crypto product recommendations

[Anonymous]

At 12:41 PM 9/20/99 -0700, Rob Lemos wrote:
>
>
>
>Can anyone recommend a good product for encrypting information on the fly,
>meaning encrypt the file when you close it and decrypt it when you open it.
>It would also be nice if it would ask you whether you wanted the file you
>are just closing to be encrypted. That is, it builds a list as you use your
>computer, rather than requiring the user to be explicit up front.
>
>PGP requires too many steps to be truly useful here. 

Agreed.

>Any suggestions?

I use `scramdisk` which is a virtual-volume encryptor for Wintel machines.
Uses a .vxd.  Its stable.  I run it on several W95 machines.  

You can 
run executables which live in the encrypted partition, too, which
makes administration/organization easier (e.g., your email client keeps
your data files (contact addresses; messages) here and there; easiest to drag
the whole directory to an encrypted volume).

Remember to wipe the originals; this is an included feature.  There
is also a wipe swap function.

[non-disclaimer: I have nothing to gain by promoting it.]

PS: there is a web page out there on making a secure laptop using
freeware.  Makes good, practical reading.  I haven't the URL, sorry.

Re: No liberalization for source code, API's

[Dan Geer]

I will be on stage at a minor league debating forum with Bill Reinsch
on Thursday of this week.

If you had one question you would want asked, what would it be?

Reply directly, please.  I'll read it all late Wednesday.

--dan

Re: Ecash without a mint

[David Jablon]

A slight correction is noted, which isn't very relevant to the
ZK proofs in the proposed payment system.

At 11:41 AM 9/20/99 -0700, bram wrote:
> Interactive ZK proofs can be made non-interactive by generating an
> encoding of the information offered by the prover, and using the bits of
> the secure hash of that as the challenges by the provee.

Not all interactive ZK proofs can be converted into non-interactive
ZK proofs.  For example, in ZK proofs of low-entropy knowledge,
non-interactive proofs are not possible.

---
David P. Jablon
[EMAIL PROTECTED]
www.IntegritySciences.com

Re: Ecash without a mint

[Anonymous]

On Mon, 20 Sep 1999 at 01:52:43PM -0700, Wei Dai wrote:
> On Mon, Sep 20, 1999 at 09:02:17PM +0200, Anonymous wrote:
> > Yeah, neat idea!  With b-money, newly minted value goes directly into
> > someone's account, but if it was used instead to create an anonymous
> > coin you would have an accountless system.  In that case you don't even
> > need the mint for the initial phase.
>
> The account-based aspect is what enables the contract enforcement in
> b-money. You would lose that by going to an accountless system. What is the
> advantage of not having accounts (other than payer-payee unlinkability,
> which can be obtained by using Sanders-Ta-Shma as the payment subprotocol 
> of b-money)?

It is good that b-money is able to include contract enforcement in the
protocol.  However that means that it is a more ambitious and inclusive
system and so more of society would have to change in order to use it.
It is still worth considering how to create anonymous payment systems
which could be more compatible with other elements of present day society.

If all you want is an anonymous payment system, it seems that avoiding
accounts can increase privacy.  There will be ideally no linkage between
any set of transactions with a pure anonymous cash system.  With accounts
there might be some cumulative knowledge about spending patterns.

In the proposal to use the Sanders-Ta-Shma exchange with b-money, is
there a problem that payer and payee can be linked because they transfer
exactly the same amounts of money, if rounds have small granularity?

> > One problem though.  For b-money, you have to expend resources equal
> > in value to the money you generate.  That means that if you wanted to
> > re-create the U.S. money supply of a trillion dollars, you would have
> > to waste a trillion dollars worth of computing cycles.  Not exactly an
> > attractive proposition.
>
> Unfortunately it seems unavoidable unless you have a trusted party control
> the money supply. You'd have the same problem if you used gold as the money
> supply, for example.

There could be a transition period during which some parties were trusted
(bankers, perhaps).  Maybe there could be a special bank account that
people can make conventional payments to and get b-money in return.
Everyone would need to be able to monitor payments into that account.

> > What you might want to do, then, is to let people convert other forms
> > of money into these ecoins to get things going initially.  Then use
> > b-money to create more if they are needed over the long term.  This way
> > you avoid the huge startup costs with b-money.
>
> How do you propose letting people do this without having a trusted party?
> The only thing I can think of is broadcasting video clips of people burning
> their paper money, but it would be hard to verify the authenticity of the
> money being burnt.

Today's payment system does depend on trusted financial intermediaries
and it works OK most of the time.  We could continue to rely on similar
trusted parties through the transition period.  Some level of fraud
may be unavoidable, but with care it should be possible to minimize it.
After the transition then there is no longer a need for trust.

Re: Cracking the Code

[John R Levine]

> The Cato Institute released a new Cato Briefing Paper, "Strong
> Cryptography: The Global Tide of Change," as the Clinton
> administration was announcing a relaxation in controls on the export
> of encryption technology. In the paper, Arnold G. Reinhold writes ...

Arnold's a regular on this list.  (He and I write books together, don't 
miss his crypto bits in the upcoming "Internet Secrets".)

There's nothing in this paper that will be new to anyone here, but it's 
nice to see the, er, respectable extreme right wing weighing in exactly 
on the correct side of this issue.

Regards,
John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner
Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4  2D AC 1E 9E A6 36 A3 47 

Re: Good crypto products?

[David Hayes]

On Mon, Sep 20, 1999 at 12:41:41PM -0700, Rob Lemos wrote:
> Can anyone recommend a good product for encrypting information on the fly,
> meaning encrypt the file when you close it and decrypt it when you open it.

You don't specify what OS you're using, but I'd suggest something from
the general class of disk encryptors. These programs keep your file
permanently encrypted, but still allow you to work with it. As your
application program tries to read each portion of the file, that
individual portion is copied to RAM and decrypted in RAM. The hard drive
is _never_ decrypted. In general, they're no more difficult to use than
logging in to a network drive.

For Windows, either PGPdisk or Secure Drive. 

For UNIX/LINUX, try CFS (Cryptographic File System) or TCFS.

-- 
David Hayes  Technical SecurityMCI Worldcom
email: [EMAIL PROTECTED] vnet: 777-7236 voice: 972-729-7236
The official opinions of MCI Worldcom are probably nothing like these.

 PGP signature

Re: No liberalization for source code, API's

[John Gilmore]

> If you had one question you would want asked, what would it be?

Why did the result of your year-long review of encryption policy
ignore the blatant unconstitutionality that the Justice Department's
Office of Legal Counsel found 20 years ago and that two Federal courts
have confirmed recently?  How can you, as an officer and a gentleman,
implement and enforce a policy that you know in your heart and soul to
violate the fundamental rights of your fellow citizens?

(Yes, I think Bill Reinsch does have a heart and a soul, unlike some of
the people who work on this issue in the government.  And he's also a
gentleman.  What's he doing in the muck with those other chaps?)

John

PS: Well, how about two questions...  How can exporters effectively
enforce the regulations against the government, if the government ever
violates its own regulations, e.g. by refusing to complete a "one time
technical review" after months or years?

Re: IP: Smart Cards with Chips encouraged

[Arnold Reinhold]

At 10:27 AM -0400 9/20/99, Robert Hettinga wrote:
>I remember Ian, Adam,  and I talking about the 
>card-in-a-floppy thing at CFP '96.
>
>Soulda, woulda, coulda, and all that...
>
>Cheers,
>RAH
>
>--- begin forwarded text
>
>
>From: [EMAIL PROTECTED]
>Date: Mon, 20 Sep 1999 08:50:44 -0500
>To: [EMAIL PROTECTED]
>Subject: IP: Smart Cards with Chips encouraged
>Cc: [EMAIL PROTECTED]
>Sender: [EMAIL PROTECTED]
>Reply-To: [EMAIL PROTECTED]
>
>Source:  New York Times
>http://www.nytimes.com/library/tech/99/09/cyber/commerce/20commerce.html
>
>September 20, 1999
>
>By BOB TEDESCHI
>
>New Hardware Could Help Web Merchants Cut Fraud
>
...

>The recent launch of the American Express blue card, which comes with an
>embedded computer chip, is an example of both efforts. Since the card's
>chip can access a user's personal information, it will eliminate the hassle
>of typing in that data in every Web purchase -- and, American Express
>hopes, encourage people to use  its card. At the same time, the chip limits
>the fraud by guaranteeing the shopper's identity and offering greater
>protection to the buyer's information during the transaction.
>
>The key to these features is a piece of computer hardware that, until now,
>has been foreign to the desktop: a credit card reading device. Starting in
>November, blue card owners will be able to obtain such a device, which they
>will be able to plug into their PC's, enabling them to swipe the card at
>home much like a sales clerk would at a retail store.

I predict the floppy smart card reader will be a dumb flop. Here's why:

1. There are too many steps to use it: Take out your credit card. Put 
it in the floppy gadget. Put gadget in the A: drive. Make 
transaction. Eject floppy gadget.  Remove credit card. Return credit 
card to wallet.  Put gadget away. Consumers hate complexity.

By contrast the last book I purchased from Amazon (3rd Harry Potter 
from their UK site) took exactly 3 clicks.  And I did it from the 
floor of MacWorld.

2. The floppy adaptor is not attached to anything, so it is easy to 
lose on a cluttered computer desk and it is too easy to leave your 
credit card in the adaptor (my floppy drive resides in a mini-tower 
under my desk.).

3. Floppies are on their way out. Apple no longer ships them in any 
of their computers. Palm Pilots and CE machines don't have them. 
Other PC manufacturers are under severe cost pressure and will see 
the light soon. Being able to save a 1.4 MB file is not worth much 
these days.

And what is the value proposition for the consumer? SSL works swell.

Arnold Reinhold

Re: No liberalization for source code, API's

[Ernest Hua]

> If you had one question you would
> want asked, what would it be?

Sorry ... 2 questions ...

Why does the executive branch keep
trying to foreclose judicial review
of encryption export policy?

Why did you try to censor your fax
to the California State Legislature
that begged them not to make a cheap
political statement on encryption?

These all seem to point to someone
trying to hide activities from
scrutiny.

Ern

Is There a Visor Security Model?

[Robert Hettinga]

Everyone's probably heard of the new Palm-alike Visor by now, and 
it's got this "springboard" slot in the back processors, memory, and 
other stuff.

The Palm's security model is, by most accounts I've seen, non-existant.

Is the Visor any better?

It would be nice to have a portable cryptographic/signature/digital 
money device. Are we any closer?

Cheers,
RAH
-
Robert A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

Re: Is There a Visor Security Model?

[evan . cordes]

> From: Robert Hettinga <[EMAIL PROTECTED]>

> Everyone's probably heard of the new Palm-alike Visor by now, and 
> it's got this "springboard" slot in the back processors, memory, and 
> other stuff.
 
> It would be nice to have a portable cryptographic/signature/digital 
> money device. Are we any closer?

Even if a "springboard" module doesn't come out, it's got USB,
which can be used with the ikey's for key storage and some crypto.
That's an improvement.

http://ikey.rainbow.com/  (if it's new to you).

Evan

Re: IP: Smart Cards with Chips encouraged

[Steven M. Bellovin]

In message , Arnold Reinhold writes:

> And what is the value proposition for the consumer? SSL works swell.

Bingo.  Consumers will adopt this if and only if cost savings are passed on to 
them, which in turn can only happen if the credit card companies (a) see a 
reduction in fraud or other decrease in their costs, and (b) pass those 
reductions on to the merchant.

--Steve Bellovin

RE: Is There a Visor Security Model?

[Trei, Peter]

The Visor uses Palm OS, so I don't think it's any better.
Peter Trei


> --
> From: Robert Hettinga[SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, September 21, 1999 2:49 PM
> To:   [EMAIL PROTECTED]; [EMAIL PROTECTED]; Digital Bearer
> Settlement List
> Subject:  Is There a Visor Security Model?
> 
> Everyone's probably heard of the new Palm-alike Visor by now, and 
> it's got this "springboard" slot in the back processors, memory, and 
> other stuff.
> 
> The Palm's security model is, by most accounts I've seen, non-existant.
> 
> Is the Visor any better?
> 
> It would be nice to have a portable cryptographic/signature/digital 
> money device. Are we any closer?
> 
> Cheers,
> RAH
> -
> Robert A. Hettinga 
> The Internet Bearer Underwriting Corporation 
> 44 Farquhar Street, Boston, MA 02131 USA
> "... however it may deserve respect for its usefulness and antiquity,
> [predicting the end of the world] has not been found agreeable to
> experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
>