Re: McNealy -- Get over it, Part Two (was Re: BNA's Internet LawNews (ILN) - 05/30/2001)

At 10:10 AM -0400 5/30/2001, R. A. Hettinga wrote: >At 9:01 AM -0400 on 5/30/01, BNA Highlights wrote: > > >> GET OVER IT, PART TWO - THE CASE AGAINST ABSOLUTE PRIVACY >> Scott McNealy of Sun Microsystems, who earlier stated that >> there is no privacy and that people should get it over it, >> now

Re: McNealy -- Get over it, Part Two (was Re: BNA's InternetLawNews (ILN) - 05/30/2001)

At 4:54 PM +0100 5/31/2001, Matthew Pemble wrote: >"Arnold G. Reinhold" wrote: >> >> Why do I have to be tracked 7/24? >> >> Arnold Reinhold >> > >You don't. You (and I) should have the choice, whether it is to use >another car leasing

Re: McNealy -- Get over it, Part Two (was Re: BNA's Internet LawNews (ILN) - 05/30/2001)

At 11:24 PM -0400 6/3/2001, Dan Geer wrote: >| >> GET OVER IT, PART TWO - THE CASE AGAINST ABSOLUTE PRIVACY >| >> Scott McNealy of Sun Microsystems, who earlier stated that >| >> there is no privacy and that people should get it over it, >| >> now claims in a Washington Post editorial that

Re: Thermal Imaging Decision Applicable to TEMPEST?

At 8:57 AM -0700 6/12/2001, John Young wrote: >The Supreme Court's decision against thermal imaging appears >to be applicable to TEMPEST emissions from electronic devices. >And is it not a first against this most threatening vulnerability >in the digital age? And long overdue. > >Remote acquisitio

Re: septillion operations per second

At 12:16 PM +0200 6/20/2001, Barry Wels wrote: >Hi, > >In James Bamford's new book 'Body of Secrets' he claims the NSA is >working on some FAST computers. >http://www.randomhouse.com/features/bamford/book.html >--- >The secret community is also home to the largest collection of >hyper-powerful c

Re: Crypto hardware

At 11:09 AM -0700 7/12/2001, Jurgen Botz wrote: ... >Set up a PC with CA software and a smart card reader and put >your CA cert/key on a smart card and you have your tamperproof >CA master... the only weak link in the certificate generation >process is the CA's secret key, so that's really the on

Re: Effective and ineffective technological measures

At 11:20 AM +0200 7/29/2001, Alan Barrett wrote: >The DMCA said: > > 1201(a)(1)(A): >>No person shall circumvent a technological measure that effectively >>controls access to a work protected under this title. > >What does "effectively" mean here? The law attempts to define it: '1201(a)(

Attention CipherSaber Users!!

A draft paper by Scott Fluhrer, Itsik Mantin and Adi Shamir was released on July 25, 2001 and announces new attacks on the RC4 cipher that is the basis for CipherSaber-1. Some of these attacks specifically involve the use of an IV with a secret key, the very scheme used in CipherSaber. Prof.

Re: Criminalizing crypto criticism

At 1:56 AM -0400 7/27/2001, Declan McCullagh wrote: >On Thu, Jul 26, 2001 at 10:53:02PM -0400, David Jablon wrote: >> With these great new laws, there is no longer any risk of being legally >> criticised for using even the most glaringly flawed cryptography >>-- just use it >> for Copy Protection

Re: moving Crypto?

At 9:25 AM -0400 8/1/2001, Derek Atkins wrote: >There are many alternative conferences than Crypto, and many of them >are already outside the US. Indeed, the IACR already runs EuroCrypt >and AsiaCrypt. > >Personally, I think that trying to move Crypto is just an >over-reaction to the current situ

Re: If we had key escrow, Scarfo wouldn't be a problem

At 5:33 PM -0500 8/15/2001, Jim Choate wrote: >On Wed, 15 Aug 2001, Michael Froomkin - U.Miami School of Law wrote: > >> To be clear, I am *NOT* arguing for key escrow. Just saying that since >> I'm against it, I accept that there may be scope for judicious, >> paper-trail oriented, key logging. 

CIA funds anonymous web surfing

Today's Boston Globe and New York Times report that the CIA is funding Sefeweb technology that lets users surf the Web anonymously. The parent agency of the Voice of America is negotiating a license for the technology to use in bypassing China's 'Net censorship. "The US-funded network of proxy

Re: Sen. Hollings plans to introduce DMCA sequel: The SSSCA

At 9:27 PM -0400 9/8/2001, Jay Sulzberger wrote: >On Sat, 8 Sep 2001, Harald Koch wrote: > >> > It would be a civil offense to create or sell any kind of >> > computer equipment that "does not include and utilize certified >> > security technologies" approved by the federal government.

Re: Rijndael in Assembler for x86?

There are a number of implementations listed on the Rijndael home page http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ including a GPL'd 80186 version by Rafael R. Sevilla . It says ;; Note that the only 80186 instructions here are shr/shl instructions ;; with multibit counts, and these only

RE: The tragedy in NYC

At 9:20 AM +0300 9/13/2001, Amir Herzberg wrote: >... > >In fact, if giving up crytpto completely would help substantially to protect >against terror, I'll support it myself. But... > >The real argument is simple: there is no evidence or convincing argument why >shutting down crypto will substanti

Re: Congress mulls crypto restrictions in response to attacks

The big argument for a crypto ban is "the need for intelligence." Yet Jane Garvey, the head of the FAA, was quoted on the radio (WBUR) this morning as saying the FAA's security measures were not designed to stop someone who was willing to die in an attack. If the steady stream of suicide bomb

Re: New encryption technology closes WLAN security loopholes

At 10:34 AM -0400 9/20/2001, Perry E. Metzger wrote: >"R. A. Hettinga" <[EMAIL PROTECTED]> writes: >> [1] "New encryption technology closes WLAN security loopholes" >> Next Comm has launched new wireless LAN security technology called >> Key Hopping. The technology aims to close security gaps in W

Re: Best practices/HOWTO for key storage in small office/home office setting?

Here are a few suggestions: o Use mini-CD-R's for key storage. There is even a rectangular, credit-card sized format available. (Note that mini-CDs are not compatible with slot loading CD drives.) o Perform all encryption, signing, etc. on a lap top or palm top that is kept in a safe or on yo

NSA upgrade plans

There is an interesting article in Federal Computer Week http://www.fcw.com/fcw/articles/2001/0910/news-nsa-09-10-01.asp that says NSA planning a major effort to modernize the nation's cryptoystems "which are rapidly growing obsolete and vulnerable." They quote Michael Jacobs, head of NSA's in

Re: Historical PKI resources

At 11:10 AM -0800 1/5/2001, [EMAIL PROTECTED] wrote: >[EMAIL PROTECTED] said: >> I have found significant information about PKI as it exists today, >> but am looking for some background information. I'm looking for >> information about the history of PKI, how and where it started, how it > > dev

Re: AGAINST ID CARDS

I too am very nervous about the prospect of national ID cards. I have an idea for a possible compromise, but I have not made up my mind on it. I'm interested in hearing other people's opinions. The idea is a federal standard for secure drivers' licenses. These would be cards containing a chi

Re: RC4 [was: RE: Passport Passwords Stored in Plaintext]

At 10:04 AM -0400 10/22/2001, Adam Shostack wrote: >On Sun, Oct 21, 2001 at 04:11:19PM -0700, Jeff Simmons wrote: >| On Sunday 21 October 2001 02:52 pm, you wrote: >| >| >Designing protocols is a hard field, and >| >there seem to be lots of mistakes made when people use RC4. Is that >| >because i

DOD goes to Smart Card ID's

http://dailynews.yahoo.com/h/nm/20011026/pl/tech_smartcards_military_dc_1.html ... "The U.S. defense department has ordered chip-based ID cards for 4.3 million military personnel over the next 18 months to tighten security on access to buildings, including the Pentagon (news - web sites),

NYT article on steganography

[More alarmist than I would expect from Ms. Kolata. Many sources quoted who claim to have seen lots of stego, but won't give details. -- agr] Veiled Messages of Terrorists May Lurk in Cyberspace October 30, 2001 By GINA KOLATA Investigators say terrorists may be using a stealthy method of s

More on Drivers' Licenses

Noah Silva recently brought this interesting 1994 article on DMV data exchange by Simson Garfinkel to the attention of the [EMAIL PROTECTED] list: >http://www.wired.com/wired/archive/2.02/dmv_pr.html The article discusses the AAMVAnet system and the extent to which the threat of revocation o

Re: Scarfo "keylogger", PGP

At 12:09 AM + 10/16/2001, David Wagner wrote: >It seems the FBI hopes the law will make a distinction between software >that talks directly to the modem and software that doesn't. They note >that PGP falls into the latter category, and thus -- they argue -- they >should be permitted to snoop

Re: I-P: Papers Illuminate Pearl Harbor Attack

This story smells of revisionism. The events leading up to Pearl harbor are throughly chronicled in the first chapter of David Kahn's classic, The Codebreakers. In particular: o The Tojo government, regarded as militarist, came into power in October 1941 (Togo was Tojo's foreign minister) o

Re: Japan Broke U.S. Code Before Pearl Harbor, Researcher Finds

At 10:50 PM -0800 12/8/01, Paul Krumviede wrote: >while not really cryptography related, i'd suggest a reading of the chapter >"prologue to pearl harbor" of herbert bix's "hirohito and the making of >modern japan" before taking seriously anything other than the finding that the >japanese may have

Re: FreeSWAN & US export controls

At 12:18 AM -0600 12/11/01, Jim Choate wrote: >On Mon, 10 Dec 2001, John Gilmore wrote: > >> NSA's export controls. We overturned them by a pretty thin margin. >> The government managed to maneuver such that no binding precedents >> were set: if they unilaterally change the regulations tomorrow t

Re: Stegdetect 0.4 released and results from USENET searchavailable

This is an nice piece of work, but I have a couple of comments: 1. The paper asserts "Even if the majority of passwords used to hide content were strong, there would be a small percentage of weak passwords ... and we should have been able to find them." That might be true if there are a large

Re: CFP: PKI research workshop

It seems to me that a very similar argument can be made regarding the need (or lack there of) for a national identity card. Organizations that require biometric identity can simply record that information in their own databases. The business most widely cited as needing national ID cards, the

Re: Stegdetect 0.4 released and results from USENET searchavailable

At 4:33 AM -0500 12/28/01, Niels Provos wrote: >In message <v04210101b84eca7963ad@[192.168.0.3]>, "Arnold G. Reinhold" writes: >>I don't think you can conclude much from the failure of your >>dictionary attack to decrypt any messages. >We are offering var

RE: Stegdetect 0.4 released and results from USENET search available

At 2:47 PM -0800 12/28/01, Bill Stewart wrote: >... >So tracing a single transmission may be hard, but tracing an ongoing pattern >is easier, unless there's a trusted Usenet site in some >country where you don't have jurisdiction problems. >That means that A.A.M + PGP is fine for an occasional >"A

Re: Steganography & covert communications - Between Silk andCyanide

At 2:59 PM -0800 12/30/01, John Gilmore wrote: > >Along these lines I can't help but recommend reading one of the best >crypto books of the last few years: > > Between Silk and Cyanide > Leo Marks, 1999 >This wonderful, funny, serious, and readable book was written by the >chief crypt

PAIIN crypto taxonomy (was Re: CFP: PKI research workshop)

The PAIIN model (privacy, authentication, identification, integrity, non-repudiation) is inadequate to represent the uses of cryptography. Besides the distinction between privacy and confidentiality, I'd like to point out some additional uses of cryptography which either don't fit at all or ar

Re: CFP: PKI research workshop

At 12:09 PM -0500 1/14/02, John S. Denker wrote: >... >Returning to PKI in particular and software defects in >particular: Let's not make this a Right-versus-Wrong >issue. There are intricate and subtle issues here. >Most of these issues are negotiable. > >In particular, you can presumably get s

Re: Linux-style kernel PRNGs and the FIPS140-2 test

This result would seem to raise questions about SHA1 and MD5 as much as about the quality of /dev/random and /dev/urandom. Naively, it should be difficult to create input to these hash functions that cause their output to fail any statistical test. Arnold Reinhold At 3:23 PM -0500 1/15/02, T

Re: Linux-style kernel PRNGs and the FIPS140-2 test

At 7:10 PM -0500 1/15/02, Adam Fields wrote: >"Arnold G. Reinhold" says: >> This result would seem to raise questions about SHA1 and MD5 as much >> as about the quality of /dev/random and /dev/urandom. Naively, it >> should be difficult to create input to these has

Re: password-cracking by journalists...

At 9:15 AM -0500 1/16/02, Steve Bellovin wrote: >A couple of months ago, a Wall Street Journal reporter bought two >abandoned al Qaeda computers from a looter in Kabul. Some of the >files on those machines were encrypted. But they're dealing with >that problem: > > The unsigned report, pro

Re: password-cracking by journalists...

At 9:41 AM -0500 1/18/02, Will Rodger wrote: >Arnhold writes: > >>Another interesting question is whether the reporters and the Wall >>Street Journal have violated the DCMA's criminal provisions. The al >>Qaeda data was copyrighted (assuming Afghanistan signed one of the >>copyright conventions

Re: password-cracking by journalists...

At 4:12 PM -0500 1/18/02, Will Rodger wrote: >>This law has LOTS of unintended consequences. That is why many >>people find it so disturbing. For example, as I read it, and I am >>*not* a lawyer, someone who offered file decryption services for >>hire to people who have a right to the data, e

Re: password-cracking by journalists...

At 7:38 PM -0500 1/19/02, Steven M. Bellovin wrote: >In message ><[EMAIL PROTECTED]>, Sampo > Syreeni writes: >>On Thu, 17 Jan 2002, Steven M. Bellovin wrote: >> >>>For one thing, in Hebrew (and, I think, Arabic) vowels are not normally >>>written. >> >>If something, this would lead me to believe

Re: password-cracking by journalists...

At 8:57 PM -0800 1/20/02, Karsten M. Self wrote: >... >Note that my reading the language of 1201 doesn't requre that the work >being accessed be copyrighted (and in the case of Afghanistan, there is >a real question of copyright status), circumvention itself is >sufficient, regardless of status of

Re: password-cracking by journalists... (long, sorry)

At 5:16 PM -0500 1/21/02, Will Rodger wrote: >Arnold says: > >>You can presumably write your own programs to decrypt your own >>files. But if you provide that service to someone else you could >>run afoul of the law as I read it. The DMCA prohibits trafficking >>in technology that can be used t

Diceware for picking Unix passwords

Prodded by comments about password cracking in another thread, I've added a table to my Diceware FAQ http://world.std.com/~reinhold/dicewarefaq.html#tables for selecting random characters out of the ninety five printable symbols in 7-bit Ascii. The intent is to provide a practical and secure w

A risk with using MD5 for software package fingerprinting

The cryptographic hash function MD5 is often used to authenticate software packages, particularly in the Unix community. The MD5 hash of the entire package is calculated and its value is transmitted separately. A user who downloads the package computes the hash of the copy received and matches

Re: Fingerprints (was: Re: biometrics)

There is some interesting information at http://www.finger-scan.com/ They make the point that finger scanning differs from finger printing in that what is stored is a set of recognition parameters much smaller than a complete fingerprint image. So there is no need for a lengthily process to a

Re: Cringely Gives KnowNow Some Unbelievable Free Press... (fwd)

At 7:38 AM -0800 1/29/02, Eric Rescorla wrote: >Ben Laurie <[EMAIL PROTECTED]> writes: > > Eric Rescorla wrote: > >> BTW, I don't see why using a passphrase to a key makes you vulnerable to >> a dictionary attack (like, you really are going to have a dictionary of >> all possible 1024 bit keys cro

RE: Welome to the Internet, here's your private key

I'd argue that the RSA and DSA situations can be made equivalent if the card has some persistent memory. Some high quality randomness is needed at RSA key generation. For the DSA case, use 256 bits of randomness at initialization to seed a PRNG using AES, say. Output from the PRNG could be th

Re: Welome to the Internet, here's your private key

At 6:18 PM -0500 2/5/02, Ryan McBride wrote: >On Tue, Feb 05, 2002 at 11:16:40AM -0800, Bill Frantz wrote: >> I expect you could initialize the random data in that memory during >> manufacture with little loss of real security. (If you are concerned about >> the card's manufacturer, then you have

Re: Welome to the Internet, here's your private key

At 5:12 PM +0100 2/8/02, Jaap-Henk Hoepman wrote: >I think there _are_ good business reasons for them not wanting the users to >generate the keys all by themselves. Weak keys, and subsequent >compromises, may >give the CA really bad press and resulting loss of reputation (and this >business is bu

Re: Report on a James Bamford Talk at Berkeley

At 4:42 PM -0500 2/17/02, R. A. Hettinga wrote: >http://www.lewrockwell.com/orig2/bamfordreport.html > > >Report on a >James Bamford Talk at Berkeley > >James Bamford is the author of The Puzzle Palace and Body of Secrets, books >about the National Security Agency. He is visiting Berkeley in the S

RE: Cringely Gives KnowNow Some Unbelievable Free Press... (fwd)

At 11:49 AM -0800 2/25/02, bear wrote: >... >The "secure forever" level of difficulty that we used to believe >we got from 2kbit keys in RSA is apparently a property of 6kbit >keys and higher, barring further highly-unexpected discoveries. Highly-unexpected? All of public key cryptography is bu

Re: Optical Time-Domain Eavesdropping Risks of CRT Displays

An historical note: In the early 1970's I did some contract programming work at the Air Force Cambridge Research Lab at Hanscom Field in Bedford, Mass. Their main computer was a CDC 6600, a super computer in its day (60-bit words, 10 MHz clock). http://ed-thelen.org/comp-hist/cdc6600.html Th

Re: crypto question

At 8:52 PM -0800 3/20/02, Mike Brodhead wrote: > > The usual good solution is to make a human type in a secret. > >Of course, the downside is that the appropriate human must be present >for the system to come up properly. It's not clear to me what having the human present accomplishes. While the

Re: crypto question

r a major >university I can say that ALL physical systems can be broken. No >exception. The three laws of thermodynamics apply to security systems as >well. > >There is ALWAYS a hole. > >On Thu, 21 Mar 2002, Arnold G. Reinhold wrote: > >> It's not clear to me what

Re: crypto question

At 12:23 PM -0700 3/24/02, [EMAIL PROTECTED] wrote: or just security proportional to risk ... While a valid engineering truism, I have a number of issues with that dictum: 1. It is too often used as an excuse for inaction by people who are poorly equipped to judge either risk or cost. We've a

Re: ciphersaber-2 human memorable test vectors

Human memorable test vectors are a great idea and very much in the spirit of Ciphersaber, which is to enable oral transmission of strong cryptography. Test vectors are vital, particularly for a string cipher, because even an erroneous implementation will decrypt the ciphertext it produces. T

Re: It's Time to Abandon Insecure Languages

Language wars have been with us since the earliest days of computing and we are obviously not going to resolve them here. It seems to me though, that cryptographic tools could be use to make to improve the reliability and security of C++ by providing ways to manage risky usages. I have in mi

Re: building a true RNG (was: Quantum Computing ...)

At 3:39 PM -0700 7/22/02, David Honig wrote: >At 04:24 PM 7/22/02 -0400, John S. Denker wrote: >> > >... >>A detuned FM card is a bad idea, because it is just >>begging the opponent to sit next door with an FM >>transmitter. > >So work in a Faraday cage... > At 8:21 PM -0400 7/22/02, John S. Denke

Re: building a true RNG

At 12:20 PM -0700 7/29/02, David Honig wrote: > >"Whether there is a need for very high bandwidth RNGs" was discussed >on cypherpunks a few months ago, and no examples were found. >(Unless you're using something like a one-time pad where you need >a random bit for every cargo bit.) Keeping in min

Re: unforgeable optical tokens?

It might be possible to get the same effect using a conventional silicon chip. I have in mind a large analog circuit, something like a multi-stage neural network. Random defects would be induced, either in the crystal growing process or by exposing the wafer at one or more stages with a spray

Re: Microsoft marries RSA Security to Windows

I can see a number of problems with using mobile phones as a second channel for authentication: 1. It begs the question of tamper resistant hardware. Unless the phone contains a tamper resistant serial number or key, it is relatively easy to clone. And cell phones are merging with PDAs. If yo

Re: Microsoft marries RSA Security to Windows

At 8:40 AM -0700 10/11/02, Ed Gerck wrote: >"Arnold G. Reinhold" wrote: > >> I can see a number of problems with using mobile phones as a second >> channel for authentication: > >Great questions. Without aspiring to exhaust the answers, let me comment. >

Re: palladium presentation - anyone going?

At 10:52 PM +0100 10/21/02, Adam Back wrote: On Sun, Oct 20, 2002 at 10:38:35PM -0400, Arnold G. Reinhold wrote: There may be a hole somewhere, but Microsoft is trying hard to get it right and Brian seemed quite competent. It doesn't sound breakable in pure software for the user, so

Re: Palladium -- trivially weak in hw but "secure in software"??(Re: palladium presentation - anyone going?)

At 4:52 PM +0100 10/22/02, Adam Back wrote: Remote attestation does indeed require Palladium to be secure against the local user.  However my point is while they seem to have done a good job of providing software security for the remote attestation function, it seems at this point that hardware s

Re: palladium presentation - anyone going?

At 7:15 PM +0100 10/17/02, Adam Back wrote: Would someone at MIT / in Boston area like to go to this [see end] and send a report to the list? I went. It was a good talk. The room was jam packed. Brian is very forthright and sincere. After he finished speaking, Richard Stallman gave an uninvite

Re: M-209 for sale on EBay

I'd have to agree with Jim. I have some WW II military radios in my basement and they look pretty pristine on the inside. Military equipment is built for long shelf life. Even stuff that's seen a lot of service often cleans up nicely. Also the (unmet) minimum bid for the M-209 on Ebay was $3

Re: New Protection for 802.11

See the following two Intel links with detailed discussions of TKIP and Michael which i found via Google: Increasing Wireless Security with TKIP Forwarded from: "eric wolbrom, CISSP", sa ISN-a... http://www.secadministrator.com/Articles/Index.cfm?ArticleID=27064 Mark Joseph Edwards October 23,

DOS attack on WPA 802.11?

The new Wi-Fi Protected Access scheme (WPA), designed to replace the discredited WEP encryption for 802.11b wireless networks, is a major and welcome improvement. However it seems to have a significant vulnerability to denial of service attacks. This vulnerability results from the proposed rem

Re: Windows 2000 declared secure

lving into something like the fire protection regulations that every architect has to either follow or request a waver. Arnold Reinhold At 6:38 AM -0500 11/4/02, Jonathan S. Shapiro wrote: I'm answering this publicly, because there is a surprise in the answer. On Sun, 2002-11-03 at

Re: DOS attack on WPA 802.11?

I appreciate Niels Ferguson responding to my concerns in such detail. I don't want to give the impression that I object to WPA on the whole. That is why I said "major and welcome improvement" in my opening sentence. I am particularly mollified by Niels' statement that "most existing cards will

Possible fixes for 802.11 WPA message authentication

Here are some thoughts that occur to me for improving the security of 802.11 WPA message authentication (MIC), based on what I read in Jesse Walker's paper http://cedar.intel.com/media/pdf/security/80211_part2.pdf. One approach is to second guess Niels Ferguson and try to find a different comb

Re: DOS attack on WPA 802.11?

At 11:40 PM +0100 11/11/02, Niels Ferguson wrote: At 12:03 11/11/02 -0500, Arnold G. Reinhold wrote: [...] One of the tenets of cryptography is that new security systems deserve to be beaten on mercilessly without deference to their creator. I quite agree. I hope you won't mind another

Re: DOS attack on WPA 802.11?

I agree that we have covered most of the issues. One area whre you have not responded is the use of WPa in 802.11a. I see no justification for intoducing a crippled authentication there. Also here is one more idea for possibly improving Michael. Scramble the output of Michael in a way that depend

Re: DOS attack on WPA 802.11?

[please ignore previous mesage, sent by mistake -- agr] On Sat, 16 Nov 2002, Niels Ferguson wrote: > At 18:15 15/11/02 -0500, Arnold G Reinhold wrote: > >I agree that we have covered most of the issues. One area whre you have > >not responded is the use of WPa in 802.11a. I see n

Re: DOS attack on WPA 802.11?

At 4:57 AM +0100 11/19/02, Niels Ferguson wrote: At 21:58 18/11/02 -0500, Arnold G Reinhold wrote: ... Third, a stronger variant of WPA designed for 11a could also run on 11b hardware if there is enough processing power, so modularization is not broken. But there _isn't_ enough proce

Re: DOS attack on WPA 802.11?

At 12:48 AM +0100 11/30/02, Niels Ferguson wrote: There will be a stronger variant of WPA: The TGi AES-based protocol. It just isn't finished yet. Is this 802.11i or something that will be available sooner? Arnold - The Cryp

Re: DOS attack on WPA 802.11?

At 10:48 PM -0500 11/29/02, Donald Eastlake 3rd wrote: Arnold, If you want to play with this as in intellectual exercise, be my guest.  But the probability of changing the underlying IEEE 802.11i draft standard, which would take a 3/4 majority of the voting members of IEEE 802.11, or of making th

Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)

At 6:16 PM -0800 1/23/03, Harvey Acker wrote: The content, once extracted, was interesting to someone who did not know how locks worked, but the attack was obvious as soon as one read the description of how master keys worked. I knew how master keys worked. I had one when I was at MIT and I've

Re: [IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)

I took a look at the "MIT Guide to Lock Picking" August 1991 revision at http://www.lysator.liu.se/mit-guide/mit-guide.html It says: "9.10 Master Keys Many applications require keys that open only a single lock and keys that open a group of locks. The keys that open a single lock are called ch

Re: Columbia crypto box

At 6:12 PM -0500 2/10/03, Steven M. Bellovin wrote: In message , David Wagner writes: Trei, Peter wrote: The weird thing about WEP was its choice of cipher. It used RC4, a stream cipher, and re-keyed for every block. . RC4 is not really intended for this application

RE: Columbia crypto box

At 11:21 AM -0500 2/11/03, Trei, Peter wrote: ... > I totally agree that WEP has/had problems well beyond the export issue, but that's not my point. A product which cannot be exported will not be developed, generally speaking. I quote from AC2 (Schneier), page 615 (which was published in 1996):

Re: AES-128 keys unique for fixed plaintext/ciphertext pair?

At 1:09 PM +1100 2/18/03, Greg Rose wrote: At 02:06 PM 2/17/2003 +0100, Ralf-Philipp Weinmann wrote: "For each AES-128 plaintext/ciphertext (c,p) pair there exists exactly one key k such that c=AES-128-Encrypt(p, k)." I'd be very surprised if this were true, and if it was, it might have bad i

Re: AES-128 keys unique for fixed plaintext/ciphertext pair?

At 5:45 PM -0600 2/18/03, Matt Crawford wrote: > ... We can ask what is the probability of a collision between f and g, i.e. that there exists some value, x, in S such that f(x) = g(x)? But then you didn't answer your own question. You gave the expected number of collisions, but not the pro

Re: AES-128 keys unique for fixed plaintext/ciphertext pair?

At 2:18 PM -0800 2/19/03, Ed Gerck wrote: Anton Stiglic wrote: > The statement was for a plaintext/ciphertext pair, not for a random-bit/ > random-bit pair. Thus, if we model it terms of a bijection on random-bit > pairs, we confuse the different statistics for plaintext, ciphertext, keys an

Re: Wiretap Act Does Not Cover Message 'in Storage' For Short Period

At 4:57 PM -0500 3/5/03, John S. Denker wrote: Tim Dierks wrote: In order to avoid overreaction to a nth-hand story, I've attempted to locate some primary sources. Konop v. Hawaiian Airlines: > http://laws.lp.findlaw.com/getcase/9th/case/9955106p&exact=1 [US v Councilman:] http://pacer.mad

Re: Active Countermeasures Against Tempest Attacks

At 10:46 PM -0800 3/7/03, Bill Frantz wrote: It has occurred to me that the cheapest form of protection from tempest attacks might be an active transmitter that swamps the signal from the computer. Such a transmitter would still be legal if its power output is kept within the FCC part 15 rules. Ta

Re: Active Countermeasures Against Tempest Attacks

At 9:35 PM -0500 3/8/03, Dave Emery wrote: On Fri, Mar 07, 2003 at 10:46:06PM -0800, Bill Frantz wrote: The next more complex version sends the same random screen over and over in sync with the monitor. Even more complex versions change the random screen every-so-often to try to frustrate recov

Re: Active Countermeasures Against Tempest Attacks

At 11:43 PM -0800 3/10/03, Bill Stewart wrote: At 09:14 AM 03/10/2003 -0500, Arnold G. Reinhold wrote: On the other hand, remember that the earliest Tempest systems were built using vacuum tubes. An attacker today can carry vast amounts of signal processing power in a briefcase. And while some of

Re: Russia Intercepts US Military Communications?

At 2:10 PM -0500 3/31/03, reusch wrote: ... Nosing around on the same site, one finds "How military radio communications are intercepted" http://www.aeronautics.ru/news/news002/news071.htm Searching for SINCGARS indicates that all US military radios have encryption capabilities, which can be turne

Kashmir crypto

While Googling for material on SINCGARS, I found an article about crypto in the India/Pakistan conflict. Old style cryptanalysis isn't dead yet: http://www.tactical-link.com/india_pakistan.htm Arnold Reinhold - The Cryptograph

Re: Russia Intercepts US Military Communications?

At 2:15 PM -0500 4/1/03, Ian Grigg wrote: Some comments from about a decade ago. The way it used to work in the Army (that I was in) within a battalion, is that there was a little code book, with a sheet for a 6 hour stretch. Each sheet has a simple matrix for encoding letters, etc. Everyone had