Gutmann wrote: TLS-PSK fixes this problem by providing mutual authentication of client and server as part of the key exchange. Both sides demonstrate proof-of- possession of the password (without actually communicating the password), if either side fails to do this then the TLS handshake

Re: Another entry in the internet security hall of shame....

2005-08-29 Thread Dave Howe
James A. Donald wrote: SSL works in practice, X509 with CA certs does not work in practice. People have been bullied into using it by their browsers, but it does not give the protection intended, because people do what is necessary to avoid being nagged by browsers, not what is necessary to

Re: Is there any future for smartcards?

2005-09-13 Thread Dave Howe
Eugen Leitl wrote: On Sun, Sep 11, 2005 at 06:49:58PM -0400, Scott Guthery wrote: 1) GSM/3G handsets are networked card readers that are pretty successful. They are I'd wager about as secure as an ATM or a POS, particularly with respect to social attacks. The smartphones not secure at all,

Re: [Clips] Sony to Help Remove its DRM Rootkit

2005-11-04 Thread Dave Howe
R.A. Hettinga wrote: http://www.betanews.com/article/print/Sony_to_Help_Remove_its_DRM_Rootkit/1130965475 Unfortunately, this is an exaggeration of what Sony have agreed to do - they have issued an installable which removes the filename cloaking component while leaving the rest (primarily, the

Re: thoughts on one time pads

2006-01-27 Thread Dave Howe
Jonathan Thornburg wrote: 1. How to insure physical security for the N years between when you exchange CDs and the use of a given chunk of keying material? The single CD system is brittle -- a single black-bag burglary to copy the CD, and poof, the adversary has all your keys for the next N

Re: thoughts on one time pads

2006-01-28 Thread Dave Howe
John Denker wrote: Dave Howe wrote: Hmm. can you selectively blank areas of CD-RW? Sure, you can. It isn't s much different from rewriting any other type of disk. Yeah, I know. just unsure how effective blanking is on cd-rw for (say) a pattern that has been in residence for two

Re: a crypto wiki

2006-01-28 Thread Dave Howe
Anton Stiglic wrote: I agree. The cryptodox page looks nice, but I would rather see the content go in wikipedia, which is worked on, and looked at, by many more people, a really beautiful community work. There is also the wiki crypto wikibook, which is sorta a co-production and shares a lot of

Re: [EMAIL PROTECTED]: Re: thoughts on one time pads]

2006-01-31 Thread Dave Howe
Eugen Leitl wrote: Sudden thermal stress (liquid nitrogen, etc) might be good enough to delaminate, leaving clear disks behind. Not sure what the data surface is made from but - surely a suitable organic solvent could remove the paint into suspension leaving a clear plastic disc and no trace of

Re: Hiding data on 3.5 using 40 track mode

2006-02-04 Thread Dave Howe
Travis H. wrote: In the FBI's public statement about Hannsen, they relate how he used a 3.5 floppy in 40 track mode to store data, but if it was read in the ordinay way it would appear blank. IIRC, high-density floppies are 80 tracks per inch, and double density were 40 tpi. So, how do you

Re: the return of key escrow?

2006-02-16 Thread Dave Howe
Chris Olesch wrote: Ok the lurker posts... Can someone explain to me why security specialists think this: The system uses BitLocker Drive Encryption through a chip called TPM (Trusted Platform Module) in the computer's motherboard. is going to stop authorities from retreiving data? I

Re: A crazy thought?

2007-06-09 Thread Dave Howe
Allen wrote: Hi Gang, In a class I was in today a statement was made that there is no way that anyone could present someone else's digital signature as their own because no one has has their private key to sign it with. This was in the context of a CA certificate which had it inside. I

Re: Seagate announces hardware FDE for laptop and desktop machines

2007-09-15 Thread Dave Howe
Leichter, Jerry wrote: First off, it depends on how the thing is implemented. Since the entire drive is apparently encrypted, and you have to enter a password just to boot from it, some of the support is in an extended BIOS or some very early boot code, which is below any OS you might actually

Re: Bid on a SnakeOil Crypto Algorithm Patent

2007-10-05 Thread Dave Howe
Saqib Ali wrote: http://www.freepatentauction.com/patent.php?nb=950 googlepatent gives me: http://www.google.com/patents?id=HaN6EBAJdq=7,088,821 - The Cryptography Mailing List Unsubscribe by sending unsubscribe

Re: patent of the day

2008-01-23 Thread Dave Howe
Perry E. Metzger wrote: http://www.google.com/patents?vid=USPAT6993661 Hat tip to a party who prefers to remain anonymous who sent me the patent number. Interesting. he patented E4M, then two years old or so... - The

Re: Fixing SSL (was Re: Dutch Transport Card Broken)

2008-01-31 Thread Dave Howe
Philipp Gühring wrote: I once implemented SSL over GSM data channel (without PPP and without TCP), and discovered that SSL needs better integrity protection than raw GSM delivers. (I am quite sure that´s why people normally run PPP over GSM channels ...) SSH has the same problems. It also

Re: delegating SSL certificates

2008-03-15 Thread Dave Howe
[EMAIL PROTECTED] wrote: So at the company I work for, most of the internal systems have expired SSL certs, or self-signed certs. Obviously this is bad. Sorta. TLS gets along with self signed just fine though, and obviously you can choose to accept a root or unsigned cert on a per-client

Re: delegating SSL certificates

2008-03-19 Thread Dave Howe
John Levine wrote: | Presumably the value they add is that they keep browsers from popping | up scary warning messages Apple's Mail.app checks certs on SSL-based mail server connections. It has the good - but also bad - feature that it *always* asks for user approval if it gets a cert it

Re: How is DNSSEC

2008-03-26 Thread Dave Howe
James A. Donald wrote: From time to time I hear that DNSSEC is working fine, and on examining the matter I find it is working fine except that DNSSEC is working fine as a technology. However, it is worth remembering that it works based on digitally signing an entire zone - the state of

Re: Can we copy trust?

2008-06-03 Thread Dave Howe
Ben Laurie wrote: Ed Gerck wrote: Ben Laurie wrote: But doesn't that prove the point? The trust that you consequently place in the web server because of the certificate _cannot_ be copied to another webserver. That other webserver has to go out and buy its own copy, with its own domain name

Re: Ransomware

2008-06-10 Thread Dave Howe
Jim Youll wrote: If there's just one key, then Kaspersky could get maximum press by paying the ransom and publishing it. If there are many keys, then Kaspersky still has reached its press-coverage quota, just not as dramatically. The key size would imply PKI; that being true, then the ransom

Re: Ransomware

2008-06-11 Thread Dave Howe
The Fungi wrote: On Tue, Jun 10, 2008 at 11:41:56PM +0100, Dave Howe wrote: The key size would imply PKI; that being true, then the ransom may be for a session key (specific per machine) rather than the master key it is unwrapped with. Per the computerworld.com article: Kaspersky has

Re: once more, with feeling.

2008-09-10 Thread Dave Howe
Darren J Moffat wrote: Warnings aren't enough in this context [ whey already exists ] the only thing that will work is stopping the page being seen - replacing it with a clearly worded explanation with *no* way to pass through and render the page (okay maybe with a debug build of the browser

Re: once more, with feeling.

2008-09-10 Thread Dave Howe
Paul Hoffman wrote: At 11:21 PM +0100 9/9/08, Dave Howe wrote: Darren J Moffat wrote: Warnings aren't enough in this context [ whey already exists ] the only thing that will work is stopping the page being seen - replacing it with a clearly worded explanation with *no* way to pass through

Re: X.509 certificate overview + status

2009-03-02 Thread Dave Howe
Travis wrote: Hello, Recently I set up certificates for my server's SSL, SMTP, IMAP, XMPP, and OpenVPN services. Actually, I created my own CA for some of the certificates, and in other cases I used self-signed. It took me substantially more time than I had anticipated, and I'm left with

Re: Source for Skype Trojan released

2009-09-08 Thread Dave Howe
Stephan Neuhaus wrote: On Aug 31, 2009, at 13:20, Jerry Leichter wrote: It can “...intercept all audio data coming and going to the Skype process.” Interesting, but is this a novel idea? As far as I can see, the process intercepts the audio before it reaches Skype and after it has left

Re: [Cryptography] AES [was NSA and cryptanalysis]

2013-09-17 Thread Dave Howe
On 16/09/2013 23:39, Perry E. Metzger wrote: On Mon, 16 Sep 2013 11:54:13 -1000 Tim Newsham tim.news...@gmail.com wrote: - A backdoor that leaks cryptographic secrets consider for example applications using an intel chip with hardware-assist for AES. You're feeding your AES keys directly

Re: [Cryptography] funding Tor development

2013-10-17 Thread Dave Howe
On 14/10/2013 14:36, Eugen Leitl wrote: Guys, in order to minimize Tor Project's dependance on federal funding and/or increase what they can do it would be great to have some additional funding ~10 kUSD/month. I would say what is needed is not one source at $10K/month but 10K sources at