Re: [OT] ID theft
Quoting Peter, from the post of Tue, 06 Feb: You know, when you sign on paper, it actually means authentication, open to graphology analysis etc. and this can actually stand up in court. The electronic signature is more 'fluid'. Hmm, use the service actually - and this is based on a chat with Haim Ravia if I remember - to accept a signed document in court you need the alleged signer to show up and testify it is his signature. going the graphological way is long and uncertain. Israel is one of the first countries in the world to have a digital signature law that allows to identify the signer even without his testimony, however, the law is not complete because it only deals with digital signatures and does not specify cryptographic sigs, what algorithems and who are the recognized CAs. but we are moving towards it. for instance I send all my tax invoices today by Email, via web forms at a company that creates a signed PDF and sends it to the customer for me, and it's recognized by Rashuyot HaMas. for a few months (in this time the average windoze user will have wiped his disk and reinstalled at least twice, thus erasing any possibility to trace it in your logs) and then claim a refund on the well, once it's backed by the law, losing your digital sig will be as stupid and painful as losing your ID card, or worse. people will take a bit more care. -- Karma Police Ira Abramov http://ira.abramov.org/email/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] ID theft
On Thu, 8 Feb 2007, Ira Abramov wrote: Israel is one of the first countries in the world to have a digital signature law that allows to identify the signer even without his testimony, however, the law is not complete because it only deals with digital signatures and does not specify cryptographic sigs, what algorithems and who are the recognized CAs. but we are moving towards it. for instance I send all my tax invoices today by Email, via web forms at a company that creates a signed PDF and sends it to the customer for me, and it's recognized by Rashuyot HaMas. In the states and canada this has been standard for years. There is a secific software package to use for it. I don't know what is signed how but it is crypted for sure. for a few months (in this time the average windoze user will have wiped his disk and reinstalled at least twice, thus erasing any possibility to trace it in your logs) and then claim a refund on the well, once it's backed by the law, losing your digital sig will be as stupid and painful as losing your ID card, or worse. people will take a bit more care. Lose which signature exactly ? According to the riaa a logfile from an isp is signature enough to bring you to court over undefined charges (to be determined later). iow, all your messages ARE already signed as I bothered to write before. A law that makes any such signatures legally binding (and thus including the isp log method, by precedent, since they do not disawow it), is an accident waiting to happen. Peter = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] ID theft
Peter wrote: Note that I am not a security expert. But you sure do a fine job of playing one on Linux-il, while trying to contradict people who make a living from being security experts, such as Aviram and myself. How is hash a digital signature? A hash is a checksum that has the property of being hard to duplicate with a different data set (as in, message). A, mostly correct explanation of what a hash is snipped. For a message, if a hash sum is computed and stored somewhere (perhaps in the message itself, .. then the content of the message cannot be tampered with without changing the sum. But if the sum is part of the message, and I can tamper with the message, the only conclusion is that I can also tamper with the sum. In other words, if you receive a message that has a SHA-1 of it in it, the only thing you can deduct is that whoever wrote this message (or someone in between) knows how to apply SHA-1 to it. It does not tell you that the person who wrote this message is the person written in the From: address, which means that for all intent and purposes, the message is not signed. A cryptographic hash is an irreversible function that can be applied the right way by anyone and the wrong way by no one. That's what makes it useful. A signing algorithm (at least, a public key signing algorithm) is a function that can be applied in one way only by someone who knows a secret part of a key, and the other way by anyone who knows the public part of the same key. Also, the public and private part must be tied by a 1:1 relationship. Shachar -- Shachar Shemesh Lingnu Open Source Consulting ltd. Have you backed up today's work? http://www.lingnu.com/backup.html = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] ID theft
On Tuesday 06 February 2007 01:01, Peter wrote: How is hash a digital signature? [clipped a short explanation on Hash] I know what hash is. My question was, how is it a digital signature? (hint: it's not. I can easily generate a hash function with the parameters of your mail client and my own data. Does that mean you signed it?). This is a form of anonymous signature. I have no idea what that sentence means. Note that I am not a security expert. Noted. Peter - Aviram = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] ID theft
On Tue, 6 Feb 2007, Shachar Shemesh wrote: Peter wrote: Note that I am not a security expert. But you sure do a fine job of playing one on Linux-il, while trying to contradict people who make a living from being security experts, such as Aviram and myself. You are: a) Putting words in my mouth b) Telling me what I pretend to be when I am not pretending anything, and after I said so much b.1) Holding that against me c) Interpreting a legit discussion about id theft paranoia and ideas as a 'security related thread' d) Next, you'll accuse me of taking away your bread e) Accusing me of 'trying to contradict' people (as in, discussing ?!) f) You clearly are a security expert since you have managed to hide this fact successfully for the previous ~20 messages in this thread All in all, it's good to be reminded from time to time where one lives. With this Internet thing the big blue room's local realities are not always obvious. Sort of like losing touch with the land of bilk and honey. How is hash a digital signature? A hash is a checksum that has the property of being hard to duplicate with a different data set (as in, message). A, mostly correct explanation of what a hash is snipped. For a message, if a hash sum is computed and stored somewhere (perhaps in the message itself, ... then the content of the message cannot be tampered with without changing the sum. But if the sum is part of the message, and I can tamper with the message, the only conclusion is that I can also tamper with the sum. In other words, if you receive a message that has a SHA-1 of it in it, the only thing you can deduct is that whoever wrote this message (or someone in between) knows how to apply SHA-1 to it. It does not tell you that the person who wrote this message is the person written in the From: address, which means that for all intent and purposes, the message is not signed. UNLESS (and you would know that if you would read what I write, I think), the signature covers 'other things' besides the message body, AS I WROTE. AND unless it is not a SHA-1 sum but one of a number of other things. A cryptographic hash is an irreversible function that can be applied the right way by anyone and the wrong way by no one. That's what makes it useful. A signing algorithm (at least, a public key signing algorithm) is a function that can be applied in one way only by someone who knows a secret part of a key, and the other way by anyone who knows the public part of the same key. Also, the public and private part must be tied by a 1:1 relationship. Assuming it is meant to be a 1:1 and not a 1:N relationship. Nitpicks: 1. There are no irreversible single-factor functions. There are functions that are difficult to reverse now but may not be tomorrow. This is already proven for MD5 and SHA-1. 2. Your definition of a public key signing algorythm is correct, but it has no application in this thread. 3. Repeated attempts to redefine the generalized term 'signature' in the context of this thread (which I sort of started) as a 'public key standard signature, which may be legally binding' are noted. They are superfluous. This thread is not, was not, and never will be about that. It was, is, and will be, about a different type of signature, which is deniable and not legally binding. I humbly bow to the real experts, Peter = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] ID theft
On Tue, 6 Feb 2007, Amos Shapira wrote: On 06/02/07, Peter [EMAIL PROTECTED] wrote: 1. There are no irreversible single-factor functions. There are functions that are difficult to reverse now but may not be tomorrow. This is already proven for MD5 and SHA-1. If by that you refer to examples of being able to find two or more different messages with the same MD5 or SHA-1 digest then you are right, but it's still impossible to take a SHA-1 digest of limited number of bits and reverse it to the original message, fortunately. Yes of course but if someone manages to fake being 'you' when logging in to a $pay service using a duplicated md5 authentication then it is called 'irreversibly broken' pun imho. That is not yet the case afaik but ... Peter = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] ID theft
On Tuesday 06 February 2007 10:53, and on On Tuesday 06 February 2007 01:01, Peter wrote: This is a form of anonymous signature. [...] a different type of signature, which is deniable and not legally binding. An anonymous, deniable signature. Hmm. Kinda like dry rain, cold fire and negative income tax. I guess it makes sense when the anonymous identity shows up first on a trivial google search results. Here's a suggestion for improvement: why waste CPU cycles on Hash? There's a much better anonymous deniable form of digital signature that is also being picked up by spy satellite and flagged by the NSA: THEYMADEMEDOIT Feel free to add it to your mail sig or as a custom 007 header. I guarantee it's deniable and anonymous. My guarantee is of course deniable and anonymous. I'm outa this thread now. - Aviram = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] ID theft
Conclusion: I feel that there is such a thing as an inverse Godwin clause. As you know, the invocation of the Godwin clause on a discussion thread ends the thread. Or is supposed to end it. The inverse Godwin clause is the inverse of that. When the inverse Godwin clause is invoked then the person against whom the clause is invoked is considered to have won the argument. Not one but two security experts jumping in onto a thread that is not really about security and vigurously attacking a vaguely outlined scheme (and worse, for lack of a scheme, the original poster ad hominem) that already works and is used elsewhere (2-factor authentication using credit card and pin f.ex. works mostly the same way, and there are others) are imho a double anti-Godwin clause invocation. thanks, Peter = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] ID theft
On Tue, 2007-02-06 at 11:39 +0200, Peter wrote: On Tue, 6 Feb 2007, Amos Shapira wrote: On 06/02/07, Peter [EMAIL PROTECTED] wrote: 1. There are no irreversible single-factor functions. There are functions that are difficult to reverse now but may not be tomorrow. This is already proven for MD5 and SHA-1. If by that you refer to examples of being able to find two or more different messages with the same MD5 or SHA-1 digest then you are right, but it's still impossible to take a SHA-1 digest of limited number of bits and reverse it to the original message, fortunately. Yes of course but if someone manages to fake being 'you' when logging in to a $pay service using a duplicated md5 authentication then it is called 'irreversibly broken' pun imho. That is not yet the case afaik but ... Not only is this not the case now, its massively harder to do then simply coming up with two messages that digest to the same hash. So much more harder, that I'm going to assume that it cannot be done in the lifetime of a message digest algorithm (and MD5 is still being widely used and will continue to be so in the near future). In order for me to sign in to your account using a duplicated MD5 authentication (as you put it), not only do I have to know what your password MD5 hash to - which can be prevented easily and almost no one sends MD5 hashes to/from the client in the clear - I have to then guess a secret that hashes to that MD5, effectively reversing the hashing function (for the purpose of authentication, it doesn't matter if I reverse the hash and get your secret, or get a different secret that hashes to the same digest). In short - What Amos said. -- Oded ::.. Shaw's Principle: Build a system that even a fool can use, and only a fool will want to use it. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] ID theft
On Tue, Feb 06, 2007 at 12:20:05PM +0200, Peter wrote: I feel that there is such a thing as an inverse Godwin clause. As you know, the invocation of the Godwin clause on a discussion thread ends the thread. Or is supposed to end it. The Goodwin clause is now obsolete. It has been replaced with according to the Wikipedia and a URL. The inverse Godwin clause is the inverse of that. When the inverse Godwin clause is invoked then the person against whom the clause is invoked is considered to have won the argument. The advantge of the Wikipedia is that both sides can be perceived as wining by the proponets of them, while leaving everyone else dazed and confused. :-) Geoff. -- Geoffrey S. Mendelson, Jerusalem, Israel [EMAIL PROTECTED] N3OWJ/4X1GM IL Voice: (07)-7424-1667 Fax ONLY: 972-2-648-1443 U.S. Voice: 1-215-821-1838 Visit my 'blog at http://geoffstechno.livejournal.com/ = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] ID theft
And for the amusements of the people in this list who read thus far: On Tue, Feb 06, 2007 at 11:29:04AM +0200, Peter wrote: A digital signature as 'redefined' by me in this thread is a piece of data that is applied to a message and is of one of the following types: a) opaque data that appears to be legit but is not b) data that is related to a message b1) as b) but with exactly one key c) data that is related to a message via two or more keys Off-topic and unrelated, but a service I have registered to recently redefined digital signature to the act of writing my last name properly (exactly the same as I wrote it in the digital signature field of their signup form. I needed to sign one or two of their forms with this digital signature. :-) So please don't try to fake my digital signature (I removed it for now from my signature, just in case ;-) -- Tzafrir X | [EMAIL PROTECTED] | VIM is http://tzafrir.org.il || a Mutt's [EMAIL PROTECTED] || best ICQ# 16849755 || friend = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] ID theft
On Tue, 6 Feb 2007, Tzafrir Cohen wrote: And for the amusements of the people in this list who read thus far: On Tue, Feb 06, 2007 at 11:29:04AM +0200, Peter wrote: A digital signature as 'redefined' by me in this thread is a piece of data that is applied to a message and is of one of the following types: a) opaque data that appears to be legit but is not b) data that is related to a message b1) as b) but with exactly one key c) data that is related to a message via two or more keys Off-topic and unrelated, but a service I have registered to recently redefined digital signature to the act of writing my last name properly (exactly the same as I wrote it in the digital signature field of their signup form. I needed to sign one or two of their forms with this digital signature. :-) Oh, cool. Clickwrap cancer arriving in the land of bilk and honey. Finally is is 'cmo be america'. Next someone will write a web 2.0 app to fill the form automatically, then they will add captcha to stop that, then ... You know, when you sign on paper, it actually means authentication, open to graphology analysis etc. and this can actually stand up in court. The electronic signature is more 'fluid'. Hmm, use the service for a few months (in this time the average windoze user will have wiped his disk and reinstalled at least twice, thus erasing any possibility to trace it in your logs) and then claim a refund on the grounds that the digital signature you used on the contract is invalid since it is not certified (or your evil half-brother faked it) ? You know, just to test digital signatures in court ... not Peter = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] ID theft
On 06/02/07, Aviram Jenik [EMAIL PROTECTED] wrote: On Tuesday 06 February 2007 10:53, and on On Tuesday 06 February 2007 01:01, Peter wrote: This is a form of anonymous signature. [...] a different type of signature, which is deniable and not legally binding. An anonymous, deniable signature. Hmm. Kinda like dry rain, cold fire and negative income tax. I guess it makes sense when the anonymous identity shows up first on a trivial google search results. Actually there is such a thing as negative income tax (I though it was mentioned in the Knesset too, hmmm, actually the Knesset isn't exactly a bastion of logical thinking :^) - but seriously - look for this term in Wikipedia and you'll see that Milton Friedman was also playing with the idea. Googling about anonymous signature actually comes up with papers with the first link (http://eprint.iacr.org/2005/407.pdf) describing this as maintaining the anonymity of the signature owner from eavesdroppers. I'm not sure whether this is what Peter was referring to, I lost track of the conversation. You learn something new every day... --Amos
Re: [OT] ID theft
On Monday 05 February 2007 13:15, Peter wrote: certain MUAs implicitly sign the message by calculating a hash sum over the message and certain key parameters in it and making it unique to the sending machine and to the time and network it was sent at/on. By your definition then, ALL How is hash a digital signature? - Aviram = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: [OT] ID theft
On Mon, 5 Feb 2007, Aviram Jenik wrote: On Monday 05 February 2007 13:15, Peter wrote: certain MUAs implicitly sign the message by calculating a hash sum over the message and certain key parameters in it and making it unique to the sending machine and to the time and network it was sent at/on. By your definition then, ALL How is hash a digital signature? A hash is a checksum that has the property of being hard to duplicate with a different data set (as in, message). F.ex. SHA-1 etc are 'secure' (past tense) hashes. If the message length is given then it is extraordinarily hard to come up with a different message of the same length that has the same hash sum. Therefore knowing the hash sum of a message (like the md5 sum of a program) essentially certifies that the program is indeed the same one if its newly computed sum equals the hash sum. For a message, if a hash sum is computed and stored somewhere (perhaps in the message itself, but not necessarily - a signature would be, of course), then the content of the message cannot be tampered with without changing the sum. Therefore the hash guarantees the message's integrity. This is a form of anonymous signature. The hash can however also sign other things, such as a secret known only to the sender. Then the recipient cannot check the hash without asking the sender for the secret (which would likely be transferred in some nonobvious form, like public key encryption etc), but more simply would send just the hash back and ask whether it is valid. Of course if the request comes from a third party the sender can decide that the request is spam ... there are infinite variations on this. Besides the ability to send secret messages in what appears to be just another signature. Note that I am not a security expert. Peter = To unsubscribe, send mail to [EMAIL PROTECTED] with the word unsubscribe in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]