RE: Maybe It's Snake Oil All the Way Down

2003-06-04 Thread Peter Gutmann
Lucky Green [EMAIL PROTECTED] writes: I trust that we can agree that the volume of traffic and number of transactions protected by SSL are orders of magnitude higher than those protected by SSH. As is the number of users of SSL. The overwhelming majority of which wouldn't know ssh from telnet.

Re: Maybe It's Snake Oil All the Way Down

2003-06-04 Thread Peter Gutmann
James A. Donald [EMAIL PROTECTED] writes: I never figured out how to use a certificate to authenticate a client to a web server, how to make a web form available to one client and not another. Where do I start? There's a two-level answer to this problem. At an abstract level, doing client certs

Re: Draft Edition of LibTomMath book

2003-06-28 Thread Peter Gutmann
Werner Koch [EMAIL PROTECTED] writes: Does the proprietary SSH still use GMP? I know no other major crypto apps using GMP for big number math. I've seen it used in a couple of lesser-known apps that I played with for interop testing, nothing that counts as a major app though. Maybe it's

Re: Attacking networks using DHCP, DNS - probably kills DNSSEC

2003-07-01 Thread Peter Gutmann
William Allen Simpson [EMAIL PROTECTED] writes: Would this be the DHCP working group that on at least 2 occasions when I was there, insisted that secure DHCP wouldn't require a secret, since DHCP isn't supposed to require configuration? Given that their goal is zero-configuration networking, I

Re: PRNG design document?

2003-09-03 Thread Peter Gutmann
Anton Stiglic [EMAIL PROTECTED] writes: It is important to chose both a random seed and random key, and FIPS 140 has no provision for this. Yes it does, you just have to interpret it correctly. The post-processed pool output [from the cryptlib generator] is not sent directly to the caller

Re: Is cryptography where security took the wrong branch?

2003-09-03 Thread Peter Gutmann
Ian Grigg [EMAIL PROTECTED] writes: There appear to be a number of metrics that have been suggested: a. nunber of design wins b. penetration into equivalent unprotected market c. number of actual attacks defeated d. subjective good at the application level e. worthless

Re: invoicing with PKI

2003-09-03 Thread Peter Gutmann
Peter Gutmann wrote: It's no less secure than what's being done now, and since you can make it completely invisible to the user at least it'll get used. If all new MTA releases automatically generated a self-signed cert and enabled STARTTLS, we'd see opportunistic email encryption adopted

Re: OpenSSL *source* to get FIPS 140-2 Level 1 certification

2003-09-09 Thread Peter Gutmann
Rich Salz [EMAIL PROTECTED] writes: Sure, that's why it's *the first.* They have never done this before, and it is very different to how they (or their Ft Meade experts) have done things before. I suppose one could argue that they're doing this for Level 1 to increase the industry demand for

Re: fyi: bear/enforcer open-source TCPA project

2003-09-11 Thread Peter Gutmann
Rich Salz [EMAIL PROTECTED] writes: Second, if the key's in hardware you *know* it's been stolen. You don't know that for software. Only for some definitions of stolen. A key held in a smart card that does absolutely everything the untrusted PC it's connected to tells it to is only marginally

Re: End of the line for Ireland's dotcom star

2003-09-23 Thread Peter Gutmann
John Young [EMAIL PROTECTED] writes: Who at Baltimore, or was once there, is likely to be able to account for the security of the certs for customers who still rely upon them? Not somebody to spin a fairy tale, but to truthfully explain what Baltimore has done to avoid betraying the trust of its

Re: End of the line for Ireland's dotcom star

2003-09-24 Thread Peter Gutmann
Anonymous via the Cypherpunks Tonga Remailer [EMAIL PROTECTED] writes: Why is it that none of those 100-odd companies with keys in the browsers are doing anything with them? Verisign has such a central role in the infrastructure, but any one of those other companies could compete. Why isn't

Re: why are CAs charging so much for certs anyway? (Re: End of the line for Ireland's dotcom star)

2003-09-25 Thread Peter Gutmann
Ed Gerck [EMAIL PROTECTED] writes: PRICING STRATEGY: CAs should keep their prices high and find ways to add price to current products (eg, offering insurance, different certificate classes, benefits for CRL access, etc.) -- because the potentially difficult mid-term future of such business impose

Re: Reliance on Microsoft called risk to U.S. security

2003-09-26 Thread Peter Gutmann
R. A. Hettinga [EMAIL PROTECTED] forwarded: But the security experts said the issue of computer security had more to do with the ubiquity of Microsoft's software than any flaws in the software. There was an example of a point raised in the paper the same day it was published, when two anti-spam

Re: A different Business Model for PKI (was two other subjects related to the demise of Baltimore)

2003-09-26 Thread Peter Gutmann
Ed Reed [EMAIL PROTECTED] writes: 2) PKI vendors looked at that and must have said - gee, if we can get $100-$150/yr/user for managing identity around PKI certificates, why shouldn't we? Actually it's even better than that, the companies using the managed service are still expected to act as

Re: Reliance on Microsoft called risk to U.S. security

2003-10-01 Thread Peter Gutmann
Bill Frantz [EMAIL PROTECTED] writes: The real problem is that the viewer software, whether it is an editor, PDF viewer, or a computer language interpreter, runs with ALL the user's privileges. If we ran these programs with a minimum of privilege, most of the problems would just go away. This

Re: Monoculture

2003-10-01 Thread Peter Gutmann
John S. Denker [EMAIL PROTECTED] writes: According to 'ps', an all-up ssh system is less than 3 megabytes (sshd, ssh- agent, and the ssh client). At current memory prices, your clients would save less than $1.50 per system even if their custom software could reduce this bulk to zero. Let me

Re: anonymous DH MITM

2003-10-01 Thread Peter Gutmann
Tim Dierks [EMAIL PROTECTED] writes: It does not, and most SSL/TLS implementations/installations do not support anonymous DH in order to avoid this attack. Uhh, I think that implementations don't support DH because the de facto standard is RSA, not because of any concern about MITM (see below).

Re: Protocol implementation errors

2003-10-04 Thread Peter Gutmann
Bill Frantz [EMAIL PROTECTED] writes: This is the second significant problem I have seen in applications that use ASN.1 data formats. (The first was in a widely deployed implementation of SNMP.) Given that good, security conscience programmers have difficultly getting ASN.1 parsing right, we

Re: Monoculture / Guild

2003-10-04 Thread Peter Gutmann
John Gilmore [EMAIL PROTECTED] writes: The Guild, such as it is, is a meritocracy; many previously unknown people have joined it since I started watching it in about 1990. The way to tell who's in the Guild is that they can break your protocols or algorithms, but you can't break theirs. PS: Of

Re: Protocol implementation errors

2003-10-06 Thread Peter Gutmann
Jerrold Leichter [EMAIL PROTECTED] writes: Both of these are helped by a well-specified low-level syntax. TLV encoding lets you cross-check all sorts of stuff automatically, once, in low-level calls. Ad hoc protocols scatter the validation all over the place - and some of it will inevitably be

Re: Other OpenSSL-based crypto modules FIPS 140 validated?

2003-10-07 Thread Peter Gutmann
Nathan P. Bardsley [EMAIL PROTECTED] writes: Anecdotally, I've heard that there are many, but almost all of them were done by vendors for embedding in their proprietary products. Ditto. The problem is that when vendors have spent $100K+ on the certification, they're very reluctant to give

Re: NCipher Takes Hardware Security To Network Level

2003-10-07 Thread Peter Gutmann
Anton Stiglic [EMAIL PROTECTED] writes: This is why you get requirements of the type that it should run on Windows in single-user mode, which I take to mean have only an admin account. This prevents privilege escalation attacks (regular user to root) that are easily done. I think this is

Re: Protocol implementation errors

2003-10-07 Thread Peter Gutmann
Markus Friedl [EMAIL PROTECTED] writes: On Sat, Oct 04, 2003 at 05:58:49PM +1200, Peter Gutmann wrote: We've already seen half the SSH implementations in existence taken out by the SSH malformed-packet vulnerabilities, I don't think so. According to the CERT advisory, roughly half of all

RE: Open Source (was Simple SSL/TLS - Some Questions)

2003-10-08 Thread Peter Gutmann
Rich Salz [EMAIL PROTECTED] writes: I think that rather than spending time on deciding what to call this library that is to-be-written, and how to license this library that is to-be-written, that time should be spent on, well, writing it. :) I would add to this the observation that rather than

Re: NCipher Takes Hardware Security To Network Level

2003-10-08 Thread Peter Gutmann
I wrote: Peter (I define myself to be A BIT CYNICAL about all this). Since it could appear that I'm gratuitously bashing FIPS 140 (or certification processes in general) here, I should clarify: As with all attempts at one- size-fits-all solutions, one size doesn't quite fit all. You can break

RE: Open Source (was Simple SSL/TLS - Some Questions)

2003-10-09 Thread Peter Gutmann
Peter Clay [EMAIL PROTECTED] writes: If you want a VPN that road warriors can use, you have to do it with IP-over- TCP. Nothing else survives NAT and agressive firewalling, not even Microsoft PPTP. IP-over-TCP has some potential performance problems, see

Re: NCipher Takes Hardware Security To Network Level

2003-10-13 Thread Peter Gutmann
Anton Stiglic [EMAIL PROTECTED] writes: But the problem is how can people who know nothing about security evaluate which vendor is most committed to security? For the moment, FIPS 140 and CC type certifications seem to be the only means for these people... Yeah, it's largely a case of looking

Re: NCipher Takes Hardware Security To Network Level

2003-10-16 Thread Peter Gutmann
Jerrold Leichter [EMAIL PROTECTED] writes: There was also an effort in England that produced a verified chip. Quite impressive, actually - but I don't know if anyone actually wanted the chip they (designed and) verified. The Viper. Because it needed to be formally verifiable, they had to leave

Re: WYTM?

2003-10-18 Thread Peter Gutmann
Damien Miller [EMAIL PROTECTED] writes: The SSH protocol supports certificates (X.509 and OpenPGP), though most implementations don't. One of the reason why many implementations may not support it is that the spec is completely ambiguous as to the data formats being used. For example it

Re: WYTM?

2003-10-19 Thread Peter Gutmann
Ian Grigg [EMAIL PROTECTED] writes: So, in reality, the spec does not specify, even if it uses the words? OK, so there is no surprise if there is no takeup. Actually I think the main reason was that there's virtually no interest in this. What was the motive for adding lip service into the

Re: WYTM?

2003-10-20 Thread Peter Gutmann
Thor Lancelot Simon [EMAIL PROTECTED] writes: I believe the VanDyke implementation also supports X.509, and interoperates with the ssh.com code. It was also my perception that, at the time, the VanDyke guy was basically shouted down when trying to discuss the utility of X.509 for this purpose

Re: PKI Research Workshop '04, CFP

2003-10-22 Thread Peter Gutmann
Carl Ellison [EMAIL PROTECTED] writes: The third annual PKI Research workshop CFP has been posted. I note that it's still not possible to use PKI to authenticate submissions to the PKI workshop :-). (To those people who missed the original comment a year or two back, the first PKI workshop

Re: SSL, client certs, and MITM (was WYTM?)

2003-11-12 Thread Peter Gutmann
Perry E. Metzger [EMAIL PROTECTED] writes: TLS is just a pretty straightforward well analyzed protocol for protecting a channel -- full stop. It can be used in a wide variety of ways, for a wide variety of apps. It happens to allow you to use X.509 certs, but if you really hate X.509, define an

Intel announces DRM-enabled motherboard

2003-11-12 Thread Peter Gutmann
Intel has just announced a desktop motherboard with Wave's Embassy chip built in at http://www.intel.com/design/motherbd/rh/index.htm. Embassy is a DRM chip that was more recently re-targeted slightly for, uhh, non-DRM TCPA/TPM/whatever when they realised that DRM hardware was a bit of a hard

Re: Clipper for luggage

2003-11-16 Thread Peter Gutmann
Bill Frantz [EMAIL PROTECTED] writes: I usually travel with zipper closed duffel bags. I fasten the zipper closed with a screw link. Anyone can unscrew the link and get into the bag, but it does effectively keep the zipper closed in transit. I suppose it also provides some level of security

Re: Partition Encryptor

2003-11-19 Thread Peter Gutmann
Dave Howe [EMAIL PROTECTED] writes: Peter Gutmann wrote: E4M needs some minor updates for XP by someone who knows about NT device drivers, otherwise you'll occasionally get problems unmounting volumes. Does anyone know of a version where this work has been done? Since this was last discussed

RE: Open Source Embedded SSL - (License and Memory)

2003-12-05 Thread Peter Gutmann
J Harper [EMAIL PROTECTED] writes: 2) Make it functional on systems without memory allocation. Did I mention that I work on (very) small embedded systems? Having fixed spaces for variables is useful when you want something to run deterministically for a long time with no resets, and I have yet

Re: PKI root signing ceremony, etc.

2003-12-15 Thread Peter Gutmann
Dave Howe [EMAIL PROTECTED] writes: Key management and auditing is pretty much external to the actual software regardless of which solution you use I would have thought. Not necessarily. I looked at this in an ACSAC'2000 paper (available from http://www.acsac.org/2000/abstracts/18.html). This

RE: Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel needed)

2003-12-20 Thread Peter Gutmann
Stefan Lucks [EMAIL PROTECTED] writes: Currently, I have three smart cards in my wallet, which I did not want to own and which I did never pay for. I never used any of them. Conversation from a few years ago, about multifunction smart cards: - Multifunction smart cards are great, because

Re: Difference between TCPA-Hardware and other forms of trust

2003-12-20 Thread Peter Gutmann
John Gilmore [EMAIL PROTECTED] writes: They eventually censored out all the sample application scenarios like DRM'd online music, and ramped up the level of jargon significantly, so that nobody reading it can tell what it's for any more. Now all the documents available at that site go on for

Re: stego in the wild: bomb-making CDs

2003-12-28 Thread Peter Gutmann
John Denker [EMAIL PROTECTED] writes: ] Thursday 25 December 2003, 17:13 Makka Time, 14:13 GMT ] ] Saudis swoop on DIY bomb guide [...] I suspect there is a lot more to this story.. The story could apply to any one of hundreds (thousands?) of hacker/warez CDs available off-the-shelf in the

RE: Non-repudiation (was RE: The PAIN mnemonic)

2003-12-28 Thread Peter Gutmann
Carl Ellison [EMAIL PROTECTED] writes: Ah. That's why they're trying to rename the corresponding keyUsage bit to contentCommitment then: Maybe, but that page defines it as: contentCommitment: for verifying digital signatures which are intended to signal that the signer is committing to the

Re: fun with CRLs!

2004-03-31 Thread Peter Gutmann
/. is reporting this, anyone know the real story? The CryptoAPI list has been lit up end to end with mail about this. The summary from one poster (Tim Anderson [EMAIL PROTECTED]) is: IE5.x's digital signature expired yesterday. Every computer that uses WinVerifyTrust now has to have the

Re: Verisign CRL single point of failure

2004-03-31 Thread Peter Gutmann
Rich Salz [EMAIL PROTECTED] writes: Can someone explain to me why the expiring of a certificate causes new massive CRL queries? Here's the reply straight from Verisign: -- Snip -- We wanted to pass on a notification that we have determined what we feel is the root cause of the CRL outage

Re: Cryptonomicon.Net - Key Splitting : First (and Second) Person Key Escrow

2004-04-19 Thread Peter Gutmann
R. A. Hettinga [EMAIL PROTECTED] quotes: One of our missions here at Cryptonomicon.Net is to advocate the use of appropriate cryptographic technology. One technology that's sorely missed in a number of commercial products is key splitting. Never heard of key splitting? That's not surprising.

Re: CAs for spies?

2004-05-28 Thread Peter Gutmann
Steve Bellovin [EMAIL PROTECTED] writes: Have you ever wondered what CA a spy agency would trust? In the case of the Mossad, it's Thawte. Minor nitpick: That should really be phrased as Have you ever wondered what CA a spy agency would select to make the browser warning dialogs go away?.

Re: Examining the Encryption Threat

2004-05-28 Thread Peter Gutmann
Peter Parker [EMAIL PROTECTED] writes: In one of the issue of ijde found at http://www.ijde.org/docs/04_winter_v2i3_art1.pdf the authors have analysed various encryption applications and discussed results for few sample applications. Does any one have the complete results. Tried mailing the

Re: The future of security

2004-05-28 Thread Peter Gutmann
Anton Stiglic [EMAIL PROTECTED] writes: I think cryptography techniques can provide a partial solution to spam. No they won't. All the ones I've seen are some variant on the build a big wall around the Internet and only let the good guys in, which will never work because the Internet doesn't

Re: Yahoo releases internet standard draft for using DNS as public key server

2004-05-31 Thread Peter Gutmann
Russell Nelson [EMAIL PROTECTED] writes: It would be better if the solution does NOT need industry support at all, only user support. It should use what is already available. This is the point in the script at which I laugh at you, Ed. S/MIME and PGP have been available for many many

Re: Yahoo releases internet standard draft for using DNS as public key server

2004-06-01 Thread Peter Gutmann
Russell Nelson [EMAIL PROTECTED] writes: Peter Gutmann writes: STARTTLS If Alice and Cathy both implement STARTTLS, and Beatty does not, and Beatty handles email which is ultimately sent to Cathy, then STARTTLS accomplishes nothing. If Uma and Wendy implement DomainKeys, and Violet does

Re: Article on passwords in Wired News

2004-06-03 Thread Peter Gutmann
An article on passwords and password safety, including this neat bit: For additional security, she then pulls out a card that has 50 scratch-off codes. Jubran uses the codes, one by one, each time she logs on or performs a transaction. Her bank, Nordea PLC, automatically sends a new

Re: Chalabi Reportedly Told Iran That U.S. Had Code

2004-06-13 Thread Peter Gutmann
On a semi-related note, there's ex-Iraqi crypto gear for sale on e-bay at http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItemcategory=296item=2249455706rd=1. Only used once by a slightly gullible/careless owner... It'd be interesting for someone with too much spare time on their hands to buy one of

Re: Breaking Iranian Codes (Re: CRYPTO-GRAM, June 15, 2003)

2004-06-15 Thread Peter Gutmann
R. A. Hettinga [EMAIL PROTECTED] forwarded: So now the NSA's secret is out. The Iranians have undoubtedly changed their encryption machines, and the NSA has lost its source of Iranian secrets. But little else is known. Who told Chalabi? Only a few people would know this important U.S. secret,

RE: recommendations/evaluations of free / low-cost crypto libraries

2004-06-29 Thread Peter Gutmann
Anton Stiglic [EMAIL PROTECTED] writes: A list can be found here http://www.homeport.org/~adam/crypto/ Hmm, that list is somewhat out of date (several years in some cases). Peter. - The Cryptography Mailing List Unsubscribe

Re: Question on the state of the security industry

2004-07-07 Thread Peter Gutmann
Steve Furlong [EMAIL PROTECTED] writes: On Wed, 2004-06-30 at 06:49, Ian Grigg wrote: Here's my question - is anyone in the security field of any sort of repute being asked about phishing, consulted about solutions, contracted to build? Anything? Nothing here. Spam is the main concern on

Re: Using crypto against Phishing, Spoofing and Spamming...

2004-07-25 Thread Peter Gutmann
Enzo Michelangeli [EMAIL PROTECTED] writes: Can someone explain me how the phishermen escape identification and prosecution? Gaining online access to someone's account allows, at most, to execute wire transfers to other bank accounts: Some (a lot of?) large-scale phishing is done by or with the

Re: dual-use digital signature [EMAIL PROTECTED]

2004-07-25 Thread Peter Gutmann
Sean W. Smith [EMAIL PROTECTED] writes: I would have thought that de facto standard approach is: the client constructs the certificate request message, which contains things like the public key and identifying info, and signs it. The CA then checks the signature against the public key in the

Re: dual-use digital signature [EMAIL PROTECTED]

2004-07-28 Thread Peter Gutmann
Anne Lynn Wheeler [EMAIL PROTECTED] write: the assertion here is possible threat model confusion when the same exact technology is used for two significantly different business purposes. I don't think there's any confusion about the threat model, which is Users find it too difficult to generate

Re: dual-use digital signature [EMAIL PROTECTED]

2004-07-28 Thread Peter Gutmann
Richard Levitte - VMS Whacker [EMAIL PROTECTED] writes: Peter, are you talking about generic CAs or in-corporation ones? Both. Typically what happens is that the CA generates the key and cert and mails it to the user as a PKCS #12 file, either in plaintext, with the password in the same email,

RE: dual-use digital signature [EMAIL PROTECTED]

2004-07-30 Thread Peter Gutmann
[EMAIL PROTECTED] writes: 2 centsIn the business cases pointed out where it is good that the multiple parties hold the private key, I feel the certificate should indicate that there are multiple parties so that Bob can realize he is having authenticated and private communications with Alice _and_

NIST announces (proposed) withdrawal of DES

2004-07-30 Thread Peter Gutmann
For those who haven't seen the announcement: -- Snip -- July 27, 2004 -- NIST has determined that the strength of the (single) Data Encryption Standard (DES) algorithm is no longer sufficient to adequately protect Federal government information. As a result, NIST proposes withdrawing FIPS 46-3,

RE: dual-use digital signature [EMAIL PROTECTED]

2004-08-01 Thread Peter Gutmann
[EMAIL PROTECTED] writes: Your certificate definition says additionalRecipients, mine says additionalSubjects, Fred-over-there's says coKeyOwners. The OIDs for these extensions end up all different. A human may be able to parse the intent from the ASN.1 it but email programs will have difficulty.

Re: should you trust CAs? (Re: dual-use digital signature vulnerability)

2004-08-01 Thread Peter Gutmann
Aram Perez [EMAIL PROTECTED] writes: I agree with Michael H. If you trust the CA to issue a cert, it's not that much more to trust them with generating the key pair. Trusting them to safely communicate the key pair to you once they've generated it is left as an exercise for the reader :-).

RE: Microsoft .NET PRNG (fwd)

2004-08-02 Thread Peter Gutmann
Forwarded here as the original forum is having no success. [...] I'm looking for the same information. I want to know which method does MS Crypto API use in order to obtain strong random seeds. This is cross-posted back to the original list (with snippets from various postings) to try and tie

Good quote about the futility of ID-checking

2004-08-21 Thread Peter Gutmann
Yeterday I watched Gillo Pontecorvo's 1966 film The Battle of Algiers, a dramatisation of real events that looks at France's own war on terror in Algeria in the 1950s. The police attempt to control things by only allowing people who can show valid ID into the european quarter of Algiers via a few

Re: Compression theory reference?

2004-09-01 Thread Peter Gutmann
Hadmut Danisch [EMAIL PROTECTED] writes: I need a literature reference for a simple problem of encoding/compression theory: comp.compression FAQ, probably question #1 given the number of times this comes up in the newsgroup. (I've just checked, it's question #9 in part 1. Question #73 in part

Re: [anonsec] Re: potential new IETF WG on anonymous IPSec (fwd from [EMAIL PROTECTED]) (fwd from [EMAIL PROTECTED])

2004-09-13 Thread Peter Gutmann
Steven M. Bellovin [EMAIL PROTECTED] writes: Maybe it's worth doing some sort of generic RFC for this security model to avoid scattering the same thing over a pile of IETF WGs, Sounds good. Who wants to write it...? Since there seems to be at least some interest in this, I'll make a start on

Re: Certificate serial number generation algorithms

2004-10-11 Thread Peter Gutmann
Eric Rescorla [EMAIL PROTECTED] writes: In particular, Verisign's is very long and I seem to remember someone telling me it was a hach but I don't recall the details... It's just a SHA-1 hash. Many CAs use this to make traffic analysis of how many (or few) certificates they're issuing

Re: Financial identity is *dangerous*? (was re: Fake companies, real money)

2004-10-28 Thread Peter Gutmann
[EMAIL PROTECTED] writes: No need to buy a company just to use its product in your development shop. They're not using it in their development shop, that's their standard development environment that they ship to all Windows CE, Pocket PC, SmartPhone, and XP Embedded developers (and include free

Re: Anti-RFID outfit deflates Mexican VeriChip hype

2004-12-05 Thread Peter Gutmann
R.A. Hettinga [EMAIL PROTECTED] forwarded: Promoting implanted RFID devices as a security measure is downright 'loco,' says Katherine Albrecht. Advertising you've got a chip in your arm that opens important doors is an invitation to kidnapping and mutilation. Since kidnapping is sort of an

Re: Simson Garfinkel analyses Skype - Open Society Institute

2005-01-26 Thread Peter Gutmann
David Wagner [EMAIL PROTECTED] writes: Is Skype secure? The answer appears to be, no one knows. There have been other posts about this in the past, even though they use known algorithms the way they use them is completely homebrew and horribly insecure: Raw, unpadded RSA, no message

Re: A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

2005-02-16 Thread Peter Gutmann
Steven M. Bellovin [EMAIL PROTECTED] writes: Is a private root key (or the equivalent signing device) an asset that can be acquired under bankruptcy proceedings? Almost certainly. Absolutely certainly. Even before Baltimore, CA's private keys had been bought and sold from/to third parties,

Re: How to Stop Junk E-Mail: Charge for the Stamp

2005-02-16 Thread Peter Gutmann
Barry Shein [EMAIL PROTECTED] writes: Eventually email will just collapse (as it's doing) and the RBOCs et al will inherit it and we'll all be paying 15c per message like their SMS services. And the spammers will be using everyone else's PC's to send out their spam, so the spam problem will

Re: That's gratitude for ya...

2005-02-17 Thread Peter Gutmann
Rich Salz [EMAIL PROTECTED] writes: Why would mozilla embed this? If they came here, to the putative experts, for an evaluation, they'd leave thinking Amir and company just invented Rot-13. It's not that. It's also not perfect. BFD -- you got anything better? This ties in to one of my

Re: how to phase in new hash algorithms?

2005-03-25 Thread Peter Gutmann
Steven M. Bellovin [EMAIL PROTECTED] writes: We all understand the need to move to better hash algorithms than SHA1. At a minimum, people should be switching to SHA256/384/512; arguably, Whirlpool is the right way to go. The problem is how to get there from here. So -- what should we as a

Re: and constrained subordinate CA costs?

2005-03-29 Thread Peter Gutmann
Erwann ABALEA [EMAIL PROTECTED] writes: On Fri, 25 Mar 2005, Florian Weimer wrote: * Adam Back: Does anyone have info on the cost of sub-ordinate CA cert with a name space constraint (limited to issue certs on domains which are sub-domains of a your choice... ie only valid to issue certs on

Invalid banking cert spooks only one user in 300

2005-05-20 Thread Peter Gutmann
Invalid banking cert spooks only one user in 300 Stephen Bell, Computerworld 16/05/2005 09:19:10 Up to 300 New Zealand BankDirect customers were presented with a security alert when they visited the bank's website earlier this month - and all but one dismissed the warning and carried

Re: Citibank discloses private information to improve security

2005-05-31 Thread Peter Gutmann
James A. Donald [EMAIL PROTECTED] writes: With bank web sites, experience has shown that only 0.3% of users are deterred by an invalid certificate, probably because very few users have any idea what a certificate authority is, what it does, or why they should care. James (and others): I really

RE: Citibank discloses private information to improve security

2005-05-31 Thread Peter Gutmann
Heyman, Michael [EMAIL PROTECTED] writes: In this situation, I believe that the users, through hard won experience with computers, _correctly_ assumed this was a false positive. Probably not. This issue was discussed at some length on the hcisec list, (security usability,

RE: Citibank discloses private information to improve security

2005-06-02 Thread Peter Gutmann
Heyman, Michael [EMAIL PROTECTED] writes: The false positive I was referring to is the something is telling me something unimportant positive. I didn't mean to infer that the users likely went through a thought process centered around the possible causes of the certificate failure, specifically

Re: Digital signatures have a big problem with meaning

2005-06-03 Thread Peter Gutmann
Rich Salz [EMAIL PROTECTED] writes: I think signatures are increasingly being used for technical reasons, not legal. That is, sign and verify just to prove that all the layers of middleware and Internet and general bugaboos didn't screw with it. That cuts both ways though. Since so many

Re: Digital signatures have a big problem with meaning

2005-06-03 Thread Peter Gutmann
Anne Lynn Wheeler [EMAIL PROTECTED] writes: the problem was that xml didn't have a deterministic definition for encoding fields. Yup, see Why XML Security is Broken, http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt, for more on this. Mind you ASN.1 is little better, there are rules for

Re: Digital signatures have a big problem with meaning

2005-06-08 Thread Peter Gutmann
Ben Laurie [EMAIL PROTECTED] writes: Anne Lynn Wheeler wrote: Peter Gutmann wrote: That cuts both ways though. Since so many systems *do* screw with data (in insignificant ways, e.g. stripping trailing blanks), anyone who does massage data in such a way that any trivial change

Re: AmEx unprotected login site

2005-06-09 Thread Peter Gutmann
Perry E. Metzger [EMAIL PROTECTED] writes: Steven M. Bellovin [EMAIL PROTECTED] writes: They're still doing the wrong thing. Unless the page was transmitted to you securely, you have no way to trust that your username and password are going to them and not to someone who cleverly sent you an

Re: Digital signatures have a big problem with meaning

2005-06-13 Thread Peter Gutmann
Rich Salz [EMAIL PROTECTED] writes: Peter's shared earlier drafts with me, and we've exchanged email about this. The only complaint that has a factual basis is this: I don't want to have to implement XML processing to do XML Digital Signatures I don't want to have to

RE: encrypted tapes (was Re: Papers about Algorithm hiding ?)

2005-06-13 Thread Peter Gutmann
Jerrold Leichter [EMAIL PROTECTED] writes: They also sold a full solution for encrypted Ethernet - KDC, encrypting Ethernet adapters, associated software. None of this stuff went anywhere. People just weren't interested. That wasn't quite the case for the Ethernet encryption. What happened

Re: AES cache timing attack

2005-06-17 Thread Peter Gutmann
[EMAIL PROTECTED] (Hal Finney) writes: Steven M. Bellovin writes: Dan Bernstein has a new cache timing attack on AES: http://cr.yp.to/antiforgery/cachetiming-20050414.pdf This is a pretty alarming attack. It is? Recovering a key from a server custom-written to act as an oracle for the

Re: AES cache timing attack

2005-06-20 Thread Peter Gutmann
Stephan Neuhaus [EMAIL PROTECTED] writes: Concerning the practical use of AES, you may be right (even though it would be nice to have some advice on what one *should* do instead). Definitely. Maybe time for a BCP, not just for AES but for general block ciphers? But as far as I know, resistance

Re: AES cache timing attack

2005-06-21 Thread Peter Gutmann
Ian G [EMAIL PROTECTED] writes: Definitely. Maybe time for a BCP, not just for AES but for general block ciphers? What is a BCP? Best Coding Practices? Block Cipher Protocol? Best Current Practice, a special-case type of RFC. Based on recent experience with this style of collaborative

Re: massive data theft at MasterCard processor

2005-06-21 Thread Peter Gutmann
Peter Fairbrother [EMAIL PROTECTED] writes: Steven M. Bellovin wrote: Designing a system that deflects this sort of attack is challenging. The right answer is smart cards that can digitally sign transactions No, it isn't! A handwritten signature is far better, it gives post-facto evidence about

Re: AES cache timing attack

2005-06-21 Thread Peter Gutmann
Ian G [EMAIL PROTECTED] writes: On Tuesday 21 June 2005 13:45, Peter Gutmann wrote: Best Current Practice, a special-case type of RFC. Based on recent experience with this style of collaborative document editing, I've set up a wiki at http://blockcipher.pbwiki.com/, blank username, password 'sbox

Re: AES cache timing attack

2005-06-21 Thread Peter Gutmann
Ian Grigg [EMAIL PROTECTED] writes: Alternatively, if one is in the unfortunate position of being an oracle for a single block encryption then the packet could be augmented with a cleartext random block to be xor'd with the key each request. Moves you from being an encryption oracle to a

Re: the limits of crypto and authentication

2005-07-11 Thread Peter Gutmann
[EMAIL PROTECTED] writes: Take a look at Boojum Mobile -- it is precisely the idea of using the cell phone as an out-of-band chanel for an in-band transaction. http://www.boojummobile.com Banks here have been using it to authenticate higher-value electronic transactions as well. The way it

Re: mother's maiden names...

2005-07-14 Thread Peter Gutmann
Perry E. Metzger [EMAIL PROTECTED] writes: Why is it, then, that banks are not taking digital photographs of customers when they open their accounts so that the manager's computer can pop up a picture for him, which the bank has had in possession the entire time and which I could not have forged?

Re: mother's maiden names...

2005-07-15 Thread Peter Gutmann
Ian Brown [EMAIL PROTECTED] writes: Steven M. Bellovin wrote: Cambridge Trust puts your picture on the back of your VISA card, for instance. They have for more than a decade, maybe even two. One New York bank -- long since absorbed into some megabank -- did the same thing about 30 years ago.

Re: ID theft -- so what?

2005-07-19 Thread Peter Gutmann
John Kelsey [EMAIL PROTECTED] writes: One nontrivial reason is that many organizations have spent a lot of time and money building up elaborate rules for using PKI, after long negotiations between legal and technical people, many hours of writing and revising, gazillions of dollars in

Re: ID theft -- so what?

2005-07-19 Thread Peter Gutmann
James A. Donald [EMAIL PROTECTED] writes: The PKI that was designed to serve no very useful function other than make everyone in the world pay $100 a year to Verisign is dead. Yet the technology is potent, and the problems of identity and authenticity are severe. We shall, bye and bye, see

Re: solving the wrong problem

2005-08-08 Thread Peter Gutmann
Adam Shostack [EMAIL PROTECTED] writes: Let me propose another answer to Perry's question: Wearing a millstone around your neck to ward off vampires. This expresses both ends of a lose/lose proposition: -- a burdensome solution -- to a fantastically unimportant problem. That sounds a

Re: solving the wrong problem

2005-08-09 Thread Peter Gutmann
Peter Fairbrother [EMAIL PROTECTED] writes: Peter Gutmann wrote: Peter Fairbrother [EMAIL PROTECTED] writes: Didn't the people who did US/USSR nuclear arms verification do something very similar, except the characterised surface was sparkles in plastic painted on the missile rather than paper

How much for a DoD X.509 certificate?

2005-08-11 Thread Peter Gutmann
$25 and a bit of marijuana, apparently. See: http://www.wjla.com/news/stories/0305/210558.html http://www.wjla.com/news/stories/0105/200474.html Although the story doesn't mention this, the ID in question was the DoD Common Access Card, a smart card containing a DoD-issued certificate. To

  1   2   3   4   5   >