Cryptography-Digest Digest #994, Volume #9 Thu, 5 Aug 99 22:13:02 EDT
Contents:
Re: About Online Banking Security (KidMo84)
Re: ORB - Open Random Bit Generator ([EMAIL PROTECTED])
Re: frequency of prime numbers? (Ian Gay)
Re: AES finalists to be announced ([EMAIL PROTECTED])
Re: : I AM CAVING IN TO JA... ([EMAIL PROTECTED])
Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED])
Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED])
Re: ORB - Open Random Bit Generator (David Wagner)
Re: beginner question re. MD5 and one-way hashes ([EMAIL PROTECTED])
Re: frequency of prime numbers? ("rosi")
new PGP key and test ([EMAIL PROTECTED])
Re: frequency of prime numbers? ("rosi")
Questions regarding elliptic curve cryptography. (Teh Yong Wei)
Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED])
Re: What is "the best" file cryptography program out there? ([EMAIL PROTECTED])
Re: Ways to steal cookies in HTTP and HTTPS (Paul Rubin)
----------------------------------------------------------------------------
From: [EMAIL PROTECTED] (KidMo84)
Subject: Re: About Online Banking Security
Date: 06 Aug 1999 00:24:38 GMT
first off for me it's 128bit not 40bit, second off, a person could look over
your arm and see your pin number and steel your credit card at an atm. And
even if they stole your id and pass for the website, there is no way to
transfer money through the website as i know of now, its just to review
checking records and stuff like that.
Signed,
KidMo
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: ORB - Open Random Bit Generator
Date: Fri, 06 Aug 1999 00:22:39 GMT
In article <[EMAIL PROTECTED]>,
Paul Koning <[EMAIL PROTECTED]> wrote:
> That sounds like Microsoft "open" rather than the
> normal definition of "open".
Well yeah. Like microsoft he provides just enough information to be
hopelessly confused... :)
> That sounds like a bad design.
>
> The right way to do this is to leave out the hash function.
I would tend to agree. SHA-1 for example can be done with portable
code. You could plug the device into any type of PC and use SHA-1 to
provide 'compression'.
>
> For one thing, it simplifies things and eliminates the worry of
finding
> a hash that fits in tiny memory. Much more importantly, it lets
someone
> analyze the bitstream you get from the A/D, the one that's supposed to
> have entropy in it, and see whether it does. One reason for doing
that,
> apart from verification of the design, is for online fault detection.
This is true. But you still need a hash for the PRNG numbers though.
> I'm puzzled by the description of your entropy generator. How does
> charging and discharging a capacitor do that? Do you use the fact
> that resistors are noisy? Fine, but if so, feeding that noise into
> a capacitor rather defeats the point! And it should be obvious that
> modulating that charge/discharge process with a bitstream doesn't
> generate any more entropy than charging/discharging without that
> influence.
>
> On what physical process does this thing depend?
Dunno. I thought MISC used two capacitors in close proximity (or
something like that). Mainly I hear about noisy diodes, adcs or even
decaying atoms (with a counter). The actual 'random' input should be
independant of the current state of the device which is why I don't
like his 'bitstream' idea. What if the 'bitstream' has a short period
or something?
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (Ian Gay)
Subject: Re: frequency of prime numbers?
Date: Fri, 06 Aug 99 00:39:30 GMT
In article <[EMAIL PROTECTED]>, "Douglas A. Gwyn" <[EMAIL PROTECTED]> wrote:
>John Savard wrote:
>> Actually, you see, IF our previous list contained all the primes, then
>> our new number would indeed, by not being divisible by any of them,
>> satisfy the _definition_ of a prime number, not being divisible by any
>> prime smaller than itself.
>
>Exactly right. Bob S protested too quickly this time.
Hmmm... Might be better to define prime as only divisible by 1 and itself.
Otherwise, you get, e.g.
{3, 5} = putative set of all primes
3*5+1 = 16, which is not divisible by 3 or 5
so 16 is prime. This doesn't seem too helpful.
*** To reply by e-mail, remove _nospam from address ***
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: AES finalists to be announced
Date: Fri, 06 Aug 1999 00:29:02 GMT
In article <7octgv$q1o$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> Maybe you needed a fishyer name for your method. Or better yet if
you had
> some buddies at the NSA they could have given you pointers that would
have
> kept it weak enough so they could break it and yet strong enough so
the public
> crypto people could not. It is a hard line to follow with out the
right kind
> of friends in the right places but it could be done. Gee I bet 2fish
made it
> to the next round.
Three ideas for you
1) Twofish is a good algorithm with a good design. So is RC6, E2, DFC
and SERPENT
2) Can you prove your algorithms ARE AT LEAST as strong as Twofish?
3) Can you accept the fact that secure systems don't just rely on
secure algorithms?
BTW this is a good example of you brining the NSA into any
conversation. Do you know anyone at the NSA? Have you ever seen the
NSA in action? Maybe they don't care about you? Read the epilog of
Applied Crypto page 619
'An NSA-employed acquaintance, when asked wheter the gov. can crack DES
trafic, quipped that real systems are so insecure that they neved need
to bother.'
So shove that in your pipe and smoke it.
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: : I AM CAVING IN TO JA...
Date: Fri, 06 Aug 1999 00:24:10 GMT
In article <7ocu6e$q1o$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> I see more and more sites that say you Need JavaScript or some
application
> to use the site. I can't see why webpage designers seem to always try
to
> force the user to get newer crap when the regular HTML works. But they
> seem to make things more complicated.
> So I give up. I have added some useful SCRIPT to my main webpage so
> that those that have a Browser that is JavaScript capable can get some
> useful info from my site. Sorry but if you Browser is not JavaScript
capable
> you may not get to see this specail advice it is for JavaSrcipt
enabled
> viewers only.
> Also if you stuck with microshaft browser the page will not appear
the same
> as witha good Netscape version. Sorry but Netscape is better in my
humble
> opinion.
So what. Does this have any bearing on this group at all?
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: What is "the best" file cryptography program out there?
Date: Fri, 06 Aug 1999 00:17:53 GMT
In article <7ocmhi$1d56$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> There are many ways to do but I think it may be best to compress
the whole
> set of fiiles together with something like PKZIP and then use
scott16u or
> scott19u on the resulting file.
>
Yup sure whatever.
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: What is "the best" file cryptography program out there?
Date: Fri, 06 Aug 1999 00:16:12 GMT
In article <7ocmot$1d56$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (SCOTT19U.ZIP_GUY) wrote:
> I think is is a safe bet that most of the high praised programs are
broken by
> the NSA and that would include the NSA candidates. If one is truely
concerned
> you should use several methods in series. But if you do this be sure
to use
> methods that have no headers or change the file lenght. You can use
my code
> as one of the methods since it will not change the file length and if
any one
> bit of the file changes the whole file changes.
So what. There is alot missing about your 'method'. How does your
method for example authenticate or identify people? ...
You give so much praise for your encryption algorithm but really on
scratch the surface. PGP I think covers much much more. It has
convential encryption (like your program) but also authentication and
key exchange. If you can get the public keys from a trusted source
(say a FTP site or burnt into a public ROM) then it's really
worthwhile. There is always a chance that 'Tom St Denis' doesn't
really exist but for those who know me and want to send private info
(if I don't know them) pgp might be a good choice.
The only real flaw with PK algorithms is trusting the public key you
have is from the person who supposedly created it. It's something we
have to inheriantly trust. I think burning them into publicly
avaialble cd-roms or roms would be a good method. You could just check
your key on your computer against the CD-rom (which is suppose to be
identical to everyone elses) and raise hell if it's not.
Which brings me to another idea. Wouldn't that be cool to have some
form of registration where 1024-bit keys (to be safe) are created and
registered then stored on a CD-ROM which can be bought by anyone? You
register once a year (possibly with a new key). To register you would
have to proof your identity (which is also inheriantly trust) say by a
driver license (this obviously would have to be handled by more then
one group). It would be a nice way to pick up keys... just an idea.
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED] (David Wagner)
Subject: Re: ORB - Open Random Bit Generator
Date: 4 Aug 1999 11:59:59 -0700
Why do you use MD2? It's slow, and serious concerns have been raised
about its security (it was nearly broken at SAC one year). SHA1 is the
obvious choice these days...
You appear to have applied DIEHARD to the output of the generator after
hashing. This is poor methodology -- any generator (even a counter) will
pass DIEHARD if you hash it first. You should apply your tests to the
raw, unhashed output from your randomness source (the d_i, in your terms).
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: beginner question re. MD5 and one-way hashes
Date: Fri, 06 Aug 1999 00:38:17 GMT
In article <7ocg6b$nd7$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] (David Wagner) wrote:
> In article <[EMAIL PROTECTED]>,
> Jerry Coffin <[EMAIL PROTECTED]> wrote:
> > Note that this still gives a reasonable chance of a collision --
e.g.
> > given 200,000 inputs, a 32-bit hash has approximately a 200000/4G =
> > .005% chance of a collision.
>
> Actually, I think it's about 200000^2/2^33 ~ 4 expected collisions.
> (Birthday paradox.)
>
Wouldn't that be 2^-(k/2) or 2^-16 for all except the first (since it
can't collide with nothing). The chances of a collision with anything
else would then be 2^-16 * 199999. In this case would be about 3.051
(0.0000152587890625 * 200000) collisions? Should just do empiracle
testing :)
Or am I full of it (hey catch me if I am wrong I don't mind).
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "rosi" <[EMAIL PROTECTED]>
Subject: Re: frequency of prime numbers?
Date: Thu, 5 Aug 1999 20:54:02 -0400
Semantics.
Yes, the word 'finite'.
No, can not get all if infinite. Contradiction the right approach.
(Light) Can't win the battle with own weapon? Use theirs.
--- (My Signature)
Robert Scott wrote in message <[EMAIL PROTECTED]>...
>>In article <[EMAIL PROTECTED]>,
>> Jim Gillogly <[EMAIL PROTECTED]> wrote:
>>>
>>> There's an infinite number of them, and an easy proof. Suppose the
>>> number were finite. Then we can take the product of all the primes
>>> and add one to it. This number is not evenly divisible by any of the
>>> primes, since the remainder modulo each prime is 1. Therefore this
>>> number is also prime
>>
>>
>
>To which Bob Silerman responded:
>
>>NO! NO! NO!
>>
>>Why must we hear the same tired mistakes over and over?
>>
>>I have lost count of the number of times I have heard this
>>assertion on the Internet.
>>
>>The resulting number is NOT necessarily prime.
>>
>>What is true is that EITHER it is prime OR it is divisible by a prime
>>not on our original list.
>>
>
>No, no, no to you, Bob. There was nothing wrong with Jim's
>proof. You just forgot the context. He said "suppose the
>number were finite". This is a typical instance of proof
>by contradiction. Under the assumption that there are only
>finitely many primes, the conclusion that the product of
>all of them plus one is prime is correct. There would be no
>other primes "not on the list". The fact that this leads
>to a contradiction shows that the original assumption
>(of finitely many primes) was incorrect. This proof as
>stated by Jim in no way implies that the product of any
>particular set of primes plus one is itself a prime.
>Stick by your guns, Jim. No need to apologize.
>
>
>
>
>Bob Scott
>Ann Arbor, Michigan (email: rscott (at) wwnet (dot) net )
>(My automatic return address is intentionally invalid.)
------------------------------
From: [EMAIL PROTECTED]
Subject: new PGP key and test
Date: Fri, 06 Aug 1999 01:33:03 GMT
I made a new key which is more practical. It's at
http://mypage.goplay.com/tomstdenis/key.pgp
if anyone wants to send me a message. It's a 768 bit PGP 6.0.2i key.
I deleted my older keys. so if you have any of the older keys you can
delete them as well.
Here is a question though. My key is at an FTP site of
ftp://ftp.goplay.com/tomstdenis
What would be the steps for 'hacking' the key at that site? Are there
any pointers online? Basically I want to know how someone from outside
of goplay (the FTP provider) would hack the key and thus fake being me
(well [EMAIL PROTECTED])
Thanks,
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: "rosi" <[EMAIL PROTECTED]>
Subject: Re: frequency of prime numbers?
Date: Thu, 5 Aug 1999 20:59:38 -0400
Sorry, adjustment. 'right approach' ---> a simplest right approach.
rosi wrote in message <7ode6n$srk$[EMAIL PROTECTED]>...
>Semantics.
>
>Yes, the word 'finite'.
>
>No, can not get all if infinite. Contradiction the right approach.
>
>(Light) Can't win the battle with own weapon? Use theirs.
>
>--- (My Signature)
>
>Robert Scott wrote in message <[EMAIL PROTECTED]>...
>>>In article <[EMAIL PROTECTED]>,
>>> Jim Gillogly <[EMAIL PROTECTED]> wrote:
>>>>
>>>> There's an infinite number of them, and an easy proof. Suppose the
>>>> number were finite. Then we can take the product of all the primes
>>>> and add one to it. This number is not evenly divisible by any of the
>>>> primes, since the remainder modulo each prime is 1. Therefore this
>>>> number is also prime
>>>
>>>
>>
>>To which Bob Silerman responded:
>>
>>>NO! NO! NO!
>>>
>>>Why must we hear the same tired mistakes over and over?
>>>
>>>I have lost count of the number of times I have heard this
>>>assertion on the Internet.
>>>
>>>The resulting number is NOT necessarily prime.
>>>
>>>What is true is that EITHER it is prime OR it is divisible by a prime
>>>not on our original list.
>>>
>>
>>No, no, no to you, Bob. There was nothing wrong with Jim's
>>proof. You just forgot the context. He said "suppose the
>>number were finite". This is a typical instance of proof
>>by contradiction. Under the assumption that there are only
>>finitely many primes, the conclusion that the product of
>>all of them plus one is prime is correct. There would be no
>>other primes "not on the list". The fact that this leads
>>to a contradiction shows that the original assumption
>>(of finitely many primes) was incorrect. This proof as
>>stated by Jim in no way implies that the product of any
>>particular set of primes plus one is itself a prime.
>>Stick by your guns, Jim. No need to apologize.
>>
>>
>>
>>
>>Bob Scott
>>Ann Arbor, Michigan (email: rscott (at) wwnet (dot) net )
>>(My automatic return address is intentionally invalid.)
>
>
------------------------------
From: Teh Yong Wei <[EMAIL PROTECTED]>
Subject: Questions regarding elliptic curve cryptography.
Date: Fri, 06 Aug 1999 08:55:11 +0800
Me again. Sorry for posting so many "simple" questions to all of U. But,
I myself am new in this field, so there is a lot of things that I am
quite uncertain and don't understand. Here are some questions regarding
ECC:
1) How to determine a curve is a good curve?
2) How to choose a and b in the ECC equation?
3) Do we need to know all the points on a curve?
4) Who will generate the curve? The sender or the receiver?
5) Why we need to "convert" the message to a pair of integer?
6) How to make public key as short as possible?
That's all for the moment. I am very much appreciate for all your helps.
Thank you.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: What is "the best" file cryptography program out there?
Date: Fri, 06 Aug 1999 00:54:24 GMT
Mr. St. Denis:
If you must go through life as the arrogant, misanthropic asshole that
you oviously are, please have the decency to keep your vitriolic
emotional bile to yourself. Follows a small sample of the negative crap
with which you have polluted sci.crypt. Between your and Bob
Silverman's answering so many questions and erroneous postings with
remarks to the effect of, "Well, if you were an overeducated ubermensch
like I am, and not a mentally challenged imbicile like yourself, you
would already know...", it's a wonder that anyone with a reasonable
question has the nerve to post at all. According to the charter,
sci.crypt is a forum for
"discussion of the _science_ of cryptology, including cryptography,
cryptanalysis, and related topics such as one-way hash functions"
This charter does not seem to indicate that sci.crypt is a forum for
insecure superannuated adolescents to try to make themselves feel better
by belittleing other participants.
Try being nice for a change, even to those not gifted with your
inestimable intellectual powers. You may find that people treat you
better, and waiters might even stop hocking up loogies in your food.
Much Love,
Jesse Ross
=========================================================
Excerpts from tomstdenis's postings to sci.crypt
--
[this is one of my favorites, because both you and BobS are quoted]
In article <7oan7j$ai1$[EMAIL PROTECTED]>,
Bob Silverman <[EMAIL PROTECTED]> wrote:
> How refreshing! A common sense reply! How rare in this newsgroup!
> Anyone who thinks that even 2048 bits are needed is clearly
> clueless about the subject.
I try...
--
[HellPhyre raises the point that sci.crypt is for Q&A, not just experts]
tomstdenis <[EMAIL PROTECTED]>
Posting History Member Profile
In article <[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> > That form of implicit trust scares me. What makes a 1024 bit
> > key less secure then a 4096 bit key? (And if you say ease of
> > solving you have no clue about the crypto world).
>
> Did I ever say I had a clue about the crypto world?
--
[This is another good one, because it demonstrates your sense of
self-importance in so few words]
You haven't even read my open questions have you? Can't answer them?
Figures ...
Tom
[How dare he not have read the Open Questions Of Tom St. Denis!!!
BTW: If he hasn't read them, he doesn't know whether or not he can
answer them.]
--
[I've included the next one in its entirety, because it shows how you
can be a prick even while asking seemingly innocuous questions. It also
shows that you're lazy; some (not all) of your questions are answered on
the website for the ORB product. The URL was included in the post, but
you couldn't be bothered to check. This post also shows that you have
no shame; after insulting the ORB manufacturer's representative, you
have the cajones to ask for free samples!]
tomstdenis <[EMAIL PROTECTED]>
In article <[EMAIL PROTECTED]>,
Alwyn Allan <[EMAIL PROTECTED]> wrote:
> Announcing ORB - Open Random Bit Generator
>
> ORB is a single-chip random bit generator featuring:
>
> * Low cost (~$2 each in production quantities)
Of how many? Can hobbyist purchase orders of 10s, 50s or 100s?
> * Low power consumption (2 mA, 1 mA standby)
At how many volts? Standard 5v?
> * Wide operating voltage range (2.5 - 5.5 V)
> * Wide temperature range (-40 to 85°C, 125°C avail.)
> * Moderate speed (1000+ bits/sec)
Via what? A serial port? or SPI?
> * Good statistical properties
Says who?
> * Cryptographic quality randomness
Says who?
> * Open design (not free)
Where? Are there design specs online? Who designed it? Are there
custom chips avail?
> * Simple interface
You mean a single 8-bit data port?
> * Small footprint (5.3 x 8.1 mm, 8-lead SOIC)
Super.
> ORB is based on a Microchip Technology 8-bit microcontroller, and uses
> one external resistor. Entropy is generated by a unique (patent
> pending) process
> in which a capacitor is charged and discharged according to the
> contents of a bitstream, and the capacitor's voltage is measured by an
> A/D converter. The low-order bits of the A/D results are "stirred"
> into
> an entropy pool, which is then processed through a cryptographic hash
> function (MD2). Part of the hash result is the random output and part
> of
> it forms the bitstream to continue the process.
What is the period of the bitstream? What if the bitstream is biased? I
though chips using capacitors allready exist
...
> Orb is now shipping in sample quantities. Please see
>
> www.delanet.com/~apa/orb
>
> for more details.
Any freebies?
Tom
--
[Finally, the posting that prompted this one]
In article <7ob4kb$jk1$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] (KidMo84) wrote:
> > I was wondering how secure online banking really is.
[snip]
>
> Most of the time these systems are designed by comp.sci majors without
> any background in cryptography (well isn't 40-bit SSL (RC4) secure
> enought?) ...
> Tom
[This is a wild over generalization, which, in addition to reeking
of the condescending tone you use so often, is unacceptable from someone
who demands such exacting accuracy in others.]
Summary: It's good for you that you're so damned smart; now try having
some humility.
In article <7ob3og$itv$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> In article <7oan7j$ai1$[EMAIL PROTECTED]>,
> Bob Silverman <[EMAIL PROTECTED]> wrote:
> > How refreshing! A common sense reply! How rare in this newsgroup!
> >
> > Anyone who thinks that even 2048 bits are needed is clearly
> > clueless about the subject.
>
> I try...
>
> Would anyone disagree that for personal use (say lifetime of 5-10
> years) a 768 bit key would work? Of course for actual real business
> use the keys would have to be verified in person (say reading the
> footprint in person). Or have a secure HTTP+password and implicitly
> trust that (for example) Tom St Denis is
> at 'http://mypage.goplay.com/tomstdenis/key.pgp'?
>
> A 768 bit key has several advantages over say 4096 bit keys
>
> 1) Smaller. If you are running a server you can store more public
keys
> ( in rom or EPROM) then the larger keys. Also wouldn't signatures be
> smaller (in RSA for sure) since the actual number would be smaller?
> This means signed messages would have less overhead.
>
> 2) Faster. The smaller numbers means the operations would be done
much
> quicker. Also key generation would be much quicker.
>
> Clearly there is no big security benefit of say 2048-4096 bit keys
> since it's easy to fake keys on servers (a bit harder on FTP and HTTP
> sites with good software+passwords ...).
>
> Tom
>
> Sent via Deja.com http://www.deja.com/
> Share what you know. Learn what you don't.
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: What is "the best" file cryptography program out there?
Date: Fri, 06 Aug 1999 01:28:48 GMT
In article <7odbnu$7vf$[EMAIL PROTECTED]>,
[EMAIL PROTECTED] wrote:
> Mr. St. Denis:
>
> If you must go through life as the arrogant, misanthropic asshole that
> you oviously are, please have the decency to keep your vitriolic
> emotional bile to yourself. Follows a small sample of the negative
crap
> with which you have polluted sci.crypt. Between your and Bob
> Silverman's answering so many questions and erroneous postings with
> remarks to the effect of, "Well, if you were an overeducated
ubermensch
> like I am, and not a mentally challenged imbicile like yourself, you
> would already know...", it's a wonder that anyone with a reasonable
> question has the nerve to post at all. According to the charter,
> sci.crypt is a forum for
>
> "discussion of the _science_ of cryptology, including cryptography,
> cryptanalysis, and related topics such as one-way hash functions"
>
> This charter does not seem to indicate that sci.crypt is a forum for
> insecure superannuated adolescents to try to make themselves feel
better
> by belittleing other participants.
>
> Try being nice for a change, even to those not gifted with your
> inestimable intellectual powers. You may find that people treat you
> better, and waiters might even stop hocking up loogies in your food.
>
> Much Love,
>
> Jesse Ross
>
Thanks for the post. I guess I deserved that. I have a little too
much time on my hands, but some posts get on my nerves. David (Scottu)
is a good example since I posted my questions and he responded in the
same thread but never to the msg. he did avoid the questions, but
keeps flaming everyone.
I just try to respond to questions with some degree of accuracy I am
familiar with. I try not to make assumptions as much as others would
(like 4096 bit keys are better then 768 bit keys).
BTW I don't think I am a 'crypto-god' I am far from it. But people
like newbies are at one extreme and the good people (like AES
submitters) are at the other. Most newbies ask stupid questions which
could be answered by A) reading the fact or b) just looking at previous
postings. I try to respond to as many posts as possible for several
reasons a) some questions get ignored which is rude, b) I try to see if
I really know what I am talking about (kinda like a self-quiz) c) I
sincerely hope that the poster could learn something from the post.
I get your point though and I will try to remain more objective from
now on.
Tom
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
From: Paul Rubin <[EMAIL PROTECTED]>
Crossposted-To: comp.infosystems.www.misc,comp.security.misc
Subject: Re: Ways to steal cookies in HTTP and HTTPS
Date: 05 Aug 1999 19:04:41 -0700
[EMAIL PROTECTED] writes:
> I am beginning to conclude that "3rd party" cookies really are evil.
> Unfortunately, you cannot just say 'no' to 3rd party cookies. In
> both Netscape Communicator and MS Internet Explorer, there is no way
> to turn off all 3rd party cookie activity (unless you disable cookies
> entirely). Communicator will let you refuse to *accept* these
> cookies but will not control their divulgence.
If you don't accept them, how will the browser divulge them?
It's best to not accept them in the 1st place, which Communicator
lets you do.
The usual evil use of 3rd party cookies is to gather marketing
information: doubleclick.net runs banner ads on thousands of servers
and therefore knows (from the cookie sent to the doubleclick server)
which servers you've been browsing. If you actually buy something
from one of the sites and the site gives your name and address
to doubleclick, doubleclick now can bombard you with target ads,
phone calls, pesky salespeople, etc. (They claim that they
are not doing this, ... yet).
> IMHO, the unauthorized divulgence of 3rd party cookies makes up the
> other half of their "evil" equation. This is particularly true when
> a cookie is used as a kind of weak authentication token. (At
> least one E-commerce site will let you charge to a user's credit
> card by merely presenting the correct persistent cookie. I won't
> give their name publicly because, hey, it's a jungle out there ;-)
The only charges you can make with just a cookie at that site are for
merchandise orders to the address that they have shipped your previous
orders to. If you want to send merchandise to a different address,
you have to log in to the secure server with your email address and
password.
> The active attacks presented below show that an arbitrary HTTP cookie
> of the attacker's choosing can literally be *demanded* from a browser
> any time its user surfs.
If you can mount an active attack, you get all the user's session
content, not just cookies. It's not that likely that any single
cookie will be more valuable than the session content over some period.
> Under certain circumstances, HTTPS cookies
> can be stolen. These secure cookies are at best, only as secure as
> the weakest mode of SSL *ever* used by the browser. This may be very
> different from the mode of SSL enabled when the user *intends* to
> send a secure cookie.
The damage from getting the cookies stolen is almost entirely eliminated
by encrypting the cookies at the server side. Careful sites already do this.
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
