Re: [cryptography] Mobile Devices and Location Information as Entropy?

2011-04-02 Thread Jeffrey Walton
On Sat, Apr 2, 2011 at 4:15 AM, Kevin W. Wall kevin.w.w...@gmail.com wrote: On 04/02/2011 04:10 AM, Jeffrey Walton wrote: Hi Guys, Given a mobile device with GPS location data available, is there any benefit to using the location data as an entropy source? I'm wondering how useful GPS

Re: [cryptography] Current state of brute-forcing random keys?

2011-06-09 Thread Jeffrey Walton
On Thu, Jun 9, 2011 at 1:14 PM, Paul Hoffman paul.hoff...@vpnc.org wrote: Greetings again. I am helping someone design a system that will involve giving someone a randomly-generated key that they have to type in order to unlock data that is private but not terribly valuable. Thus, we want to

Re: [cryptography] Digital cash in the news...

2011-06-11 Thread Jeffrey Walton
On Sat, Jun 11, 2011 at 4:13 PM, John Levine jo...@iecc.com wrote: Unlike fiat currencies, algorithms assert limit of total volume. And the mint and transaction infrastructure is decentral, so there's no single point of control. These both are very useful properties. Useful for something, but

Re: [cryptography] Digital cash in the news...

2011-06-12 Thread Jeffrey Walton
On Sun, Jun 12, 2011 at 10:44 PM, James A. Donald jam...@echeque.com wrote: On 2011-06-12 8:53 AM, Nico Williams wrote: A fiat currency with no capital controls and reasonably free trade is probably the best currency system yet.  Details do matter though. If operated by far sighted men with

Re: [cryptography] Digital cash in the news...

2011-06-12 Thread Jeffrey Walton
On Sun, Jun 12, 2011 at 11:54 PM, Nico Williams n...@cryptonector.com wrote: On Sun, Jun 12, 2011 at 10:34 PM, Jeffrey Walton noloa...@gmail.com wrote: I think Sparta had it right in this instance: put the public officials on trial when their term is over, and make them accountable

Re: [cryptography] Digital cash in the news...

2011-06-13 Thread Jeffrey Walton
On Mon, Jun 13, 2011 at 9:22 PM, James A. Donald jam...@echeque.com wrote: I was at ground zero of the crisis: Sunnyvale California. And every person I saw buying a seven hundred thousand dollar house was a cat eating no hablo english wetback with no regular job. On 2011-06-14 1:29 AM,

Re: [cryptography] crypto security/privacy balance (Re: Digital cash in the news...)

2011-06-15 Thread Jeffrey Walton
On Wed, Jun 15, 2011 at 2:36 PM, StealthMonger stealthmon...@nym.mixmin.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nico Williams n...@cryptonector.com writes: crypto has a place ... to protect us ... from foreign powers, and from casual inspection by one's state Some

Re: [cryptography] Is Bitcoin legal?

2011-06-15 Thread Jeffrey Walton
On Wed, Jun 15, 2011 at 10:14 PM, Steven Bellovin s...@cs.columbia.edu wrote: http://www.concurringopinions.com/archives/2011/06/mining-for-bitcoins.html and it's worth noting that the author of that post, Brian Frye, is a law professor:

Re: [cryptography] Digital cash in the news...

2011-06-16 Thread Jeffrey Walton
On Sun, Jun 12, 2011 at 9:44 PM, James A. Donald jam...@echeque.com wrote: On 2011-06-12 8:53 AM, Nico Williams wrote: [SNIP] Greece is going broke from too much vote buying.  Governments are reluctant let Greece go broke, for fear of contagion.  So they lend the Greeks more money, which is

Re: [cryptography] RDRAND and Is it possible to protect against malicious hw accelerators?

2011-06-21 Thread Jeffrey Walton
On Tue, Jun 21, 2011 at 1:18 PM, Ian G i...@iang.org wrote: On 18/06/11 8:16 PM, Marsh Ray wrote: On 06/18/2011 03:08 PM, slinky wrote:  But we know there are still hundreds of trusted root CAs, many from governments, that will silently install themselves into Windows at the request of

Re: [cryptography] Oddity in common bcrypt implementation

2011-06-29 Thread Jeffrey Walton
On Wed, Jun 29, 2011 at 11:06 AM, Marsh Ray ma...@extendedsubset.com wrote: On 06/29/2011 06:49 AM, Peter Gutmann wrote: So far I've had exactly zero complaints about i18n or c18n-based password issues. [Pause] Yup, just counted them again, definitely zero.  Turns out that most of the

Re: [cryptography] preventing protocol failings

2011-07-06 Thread Jeffrey Walton
On Wed, Jul 6, 2011 at 7:07 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: I wrote: BER and DER are actually the safest encodings of the major security protocols I work with. Based on the following, which just appeared on another list:  In contrast to RFC 5280,  X.509 does not require

Re: [cryptography] Bitcoin observation

2011-07-08 Thread Jeffrey Walton
On Thu, Jul 7, 2011 at 9:53 PM, John Levine jo...@iecc.com wrote: It is my intuition that nation states of all stripes aren't going to like them. Some set of them would be happy to let the banks and speculators take care of it. Some of them would engage in actual hacking to hurt the currency, and

Re: [cryptography] ssh-keys only and EKE for web too (Re: preventing protocol failings)

2011-07-13 Thread Jeffrey Walton
On Wed, Jul 13, 2011 at 2:17 PM, James A. Donald jam...@echeque.com wrote: On 2011-07-13 9:10 PM, Peter Gutmann wrote: As for Microsoft, Opera, etc who knows?  (If you work on, or have worked on, any of these browsers, I'd like to hear more about why it hasn't been considered).  I think

Re: [cryptography] OTR and deniability

2011-07-17 Thread Jeffrey Walton
On Sat, Jul 16, 2011 at 7:23 PM, Marsh Ray ma...@extendedsubset.com wrote: On 07/15/2011 11:21 PM, Ian Goldberg wrote: Just to be clear: there are _no_ OTR-related mathematical points or issues here.  The logs were in plain text.  OTR has nothing at all to do with their deniability. It's a

[cryptography] OTR and Log Files

2011-07-19 Thread Jeffrey Walton
Hey Guys - Watching the other OTR thread, what destroyed OTR's deniability property for Manning? If Manning's machine was logging (does anyone even know?), I would expect the logs to be the culprit. But if only Lamo's machine had logs, would the property still hold (as Marsh said, there are a

[cryptography] Military chip crypto cracked with power-analysis probe

2011-07-27 Thread Jeffrey Walton
http://www.theregister.co.uk/2011/07/27/chip_crypto_cracked/ ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

[cryptography] OT: RSA's Pwnie Award

2011-08-08 Thread Jeffrey Walton
In case anyone is interested, RSA won a Pwnie for lamest vendor response for its RSA SecurID token compromise: http://pwnies.com/winners/ ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

[cryptography] OT: Found: the missing link in RSA SecurID hack Read more: Found: the missing link in RSA SecurID hack

2011-08-26 Thread Jeffrey Walton
It kind of takes the wind out of the sails of the Advanced Persistent Threat defense http://www.pcpro.co.uk/news/security/369556/found-the-missing-link-in-rsa-securid-hack: Security researchers have finally discovered the back-door file that allowed hackers to break into RSA and subsequently

[cryptography] OT: Dutch Government: Websites' Safety Not Guaranteed

2011-09-03 Thread Jeffrey Walton
http://abcnews.go.com/Technology/wireStory?id=14441405 The Dutch government said Saturday it cannot guarantee the security of its own websites, days after the private company it uses to authenticate them admitted it was hacked. An official also said the government was taking over the company's

Re: [cryptography] Fwd: Comodo hacker: I hacked DigiNotar too; other CAs breached

2011-09-06 Thread Jeffrey Walton
On Tue, Sep 6, 2011 at 5:56 PM, David Koontz david_koo...@xtra.co.nz wrote: http://arstechnica.com/security/news/2011/09/comodo-hacker-i-hacked-diginotar-too-other-cas-breached.ars :: As with the statements issued after the Comodo hack, the DigiNotar statement was clear about one thing: the

[cryptography] OT: DigiNotar Certificates Are Pulled, but Not on Smartphones

2011-09-07 Thread Jeffrey Walton
(As far as I know, Apple has not fixed their desktop/server software either. The folks that have to deal with it are still hacking solutions [1]. Its not a big surprise, since Apple's PKI appears to be generally broken from a programmer's perspective [2]).

[cryptography] [OT] After Digital Certificate Hack, Mozilla Seeks Reassurances

2011-09-08 Thread Jeffrey Walton
I wonder how many CAs are going to report back with defects and promises that they will fix? http://www.pcworld.com/businesscenter/article/239699/after_digital_certificate_hack_mozilla_seeks_reassurances.html In emails sent out to digital certificate authorities Thursday, Mozilla Certificate

Re: [cryptography] PKI fixes that don't fix PKI (part III)

2011-09-11 Thread Jeffrey Walton
On Sun, Sep 11, 2011 at 8:58 AM, Ian G i...@iang.org wrote: On 11/09/2011, at 7:50, Steven Bellovin s...@cs.columbia.edu wrote: On Sep 10, 2011, at 4:14 00PM, John Levine wrote: [SNIP] The issue, then, is one of motivation -- given the current market price for stolen credit card

[cryptography] [OT]: SQL injection blamed for widespread DNS hack

2011-09-11 Thread Jeffrey Walton
While PKI has many shortcomings, DigiNotar has shown the industry can effectively kill off a deficient CA. Are there any measures in place to keep a deficient registrar out of DNS? Or will NetNames still be serving up records with a promise to do better? [Naively, I thought the DNS hacks were

Re: [cryptography] Let's go back to the beginning on this

2011-09-13 Thread Jeffrey Walton
On Mon, Sep 12, 2011 at 5:48 PM, James A. Donald jam...@echeque.com wrote:    -- On 2011-09-11 4:09 PM, Jon Callas wrote: The bottom line is that there are places that continuity works well -- phone calls are actually a good one. There are places it doesn't. The SSL problem that Lucky has

Re: [cryptography] Let's go back to the beginning on this

2011-09-16 Thread Jeffrey Walton
On Fri, Sep 16, 2011 at 4:58 AM, Ben Laurie b...@links.org wrote: On Fri, Sep 16, 2011 at 8:57 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: Marsh Ray ma...@extendedsubset.com writes: The CAs can each fail on you independently. Each one is a potential weakest link in the chain that the

Re: [cryptography] The consequences of DigiNotar's failure

2011-09-17 Thread Jeffrey Walton
On Fri, Sep 16, 2011 at 1:07 PM, M.R. makro...@gmail.com wrote: On 16/09/11 09:16, Jeffrey Walton wrote: The problem is that people will probably die due Digitar's failure. I am not the one to defend DigiNotar, but I would not make such dramatic assumption. I don't think DigiNotar has any

Re: [cryptography] Math corrections [was: Let's go back to the beginning on this]

2011-09-18 Thread Jeffrey Walton
On Sun, Sep 18, 2011 at 1:37 AM, Marsh Ray ma...@extendedsubset.com wrote: On 09/17/2011 11:59 PM, Arshad Noor wrote: The real problem, however, is not the number of signers or the length of the cert-chain; its the quality of the certificate manufacturing process. No, you have it exactly

Re: [cryptography] The consequences of DigiNotar's failure

2011-09-18 Thread Jeffrey Walton
On Sun, Sep 18, 2011 at 5:18 AM, Ian G i...@iang.org wrote: On 18/09/11 8:38 AM, Jeffrey Walton wrote: On Fri, Sep 16, 2011 at 1:07 PM, M.R.makro...@gmail.com  wrote: On 16/09/11 09:16, Jeffrey Walton wrote: The problem is that people will probably die due Digitar's failure. I am

Re: [cryptography] Using Cloud to Obfuscate Liability

2011-09-18 Thread Jeffrey Walton
On Sun, Sep 18, 2011 at 6:43 AM, Ian G i...@iang.org wrote: On 18/09/11 7:30 PM, Jeffrey Walton wrote: Its kind of like the poor man's cloud (and corporate america is flocking to the cloud, in part due to the additional layer of liability offload). ! OK, I'll bite. How does one offload

Re: [cryptography] Math corrections

2011-09-20 Thread Jeffrey Walton
On Mon, Sep 19, 2011 at 7:31 PM, Benjamin Kreuter brk...@virginia.edu wrote: On 09/18/2011 05:11 PM, Marsh Ray wrote: B. If your threat model considers as an adversary government A, then you're in good company with governments B through Z. So all the comments on won't save you from The

[cryptography] [OT]: End of the road for DigiNotar as bankruptcy declared

2011-09-20 Thread Jeffrey Walton
http://nakedsecurity.sophos.com/2011/09/20/end-of-the-road-for-diginotar-as-bankruptcy-declared/ DigiNotar, the Dutch certificate authority which hackers compromised and used to generate hundreds of bogus web security certificates, has filed for bankruptcy. The announcement that DigiNotar has

Re: [cryptography] Math corrections

2011-09-21 Thread Jeffrey Walton
On Wed, Sep 21, 2011 at 12:30 PM, Arshad Noor arshad.n...@strongauth.com wrote: On 09/18/2011 11:59 AM, Peter Gutmann wrote: Arshad Noorarshad.n...@strongauth.com  writes: Just because you come across one compromised CA out of 100 in the browser, does not imply that the remaining 99 are

Re: [cryptography] code signing a nuisance?

2011-09-22 Thread Jeffrey Walton
On Thu, Sep 22, 2011 at 1:32 AM, Chris Palmer snackypa...@gmail.com wrote: On Sep 21, 2011, at 10:11 PM, M.R. wrote: Please look into how code signing on Android works and what it means. A quick summary would be appreciated, especially on the meaning part. Google: [ android code signing ]

[cryptography] [OT]: From the Experts: SSL Hacked!

2011-09-27 Thread Jeffrey Walton
Not surprisingly, none of the suggestions below benefit the consumer or individual. Perhaps they should just use GPL like verbiage - not fit for any use. Enterprise can't rely on encrypted communications anymore, but corporate counsel can champion a fix

Re: [cryptography] validating SSL cert chains timestamps

2011-10-07 Thread Jeffrey Walton
On Fri, Oct 7, 2011 at 7:59 PM, Kevin W. Wall kevin.w.w...@gmail.com wrote: On Fri, Oct 7, 2011 at 5:56 PM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: travis+ml-rbcryptogra...@subspacefield.org writes: If we assume that the lifetime of the cert is there to limit its window of

Re: [cryptography] ECDSA - patent free?

2011-11-09 Thread Jeffrey Walton
On Wed, Nov 9, 2011 at 1:22 PM, Adam Back a...@cypherspace.org wrote: Anyone have informed opinions on whether ECDSA is patent free? ECDSA is part of BIST's Digital Signature Standard. A royalty free license is a requisite. Any suggestions on EC capable crypto library that implements things

Re: [cryptography] if MitM via sub-CA is going on, need a name-and-shame catalog (Re: really sub-CAs for MitM deep packet inspectors?)

2011-12-02 Thread Jeffrey Walton
On Fri, Dec 2, 2011 at 2:00 PM, ianG i...@iang.org wrote: On 3/12/11 03:36 AM, Ben Laurie wrote: On Fri, Dec 2, 2011 at 4:14 PM, ianGi...@iang.org  wrote: On 2/12/11 23:00 PM, Peter Gutmann wrote: I guess if you're running into this sort of thing for the first time then you'd be out for

Re: [cryptography] Non-governmental exploitation of crypto flaws?

2011-12-02 Thread Jeffrey Walton
On Sun, Nov 27, 2011 at 3:10 PM, Steven Bellovin s...@cs.columbia.edu wrote: Does anyone know of any (verifiable) examples of non-government enemies exploiting flaws in cryptography?  I'm looking for real-world attacks on short key lengths, bad ciphers, faulty protocols, etc., by parties other

Re: [cryptography] How are expired code-signing certs revoked?

2011-12-08 Thread Jeffrey Walton
2011/12/7 Marsh Ray ma...@extendedsubset.com: On 12/07/2011 07:01 PM, lodewijk andré de la porte wrote: I figured it'd be effective to create a security awareness group figuring the most prominent (and only effective) way to show people security is a priority is by placing a simple marking,

Re: [cryptography] How are expired code-signing certs revoked?

2011-12-09 Thread Jeffrey Walton
On Fri, Dec 9, 2011 at 5:28 PM, Nico Williams n...@cryptonector.com wrote: On Fri, Dec 9, 2011 at 4:08 PM, Steven Bellovin s...@cs.columbia.edu wrote: On Dec 9, 2011, at 3:46 18PM, Jon Callas wrote: If it were hard to get signing certs, then we as a community of developers would demonize the

Re: [cryptography] How are expired code-signing certs revoked?

2011-12-09 Thread Jeffrey Walton
On Fri, Dec 9, 2011 at 6:00 PM, Nico Williams n...@cryptonector.com wrote: On Fri, Dec 9, 2011 at 4:41 PM, Jeffrey Walton noloa...@gmail.com wrote: This strengthens the argument for digital signatures as a means of providing upgrade continuity and related application grouping / isolation

Re: [cryptography] Another CA hacked, it seems.

2011-12-17 Thread Jeffrey Walton
On Thu, Dec 8, 2011 at 11:07 PM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote: Ralph Holz h...@net.in.tum.de writes: As I said, at this rate we shall have statistically meaningful large numbers of CA hacks by 2013: KPN is claiming there's nothing to worry about, please move along:

Re: [cryptography] Password non-similarity?

2011-12-31 Thread Jeffrey Walton
On Sat, Dec 31, 2011 at 4:44 PM, John Levine jo...@iecc.com wrote: This is the very question I was asking: *WHY* changed regularly?  What threat/vulnerability is addressed by regularly changing your password? I finally realized, that's so when the organization gets pwn3d, you won't have used

Re: [cryptography] Password non-similarity?

2011-12-31 Thread Jeffrey Walton
On Sat, Dec 31, 2011 at 9:05 PM, Kevin W. Wall kevin.w.w...@gmail.com wrote: On Tue, Dec 27, 2011 at 6:12 PM, Steven Bellovin s...@cs.columbia.edu wrote: [snip] Here's a heretical thought: require people to change their passwords -- and publish the old ones.  That might even be a good idea...

Re: [cryptography] Password non-similarity?

2011-12-31 Thread Jeffrey Walton
On Sat, Dec 31, 2011 at 10:29 PM, Kevin W. Wall kevin.w.w...@gmail.com wrote: On Sat, Dec 31, 2011 at 9:56 PM, Jeffrey Walton noloa...@gmail.com wrote: On Sat, Dec 31, 2011 at 9:05 PM, Kevin W. Wall kevin.w.w...@gmail.com wrote: On Tue, Dec 27, 2011 at 6:12 PM, Steven Bellovin s

[cryptography] CAPTCHA as a Security System?

2012-01-02 Thread Jeffrey Walton
Hi All, I was reading CAPTCHA: Using Hard AI Problems For Security by Ahn, Blum, Hopper, and Langford (www.captcha.net/captcha_crypt.pdf). I understand how recognition is easy for humans and hard for computer programs. Where is the leap made that CAPTCHA is a [sufficient?] security device to

[cryptography] Complying with GPL V3 (Tivoization)

2012-01-08 Thread Jeffrey Walton
Hi All, I was reading on CyanogenMod (a custom ROM project for Android) and The story behind the mysterious CyanogenMod update (http://lwn.net/Articles/448134/). Interestingly, it seems some privaye keys were circulated to comply with GPL V3 with some nasty side effects (could anything else be

[cryptography] FHMQV Reference Implementation?

2012-01-16 Thread Jeffrey Walton
Hi All, Would anyone have pointers to a FHMQV reference implementation? A Secure and Efficient Authenticated Diffie–Hellman Protocol, http://eprint.iacr.org/2009/408. Jeff ___ cryptography mailing list cryptography@randombit.net

Re: [cryptography] Well, that's depressing. Now what?

2012-01-27 Thread Jeffrey Walton
On Fri, Jan 27, 2012 at 11:23 PM, Paul Hoffman paul.hoff...@vpnc.org wrote: On Jan 27, 2012, at 6:43 PM, Noon Silk wrote: [SNIP] what you *can* say is that someone *selling* *any* demonstratably-insecure crypto device as a secure one, is snake oil. So, that is to say, you can only claim

[cryptography] OT: Fun with Bitcoin, or how an exploit can hide in plain sight

2012-02-01 Thread Jeffrey Walton
Just showed up on Full Disclosure. http://seclists.org/fulldisclosure/2012/Feb/0. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography

[cryptography] OT: Key Internet [DNS] operator VeriSign hit by hackers

2012-02-02 Thread Jeffrey Walton
http://www.reuters.com/article/2012/02/02/us-hacking-verisign-idUSTRE8110Z820120202 http://www.msnbc.msn.com/id/46238729/ns/technology_and_science-security/ (Reuters) - VeriSign Inc, the company in charge of delivering people safely to more than half the world's websites, has been hacked

[cryptography] FHMQV Shared Secret Size (Element vs Hash size)

2012-02-02 Thread Jeffrey Walton
Hi All, I'm working on an implementation of FHMQV. The math works out and a shared secret is derived by both parties. HFMQV is Fully Hashed MQV, and applies a hash function at key points to remediate information leakage. One of those points is just before the shared secret is output. In

[cryptography] Don’t trust satellite phones – The GMR-1 and GMR-2 ciphers have been broken

2012-02-06 Thread Jeffrey Walton
http://cryptanalysis.eu/blog/2012/02/02/dont-trust-satellite-phones-the-gmr-1-and-gmr-2-ciphers-have-been-broken/ Today, February 2nd 2012, Benedikt Driessen and Ralf Hund gave a very interesting talk at Ruhr Universität Bochum about their work on satellite phone security. In a nutshell, they

Re: [cryptography] trustwave admits issuing corporate mitm certs

2012-02-12 Thread Jeffrey Walton
12, 2012 at 1:27 AM, Jeffrey Walton noloa...@gmail.com wrote: On Sun, Feb 12, 2012 at 4:04 AM, Adam Back a...@cypherspace.org wrote: So it happened, per recent discussion on this list, it seems that at least one CA *has* been issuing sub-CA certs for corporate use in mitm boxes. http

Re: [cryptography] trustwave admits issuing corporate mitm certs

2012-02-12 Thread Jeffrey Walton
broader than an accessory since they knoew what the company wanted to do. Trustwave was onsite and set the system up - they were clearly a co-conspirator. They even bragged about how ethical it was because they used an HSM. Jeff On Sun, Feb 12, 2012 at 1:27 AM, Jeffrey Walton noloa...@gmail.com wrote

Re: [cryptography] trustwave admits issuing corporate mitm certs

2012-02-14 Thread Jeffrey Walton
On Sun, Feb 12, 2012 at 8:17 PM, Steven Bellovin s...@cs.columbia.edu wrote: On Feb 12, 2012, at 6:31 AM, Harald Hanche-Olsen wrote: [Jeffrey Walton noloa...@gmail.com (2012-02-12 10:57:02 UTC)] (1) How can a company actively attack a secure channel and tamper with communications

Re: [cryptography] Combined cipher modes

2012-02-20 Thread Jeffrey Walton
On Mon, Feb 20, 2012 at 7:11 AM, ianG i...@iang.org wrote: On 20/02/12 18:11 PM, Kevin W. Wall wrote: Hi list, This should be a pretty simple question for this list, so please pardon my ignorance. But better to ask than to continue in ignorance. :-) NIST refers to combined cipher modes as

Re: [cryptography] Combined cipher modes

2012-02-20 Thread Jeffrey Walton
On Mon, Feb 20, 2012 at 2:40 PM, Kevin W. Wall kevin.w.w...@gmail.com wrote: First of all, let me thank all who have responded for lending your expertise. I am just picking out Ian's to respond to because of his suggesting dividing up the IV into    random||counter||time but I do appreciate

Re: [cryptography] Duplicate primes in lots of RSA moduli

2012-02-22 Thread Jeffrey Walton
On Wed, Feb 22, 2012 at 2:53 AM, James A. Donald jam...@echeque.com wrote: On 2012-02-22 12:31 PM, Kevin W. Wall wrote: 1) They think that key size is the paramount thing; the bigger the better. 2) The have no clue as to what cipher modes are. It's ECB by default. 3) More importantly, they

Re: [cryptography] Duplicate primes in lots of RSA moduli

2012-02-22 Thread Jeffrey Walton
On Wed, Feb 22, 2012 at 7:37 PM, Marsh Ray ma...@extendedsubset.com wrote: On 02/22/2012 05:49 PM, Jeffrey Walton wrote: Remember, OpenSSL gave tacit approval: If it helps with debugging, I'm in favor of removing them, http://www.mail-archive.com/openssl-dev@openssl.org/msg21156.html

Re: [cryptography] (off-topic) Bitcoin is a repeated lesson in cryptography applications - was endgame

2012-02-26 Thread Jeffrey Walton
On Sun, Feb 26, 2012 at 10:08 AM, Benjamin Kreuter brk...@virginia.edu wrote: On Sun, 26 Feb 2012 08:48:05 -0500 d...@geer.org wrote: Well put, James.  Warren Buffet's arguments are, to my eye, aligned with yours.  He argues that gold has no intrinsic value, unlike farmland or a company

Re: [cryptography] Explaining crypto to engineers (was: Duplicate primes in lots of RSA moduli)

2012-02-26 Thread Jeffrey Walton
On Sun, Feb 26, 2012 at 1:46 AM, Jeffrey Walton noloa...@gmail.com wrote: On Sat, Feb 25, 2012 at 10:47 PM, Kevin W. Wall kevin.w.w...@gmail.com wrote: [SNIP] Thanks for the link. It took me a LONG time to convince the ESAPI team of this because I was the newb to them and I came

Re: [cryptography] Constitutional Showdown Voided as Feds Decrypt Laptop

2012-03-01 Thread Jeffrey Walton
On Wed, Feb 29, 2012 at 5:53 PM, James S. Tyre jst...@jstyre.com wrote: (This is the case in Colorado, not the 11th Circuit Court of Appeals case which has been much discussed of late.) http://www.wired.com/threatlevel/2012/02/decryption-flap-mooted Constitutional Showdown Voided as Feds

Re: [cryptography] Constitutional Showdown Voided as Feds Decrypt Laptop

2012-03-01 Thread Jeffrey Walton
On Thu, Mar 1, 2012 at 5:49 PM, Steven Bellovin s...@cs.columbia.edu wrote: On Mar 1, 2012, at 4:33 12PM, Nico Williams wrote: On Thu, Mar 1, 2012 at 3:22 PM, Randall  Webmail rv...@insightbb.com wrote: From: Jeffrey Walton noloa...@gmail.com Perhaps Fricosu reused a password

[cryptography] Hardware Randomizer (SE Android)

2012-03-04 Thread Jeffrey Walton
Hi All, I've been reading SE Android's Mobile Capabilities Package (http://www.nsa.gov/ia/_files/Mobility_Capability_Pkg_(Version_1.1U).pdf). I'm interested in seeing how the NSA collects entropy and produces bits. So far, the only item of interest is a hardware randomizer mentioned in section

[cryptography] [OT] Reworked Version of Stuxnet Relative Duqu Found in Iran

2012-03-28 Thread Jeffrey Walton
Hi Guys, From Reworked Version of Stuxnet Relative Duqu Found in Iran, http://www.securitynewsdaily.com/1642-stuxnet-duqu-iran.html: Duqu's builders also changed its encryption algorithm and rigged the malware loader to pose as a Microsoft driver. (The old driver was signed with a

[cryptography] Crypto Fiddling?

2012-03-30 Thread Jeffrey Walton
Hi Guys, I'm aware of two standards where folks fiddled with a scheme and destroyed its security properties: * A5/3 based on Kasumi used in GSM networks * EAX' (EAX Prime) based on EAX mode Are there any other spectacular failures that come to mind? Jeff

Re: [cryptography] Combined cipher modes

2012-04-03 Thread Jeffrey Walton
On Tue, Apr 3, 2012 at 4:10 PM, Wyss, Felix felix.w...@inin.com wrote: -Original Message- From: coderman [mailto:coder...@gmail.com] Sent: Tuesday, April 03, 2012 15:23 To: Wyss, Felix Cc: ianG; cryptography@randombit.net Subject: Re: [cryptography] Combined cipher modes On Tue,

[cryptography] PINS and [Short] Passwords

2012-04-04 Thread Jeffrey Walton
Hi All, Older iOS devices used a 4 digit PIN code, which was next to no protection. Newer iOS allow passcodes which consist of a full (fuller?) alphabet. Assuming a weak password policy (for example, 4 or 6 characters) are there any real benefits over PINs? What is the state of the art for

Re: [cryptography] PINS and [Short] Passwords

2012-04-04 Thread Jeffrey Walton
:45:09PM -0400, Jeffrey Walton wrote: Hi All, Older iOS devices used a 4 digit PIN code, which was next to no protection. Newer iOS allow passcodes which consist of a full (fuller?) alphabet. Assuming a weak password policy (for example, 4 or 6 characters) are there any real benefits over

[cryptography] Doubts over necessity of SHA-3 cryptography standard

2012-04-09 Thread Jeffrey Walton
http://h-online.com/-1498071 With a successor to Secure Hash Algorithm 2 (SHA-2) due to be crowned in the summer, questions are being asked as to whether a new cryptographic standard is really necessary. Hash functions, used to calculate short numbers from large data sets to allow the

Re: [cryptography] Forensic snoops: It doesn't take a Genius to break into an iPhone

2012-04-10 Thread Jeffrey Walton
On Tue, Apr 10, 2012 at 1:07 PM, Randall Webmail rv...@insightbb.com wrote: Cop tools easily bypass 4-digit passcodes By John Leyden • Get more from this author Posted in Enterprise Security, 10th April 2012 08:22 GMT Analysis Forensic tools against smartphones allow basic 4-digit phone

Re: [cryptography] Forensic snoops: It doesn't take a Genius to break into an iPhone

2012-04-10 Thread Jeffrey Walton
On Tue, Apr 10, 2012 at 2:36 PM, Jon Callas j...@callas.org wrote: On Apr 10, 2012, at 10:32 AM, Natanael wrote: Just FYI, there's been claims that these guys faked it. But on the other hand, there ARE other tools that can extract data from iPhones so you can bruteforce the encryption later.

Re: [cryptography] Forensic snoops: It doesn't take a Genius to break into an iPhone

2012-04-10 Thread Jeffrey Walton
On Tue, Apr 10, 2012 at 8:50 PM, ianG i...@iang.org wrote: Not wishing to comment on PIN cracking, but here is some evidence that the BYOD phenomena and iPhones are starting to get serious attention: http://dsd.gov.au/publications/iOS5_Hardening_Guide.pdf (We should look for an NSA equiv, I

Re: [cryptography] Combined cipher modes

2012-04-11 Thread Jeffrey Walton
On Wed, Apr 11, 2012 at 1:22 AM, Kevin W. Wall kevin.w.w...@gmail.com wrote: On Tue, Apr 3, 2012 at 9:35 AM, ianG i...@iang.org wrote: [Big SNIP] The big risk in having CCs or banking info stolen is the subsequent (usually class action) lawsuits that usually follow. So these things are

[cryptography] The Spanish link in cracking the Enigma code

2012-04-15 Thread Jeffrey Walton
[This link is credit of Schneier's newsletter] A pair of rare Enigma machines used in the Spanish Civil War has been given to the head of GCHQ, Britain's communications intelligence agency. The machines - only recently discovered in Spain - fill in a missing chapter in the history of British

Re: [cryptography] NIST and other organisations that set up standards in information security cryptography.

2012-04-22 Thread Jeffrey Walton
On Sun, Apr 22, 2012 at 4:54 AM, Marsh Ray ma...@extendedsubset.com wrote: On 04/22/2012 02:55 PM, Jeffrey Walton wrote: This might sound crazy, but I would rather have a NIST approved hash that runs orders of magnitude slower to resist offline, brute forcing attacks. Well, that's what we

[cryptography] [Overhyped] Backdoor found in popular FPGA chip

2012-06-04 Thread Jeffrey Walton
A bit off topic, but interesting discussion of extracting keys from a chip using power analysis. http://www.h-online.com/security/news/item/Backdoor-found-in-popular-FPGA-chip-1585579.html ... The researchers located the JTAG (Joint Test Action Group) interface on the FPGA, used for programming

Re: [cryptography] non-decryptable encryption

2012-06-20 Thread Jeffrey Walton
On Wed, Jun 20, 2012 at 12:54 PM, Givonne Cirkin givo...@37.com wrote: curious, why don't some ppl trust link shortners?  is that a generation gap thing. Someone recently played a trick on Full Disclosure. Something about advanced notice of an Apple Update. It was a bitty link to a eVote

Re: [cryptography] Key extraction from tokens (RSA SecurID, etc) via padding attacks on PKCS#1v1.5

2012-07-01 Thread Jeffrey Walton
On Sat, Jun 30, 2012 at 11:11 PM, Noon Silk noonsli...@gmail.com wrote: From: http://blog.cryptographyengineering.com/2012/06/bad-couple-of-years-for-cryptographic.html Here's the postage stamp version: due to a perfect storm of (subtle, but not novel) cryptographic flaws, an attacker can

Re: [cryptography] Key extraction from tokens (RSA SecurID, etc) via padding attacks on PKCS#1v1.5

2012-07-01 Thread Jeffrey Walton
On Sun, Jul 1, 2012 at 6:31 PM, Jeffrey Walton noloa...@gmail.com wrote: On Sat, Jun 30, 2012 at 11:11 PM, Noon Silk noonsli...@gmail.com wrote: From: http://blog.cryptographyengineering.com/2012/06/bad-couple-of-years-for-cryptographic.html Here's the postage stamp version: due to a perfect

Re: [cryptography] Key extraction from tokens (RSA SecurID, etc) via padding attacks on PKCS#1v1.5

2012-07-01 Thread Jeffrey Walton
On Sat, Jun 30, 2012 at 11:11 PM, Noon Silk noonsli...@gmail.com wrote: From: http://blog.cryptographyengineering.com/2012/06/bad-couple-of-years-for-cryptographic.html Here's the postage stamp version: due to a perfect storm of (subtle, but not novel) cryptographic flaws, an attacker can

Re: [cryptography] Devices and protocols that require PKCS 1.5 padding

2012-07-03 Thread Jeffrey Walton
On Mon, Jul 2, 2012 at 3:04 PM, Erwann Abalea eaba...@gmail.com wrote: 2012/7/2 Thor Lancelot Simon t...@panix.com [...] Besides PGP, what other standard, widely-deployed protocols require the use of padding types other than OAEP? TLS, up to v1.2. PKCS#1v1.5 is mandatory. The TPM

[cryptography] Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices

2012-07-18 Thread Jeffrey Walton
More results on weak keys (it looks more comprehensive than results from the EFF’s SSL Observatory). The authors also do a nice job on the Linux Random Number Generator in Section 5.1. https://factorable.net/paper.html Abstract RSA and DSA can fail catastrophically when used with malfunctioning

Re: [cryptography] Client-side SRP vs. server-side KDF

2012-08-15 Thread Jeffrey Walton
On Wed, Aug 15, 2012 at 8:46 PM, Patrick Mylund Nielsen cryptogra...@patrickmylund.com wrote: Blizzard Entertainment has been receiving a lot of flak from tech and mass media lately for choosing to employ SRP in their Battle.net clients and games. A lot of these outlets have been suggesting

[cryptography] OT: Feds probe alleged hacking theft of Romney's tax returns

2012-09-06 Thread Jeffrey Walton
I know this is off topic - my apologies Feds probe alleged hacking theft of Romney's tax returns, http://news.cnet.com/8301-1009_3-57506843-83/feds-probe-alleged-hacking-theft-of-romneys-tax-returns/ A follow up message posted yesterday [on PasteBin] said the files [Romney's 1040 tax

[cryptography] Mobile Traffic Interception (SSL/TLS and VPN)

2012-09-09 Thread Jeffrey Walton
Hi All, Is anyone aware of papers or studies on HTTPS traffic interception in mobile networks? I know Colling Mulliner did a study of HTTP headers and information leakage in the past. I know we have Trustwave (and I'm not aware of published results of Mozilla's subsequent actions) and the more

Re: [cryptography] Mobile Traffic Interception (SSL/TLS and VPN)

2012-09-09 Thread Jeffrey Walton
security , and she wants to asses if to use the first environment or the second , i'd suggest the 1st . Regards M. On یکشنبه, شهریور ۱۹, ۱۳۹۱ at ۲۳:۳۱, Jeffrey Walton wrote: Hi All, Is anyone aware of papers or studies on HTTPS traffic interception in mobile networks? I know Colling

Re: [cryptography] abstract: Air to Ground Quantum Key Distribution

2012-09-19 Thread Jeffrey Walton
On Wed, Sep 19, 2012 at 4:48 PM, James A. Donald jam...@echeque.com wrote: On 9/19/2012 2:17 AM, Zack Weinberg wrote: I've seen claims that quantum key agreement lets both parties detect a man in the middle with no prior communication and no trusted third party. If that's true it would

[cryptography] Data breach at IEEE.org: 100k plaintext passwords.

2012-09-25 Thread Jeffrey Walton
In case anyone on the list might be affected... [Please note: I am not the I' in the text below] http://ieeelog.com IEEE and the log story IEEE (Institute of Electrical and Electronics Engineers) is renowned as one of the world-leading organizations in standard development and the promotion of

Re: [cryptography] Data breach at IEEE.org: 100k plaintext passwords.

2012-09-25 Thread Jeffrey Walton
wrote: On Sep 25, 2012, at 1:47 PM, Kevin W. Wall kevin.w.w...@gmail.com wrote: -kevin Sent from my Droid; please excuse typos. On Sep 25, 2012 1:39 PM, Jeffrey Walton noloa...@gmail.com wrote: In case anyone on the list might be affected... [Please note: I am not the I

Re: [cryptography] Social engineering attacks on client certificates (Was ... crypto with a twist)

2012-10-14 Thread Jeffrey Walton
On Sun, Oct 14, 2012 at 4:21 AM, ianG i...@iang.org wrote: Hi Thierry, On 14/10/12 01:21 AM, Thierry Moreau wrote: ianG wrote: On 10/10/12 23:44 PM, Guido Witmond wrote: 2. Use SSL client certificates instead; Yes, it works. My observations/evidence suggests it works far better than

[cryptography] Secure Remote Password (SRP) and Plaintext Emil Address

2012-10-18 Thread Jeffrey Walton
Hi All, I have a Secure Remote Password (SRP) implementation that went through a pen test. The testers provided a critical finding - the email address was sent in the plaintext. Noe that plaintext email addresses are part of the protocol. I'm not really convinced that using an email address in

Re: [cryptography] Secure Remote Password (SRP) and Plaintext Emil Address

2012-10-18 Thread Jeffrey Walton
On Thu, Oct 18, 2012 at 9:03 PM, James A. Donald jam...@echeque.com wrote: On 2012-10-19 10:52 AM, Jeffrey Walton wrote: Hi All, I have a Secure Remote Password (SRP) implementation that went through a pen test. The testers provided a critical finding - the email address was sent

Re: [cryptography] Secure Remote Password (SRP) and Plaintext Emil Address

2012-10-18 Thread Jeffrey Walton
On Thu, Oct 18, 2012 at 9:47 PM, Nico Williams n...@cryptonector.com wrote: On Thu, Oct 18, 2012 at 8:36 PM, Nico Williams n...@cryptonector.com wrote: On Thu, Oct 18, 2012 at 7:52 PM, Jeffrey Walton noloa...@gmail.com wrote: I'm not really convinced that using an email address in the plaintext

Re: [cryptography] Secure Remote Password (SRP) and Plaintext Emil Address

2012-10-18 Thread Jeffrey Walton
On Thu, Oct 18, 2012 at 9:36 PM, Nico Williams n...@cryptonector.com wrote: On Thu, Oct 18, 2012 at 7:52 PM, Jeffrey Walton noloa...@gmail.com wrote: [SNIP] I'm not really convinced that using an email address in the plaintext for the SRP protocol is finding-worthy, considering email addresses

[cryptography] OT: Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security

2012-10-20 Thread Jeffrey Walton
Hot off the presses (but its not limited to Android): Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security, http://www2.dcsec.uni-hannover.de/files/android/p50-fahl.pdf. Or should it be The Case for Public Key Pinning? ...The most common approach to protect data during

Re: [cryptography] anyone got a how not to use OpenSSL list?

2012-10-24 Thread Jeffrey Walton
On Wed, Oct 10, 2012 at 1:34 PM, travis+ml-rbcryptogra...@subspacefield.org wrote: I want to find common improper usages of OpenSSL library for SSL/TLS. Can be reverse-engineered from a how to properly use OpenSSL FAQ, probably, but would prefer information to the first point rather than its

  1   2   3   >